diff --git a/.gitignore b/.gitignore index 883023b..66f938b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/qatzip-1.0.6.tar.gz +/qatzip-1.0.7.tar.gz diff --git a/1-fix-snprintf-truncation.patch b/1-fix-snprintf-truncation.patch new file mode 100644 index 0000000..4bad12c --- /dev/null +++ b/1-fix-snprintf-truncation.patch @@ -0,0 +1,14 @@ +--- utils/qzip.c.orig ++++ utils/qzip.c +@@ -469,9 +469,8 @@ int makeOutName(const char *in_name, const char *out_name, + * parent directory. */ + void mkPath(char *path, const char *dirpath, char *file) + { +- if (strlen(dirpath) + strlen(file) + 1 < MAX_PATH_LEN) { +- snprintf(path, MAX_PATH_LEN, "%s/%s", dirpath, file); +- } else { ++ if (snprintf(path, MAX_PATH_LEN, "%s/%s", dirpath, file) >= MAX_PATH_LEN) { ++ /* truncation occurred */ + assert(0); + } + } diff --git a/2-add-strong-stack-prot.patch b/2-add-strong-stack-prot.patch new file mode 100644 index 0000000..cabdd87 --- /dev/null +++ b/2-add-strong-stack-prot.patch @@ -0,0 +1,24 @@ +--- configure.orig 2022-02-08 17:54:38.857757054 +0100 ++++ configure 2022-02-08 18:09:34.392172703 +0100 +@@ -142,15 +142,15 @@ includedir=${includedir:-$prefix/include + mandir=${mandir:-$prefix/share/man} + + # define CFLAGS and LDFLAGS if no environment variables defined +-if test -z ${CFLAGS}; then +- CFLAGS='-Wall -Werror -std=gnu99 -pedantic -fstack-protector -fPIE -fPIC -fno-strict-overflow -fno-delete-null-pointer-checks -fwrapv' ++if test -z "${CFLAGS}"; then ++ CFLAGS="-Wall -Werror -std=gnu99 -pedantic -fstack-protector-strong -fPIE -fPIC -fno-strict-overflow -fno-delete-null-pointer-checks -fwrapv" + else +- CFLAGS+=" -Wall -Werror -std=gnu99 -pedantic -fstack-protector -fPIE -fPIC" ++ CFLAGS+=" -Wall -Werror -std=gnu99 -pedantic -fstack-protector-strong -fPIE -fPIC" + fi +-if test -z ${LDFLAGS}; then +- LDFLAGS='-fstack-protector -fPIC -pie -z relro -z now -Wl,-z,noexecstack' ++if test -z "${LDFLAGS}"; then ++ LDFLAGS="-fstack-protector-strong -fPIC -pie -z relro -z now -Wl,-z,noexecstack" + else +- LDFLAGS+=" -fstack-protector -fPIC -pie -z relro -z now -Wl,-z,noexecstack" ++ LDFLAGS+=" -fstack-protector-strong -fPIC -pie -z relro -z now -Wl,-z,noexecstack" + fi + + # try to build 32 or 64 bit system binary diff --git a/qatzip.spec b/qatzip.spec index cae90c6..01c0cb4 100644 --- a/qatzip.spec +++ b/qatzip.spec @@ -4,8 +4,8 @@ %global libqatzip_soversion 1 Name: qatzip -Version: 1.0.6 -Release: 5%{?dist} +Version: 1.0.7 +Release: 1%{?dist} Summary: Intel QuickAssist Technology (QAT) QATzip Library License: BSD URL: https://github.com/intel/%{githubname} @@ -18,6 +18,9 @@ BuildRequires: qatlib-devel >= 21.08.0 # https://bugzilla.redhat.com/show_bug.cgi?id=1987280 ExclusiveArch: x86_64 +Patch0: 1-fix-snprintf-truncation.patch +Patch1: 2-add-strong-stack-prot.patch + %description QATzip is a user space library which builds on top of the Intel QuickAssist Technology user space library, to provide extended @@ -45,7 +48,7 @@ This package contains headers and libraries required to build applications that use the QATzip APIs. %prep -%autosetup -n %{githubname}-%{version} +%autosetup -p0 -n %{githubname}-%{version} %build %set_build_flags @@ -82,6 +85,11 @@ rm -vf %{buildroot}%{_mandir}/*.pdf %{_libdir}/libqatzip.so %changelog +* Wed Feb 09 2022 Vladis Dronov - 1.0.7-1 +- Rebuild for qatzip v1.0.7 +- Fix snprintf truncation check (bz 2046925) +- Add -fstack-protector-strong build option (bz 2044889) + * Wed Oct 20 2021 Vladis Dronov - 1.0.6-5 - Add OSCI testing harness (bz 1874207) diff --git a/sources b/sources index cf69e44..0d0a14c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (qatzip-1.0.6.tar.gz) = 3a909d24a52cef98e07702a1282069f4c4948a03ad3148e7e14e09e520962415ae5579362530107476874216e15b5b66561643e8b94f80bb90b85cf18b2a5566 +SHA512 (qatzip-1.0.7.tar.gz) = d5e21aa0fc42d1fba439f7afecdb904e2ffa4960651ce003386988b5ebcff50b2e57d60ca379de7aa2285449a39f3314a1a82336ec0adfe3a4bec3bb8da613d3