From 51ac7213d56be2a10ef56933cb0521994c14036c Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Wed, 8 Nov 2023 09:47:56 +0000 Subject: [PATCH] restrict symbols exposed by DSOs built for httpd --- subversion-1.14.2-modsyms.patch | 24 ++++++++++++++++++++++++ subversion.spec | 8 ++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 subversion-1.14.2-modsyms.patch diff --git a/subversion-1.14.2-modsyms.patch b/subversion-1.14.2-modsyms.patch new file mode 100644 index 0000000..06941d2 --- /dev/null +++ b/subversion-1.14.2-modsyms.patch @@ -0,0 +1,24 @@ + +Don't expose private symbols for the Apache modules DSO. + +--- subversion-1.14.2/build/generator/gen_base.py.modsyms ++++ subversion-1.14.2/build/generator/gen_base.py +@@ -727,13 +727,17 @@ + def __init__(self, name, options, gen_obj): + TargetLib.__init__(self, name, options, gen_obj) + ++ if name[:4] != "mod_": ++ raise Exception("Apache module targets must be named mod_*") ++ + tfile = name + self.gen_obj._extension_map['lib', 'target'] + self.filename = build_path_join(self.path, tfile) + ++ modname = name[4:] + '_module' + # we have a custom linking rule + ### hmm. this is Makefile-specific + self.compile_cmd = '$(COMPILE_APACHE_MOD)' +- self.link_cmd = '$(LINK_APACHE_MOD)' ++ self.link_cmd = '$(LINK_APACHE_MOD) -export-symbols-regex ' + modname + + class TargetSharedOnlyLib(TargetLib): + diff --git a/subversion.spec b/subversion.spec index ac0ae43..6753eef 100644 --- a/subversion.spec +++ b/subversion.spec @@ -63,7 +63,7 @@ Summary: A Modern Concurrent Version Control System Name: subversion Version: 1.14.2 -Release: 20%{?dist} +Release: 21%{?dist} License: Apache-2.0 URL: https://subversion.apache.org/ Source0: https://downloads.apache.org/subversion/subversion-%{version}.tar.bz2 @@ -84,7 +84,7 @@ Patch8: subversion-1.14.1-python-3.11-build.patch Patch9: subversion-1.14.2-swig-py-Fix-conditionals-by-SWIG-version-and-by-Pyth.patch Patch10: subversion-1.14.2-ruby32-remove-deprecated-api.patch Patch11: subversion-ruby-c99.patch - +Patch12: subversion-1.14.2-modsyms.patch BuildRequires: make BuildRequires: autoconf, libtool, texinfo, which, gcc, gcc-c++ BuildRequires: swig >= 1.3.24, gettext @@ -251,6 +251,7 @@ This package includes supplementary tools for use with Subversion. %patch9 -p1 -b .swigfix %patch10 -p0 -b .ruby32 %patch11 -p1 +%patch12 -p1 -b .modsyms : : === Building: @@ -591,6 +592,9 @@ make check-javahl %endif %changelog +* Wed Nov 8 2023 Joe Orton - 1.14.2-21 +- restrict symbols exposed by DSOs built for httpd + * Sat Jul 22 2023 Fedora Release Engineering - 1.14.2-20 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild