Add upstream patch which removes need to run execstack (RHBZ#1093261).
This commit is contained in:
parent
31ad952dcf
commit
4c45d36beb
47
0001-bin2s-Mark-stack-as-non-executable.patch
Normal file
47
0001-bin2s-Mark-stack-as-non-executable.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
From c9f7a7998021e1cbe22a8ec325d43e2bdc3eff5a Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Thu, 1 May 2014 09:42:11 +0100
|
||||||
|
Subject: [PATCH] bin2s: Mark stack as non-executable.
|
||||||
|
|
||||||
|
Every object file linked to supermin has to be marked as having a
|
||||||
|
non-executable stack. The object generated by bin2s was not being
|
||||||
|
marked this way, thus the final supermin binary ended up as having an
|
||||||
|
executable stack (wrongly).
|
||||||
|
|
||||||
|
Before this change:
|
||||||
|
|
||||||
|
$ execstack -q src/supermin
|
||||||
|
X src/supermin
|
||||||
|
|
||||||
|
After applying this patch and rebuilding:
|
||||||
|
|
||||||
|
$ execstack -q src/supermin
|
||||||
|
- src/supermin
|
||||||
|
|
||||||
|
See also:
|
||||||
|
|
||||||
|
http://gcc.gnu.org/ml/gcc-patches/2007-07/msg01155.html
|
||||||
|
https://wiki.gentoo.org/wiki/Project:Hardened/GNU_stack_quickstart
|
||||||
|
http://caml.inria.fr/mantis/print_bug_page.php?bug_id=4564
|
||||||
|
---
|
||||||
|
src/bin2s.pl | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/bin2s.pl b/src/bin2s.pl
|
||||||
|
index 2c78b5e..1b1c253 100755
|
||||||
|
--- a/src/bin2s.pl
|
||||||
|
+++ b/src/bin2s.pl
|
||||||
|
@@ -18,6 +18,10 @@ open my $ofh, '>', $outfile or die "open $outfile: $!";
|
||||||
|
print $ofh <<"EOF";
|
||||||
|
/* This file has been automatically generated from $infile by $0 */
|
||||||
|
|
||||||
|
+/* Mark stack as non-executable for GNU tools. */
|
||||||
|
+\t.section .note.GNU-stack,"",%progbits
|
||||||
|
+\t.previous
|
||||||
|
+
|
||||||
|
\t.globl\t_binary_${infile}_start
|
||||||
|
\t.globl\t_binary_${infile}_end
|
||||||
|
\t.globl\t_binary_${infile}_size
|
||||||
|
--
|
||||||
|
1.9.0
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: Tool for creating supermin appliances
|
Summary: Tool for creating supermin appliances
|
||||||
Name: supermin
|
Name: supermin
|
||||||
Version: 5.1.7
|
Version: 5.1.7
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
|
|
||||||
%if 0%{?rhel} >= 7
|
%if 0%{?rhel} >= 7
|
||||||
@ -12,6 +12,7 @@ URL: http://people.redhat.com/~rjones/supermin/
|
|||||||
Source0: http://libguestfs.org/download/supermin/%{name}-%{version}.tar.gz
|
Source0: http://libguestfs.org/download/supermin/%{name}-%{version}.tar.gz
|
||||||
|
|
||||||
Patch1: 0001-Add-quoting-around-parameter-when-calling-external-m.patch
|
Patch1: 0001-Add-quoting-around-parameter-when-calling-external-m.patch
|
||||||
|
Patch2: 0001-bin2s-Mark-stack-as-non-executable.patch
|
||||||
|
|
||||||
BuildRequires: /usr/bin/pod2man
|
BuildRequires: /usr/bin/pod2man
|
||||||
BuildRequires: rpm
|
BuildRequires: rpm
|
||||||
@ -20,9 +21,6 @@ BuildRequires: /usr/sbin/mke2fs
|
|||||||
BuildRequires: e2fsprogs-devel
|
BuildRequires: e2fsprogs-devel
|
||||||
BuildRequires: glibc-static, zlib-static
|
BuildRequires: glibc-static, zlib-static
|
||||||
BuildRequires: ocaml, ocaml-findlib-devel
|
BuildRequires: ocaml, ocaml-findlib-devel
|
||||||
%ifnarch aarch64
|
|
||||||
BuildRequires: /usr/bin/execstack
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# These are required only to run the tests. We could patch out the
|
# These are required only to run the tests. We could patch out the
|
||||||
# tests to not require these packages.
|
# tests to not require these packages.
|
||||||
@ -55,6 +53,7 @@ second when you need to boot one of them.
|
|||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -65,15 +64,6 @@ make
|
|||||||
%install
|
%install
|
||||||
make DESTDIR=$RPM_BUILD_ROOT install
|
make DESTDIR=$RPM_BUILD_ROOT install
|
||||||
|
|
||||||
# supermin is marked as requiring an executable stack. This happens
|
|
||||||
# because we use objcopy to create one of the component object files
|
|
||||||
# from a data file. The program does not in fact require an
|
|
||||||
# executable stack. The easiest way to fix this is to clear the flag
|
|
||||||
# here.
|
|
||||||
%ifnarch aarch64
|
|
||||||
execstack -c $RPM_BUILD_ROOT%{_bindir}/supermin
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%check
|
%check
|
||||||
make check || {
|
make check || {
|
||||||
@ -89,6 +79,9 @@ make check || {
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 1 2014 Richard W.M. Jones <rjones@redhat.com> - 5.1.7-3
|
||||||
|
- Add upstream patch which removes need to run execstack (RHBZ#1093261).
|
||||||
|
|
||||||
* Mon Apr 7 2014 Richard W.M. Jones <rjones@redhat.com> - 5.1.7-2
|
* Mon Apr 7 2014 Richard W.M. Jones <rjones@redhat.com> - 5.1.7-2
|
||||||
- Add patch to fix quoting around mke2fs parameter (RHBZ#1084960).
|
- Add patch to fix quoting around mke2fs parameter (RHBZ#1084960).
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user