diff --git a/unzip-6.0-nostrip.patch b/unzip-6.0-configure.patch similarity index 93% rename from unzip-6.0-nostrip.patch rename to unzip-6.0-configure.patch index 71c263f..9eead42 100644 --- a/unzip-6.0-nostrip.patch +++ b/unzip-6.0-configure.patch @@ -6,7 +6,7 @@ diff -up unzip60/unix/configure.nostrip unzip60/unix/configure CFLAGS="${CFLAGS} -I. -DUNIX" LFLAGS1="" -LFLAGS2="-s" -+LFLAGS2="" ++LFLAGS2="${LFLAGS2}" LN="ln -s" CFLAGS_OPT='' diff --git a/unzip.spec b/unzip.spec index 49584b5..42c94ff 100644 --- a/unzip.spec +++ b/unzip.spec @@ -1,7 +1,13 @@ + +# Settings for EL <= 7 +%if 0%{?rhel} && 0%{?rhel} <= 7 +%{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro} +%endif + Summary: A utility for unpacking zip files Name: unzip Version: 6.0 -Release: 29%{?dist} +Release: 30%{?dist} License: BSD Group: Applications/Archiving Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz @@ -15,8 +21,9 @@ Patch3: unzip-6.0-close.patch # Reported to upstream: http://www.info-zip.org/board/board.pl?m-1259575993/ Patch4: unzip-6.0-attribs-overflow.patch # Not sent to upstream, as it's Fedora/RHEL specific. -# Modify the configure script not to request the strip of binaries. -Patch5: unzip-6.0-nostrip.patch +# Modify the configure script to accept var LFLAGS2 so linking can be configurable +# from the spec file. In addition '-s' is still removed as before +Patch5: unzip-6.0-configure.patch Patch6: unzip-6.0-manpage-fix.patch # Update match.c with recmatch() from zip 3.0's util.c # This also resolves the license issue in that old function. @@ -63,7 +70,7 @@ a zip archive. %patch2 -p1 -b .exec-shield %patch3 -p1 -b .close %patch4 -p1 -b .attribs-overflow -%patch5 -p1 -b .nostrip +%patch5 -p1 -b .configure %patch6 -p1 -b .manpage-fix %patch7 -p1 -b .recmatch %patch8 -p1 -b .symlink @@ -85,7 +92,8 @@ a zip archive. # IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X # NOMEMCPY solve problem with memory overlapping - decomression is slowly, # but successfull. -make -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY -DIZ_HAVE_UXUIDGID -DNO_LCHMOD" generic_gcc %{?_smp_mflags} +make -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY -DIZ_HAVE_UXUIDGID -DNO_LCHMOD" \ + LFLAGS2="%{?__global_ldflags}" generic_gcc %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT @@ -98,6 +106,13 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{ %{_mandir}/*/* %changelog +* Thu Jul 14 2016 Petr Stodulka - 6.0-30 +- rename patch unzip-6.0-nostrip.patch to unzip-6.0-configure.patch + so linking is now configurable from the spec file +- define __global_ldflags on EL <= 7 +- set LFLAGS2 with __global_ldflags for hardened build + Resolves: #1330519 + * Fri Jul 01 2016 Petr Stodulka - 6.0-29 - added build parameter "-DNO_LCHMOD" because lchmod isn't provided on Linux system