Properly harden package using -fstack-protector-strong.
Resolves: rhbz#1624168
This commit is contained in:
parent
cd4ba485c1
commit
1ead6ac8f8
43
ruby-2.6.0-configure-fstack-protector-strong.patch
Normal file
43
ruby-2.6.0-configure-fstack-protector-strong.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
From c8ccdbfe1e45cb3b832109d644296c0a3b3e0b59 Mon Sep 17 00:00:00 2001
|
||||||
|
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
|
||||||
|
Date: Sun, 2 Sep 2018 03:49:31 +0000
|
||||||
|
Subject: [PATCH] configure.ac: -fstack-protector-strong
|
||||||
|
|
||||||
|
* configure.ac: use -fstack-protector-strong if available instead of
|
||||||
|
-fstack-protector conditionally. [ruby-core:88788] [Misc #15053]
|
||||||
|
|
||||||
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64614 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
||||||
|
---
|
||||||
|
configure.ac | 17 ++++++++++-------
|
||||||
|
1 file changed, 10 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index 9328fa532de0..b8ee57239215 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -837,15 +837,18 @@ AS_IF([test "$GCC" = yes], [
|
||||||
|
stack_protector=no
|
||||||
|
])
|
||||||
|
AS_IF([test -z "${stack_protector+set}"], [
|
||||||
|
- RUBY_TRY_CFLAGS(-fstack-protector, [stack_protector=yes], [stack_protector=no])
|
||||||
|
- AS_IF([test "x$stack_protector" = xyes], [
|
||||||
|
- RUBY_TRY_LDFLAGS(-fstack-protector, [], [stack_protector=broken])
|
||||||
|
+ AS_FOR(option, opt, [-fstack-protector-strong -fstack-protector], [
|
||||||
|
+ RUBY_TRY_CFLAGS(option, [stack_protector=yes])
|
||||||
|
+ AS_IF([test "x$stack_protector" = xyes], [
|
||||||
|
+ RUBY_TRY_LDFLAGS(option, [], [stack_protector=])
|
||||||
|
+ ])
|
||||||
|
+ AS_IF([test "x$stack_protector" = xyes], [stack_protector=option; break])
|
||||||
|
])
|
||||||
|
])
|
||||||
|
- AS_IF([test "x$stack_protector" = xyes], [
|
||||||
|
- RUBY_APPEND_OPTION(XCFLAGS, -fstack-protector)
|
||||||
|
- RUBY_APPEND_OPTION(XLDFLAGS, -fstack-protector)
|
||||||
|
- RUBY_APPEND_OPTION(LDFLAGS, -fstack-protector)
|
||||||
|
+ AS_CASE(["$stack_protector"], [-*], [
|
||||||
|
+ RUBY_APPEND_OPTION(XCFLAGS, $stack_protector)
|
||||||
|
+ RUBY_APPEND_OPTION(XLDFLAGS, $stack_protector)
|
||||||
|
+ RUBY_APPEND_OPTION(LDFLAGS, $stack_protector)
|
||||||
|
])
|
||||||
|
|
||||||
|
AS_CASE("${compress_debug_sections:-zlib}",
|
11
ruby.spec
11
ruby.spec
@ -21,7 +21,7 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
|
||||||
%global release 99
|
%global release 100
|
||||||
%{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
|
%{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
|
||||||
|
|
||||||
# The RubyGems library has to stay out of Ruby directory three, since the
|
# The RubyGems library has to stay out of Ruby directory three, since the
|
||||||
@ -147,6 +147,9 @@ Patch15: ruby-2.6.0-library-options-to-MAINLIBS.patch
|
|||||||
Patch16: ruby-2.5.1-Avoid-need-of-C++-compiler-to-pass-the-test-suite.patch
|
Patch16: ruby-2.5.1-Avoid-need-of-C++-compiler-to-pass-the-test-suite.patch
|
||||||
# https://github.com/ruby/rdoc/commit/d05e6269d4a4dfd701f5ddb3ae34306cba891511
|
# https://github.com/ruby/rdoc/commit/d05e6269d4a4dfd701f5ddb3ae34306cba891511
|
||||||
Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch
|
Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch
|
||||||
|
# Properly harden package using -fstack-protector-strong.
|
||||||
|
# https://bugs.ruby-lang.org/issues/15053
|
||||||
|
Patch24: ruby-2.6.0-configure-fstack-protector-strong.patch
|
||||||
|
|
||||||
# Fix some OpenSSL 1.1.1 test failures.
|
# Fix some OpenSSL 1.1.1 test failures.
|
||||||
# https://github.com/ruby/openssl/pull/202
|
# https://github.com/ruby/openssl/pull/202
|
||||||
@ -557,6 +560,7 @@ rm -rf ext/fiddle/libffi*
|
|||||||
%patch21 -p1
|
%patch21 -p1
|
||||||
%patch22 -p1
|
%patch22 -p1
|
||||||
%patch23 -p1
|
%patch23 -p1
|
||||||
|
%patch24 -p1
|
||||||
|
|
||||||
# Provide an example of usage of the tapset:
|
# Provide an example of usage of the tapset:
|
||||||
cp -a %{SOURCE3} .
|
cp -a %{SOURCE3} .
|
||||||
@ -1107,6 +1111,11 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \
|
|||||||
%{gem_dir}/specifications/xmlrpc-%{xmlrpc_version}.gemspec
|
%{gem_dir}/specifications/xmlrpc-%{xmlrpc_version}.gemspec
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Sep 03 2018 Vít Ondruch <vondruch@redhat.com> - 2.5.1-100
|
||||||
|
- Properly harden package using -fstack-protector-strong.
|
||||||
|
* ruby-2.6.0-configure-fstack-protector-strong.patch
|
||||||
|
Resolves: rhbz#1624168
|
||||||
|
|
||||||
* Wed Aug 29 2018 Vít Ondruch <vondruch@redhat.com> - 2.5.1-99
|
* Wed Aug 29 2018 Vít Ondruch <vondruch@redhat.com> - 2.5.1-99
|
||||||
- Additional OpenSSL 1.1.1 fixes.
|
- Additional OpenSSL 1.1.1 fixes.
|
||||||
* ruby-2.6.0-fix-test-failure-with-TLS-1.3-maint.patch
|
* ruby-2.6.0-fix-test-failure-with-TLS-1.3-maint.patch
|
||||||
|
Loading…
Reference in New Issue
Block a user