[dhcp/f16] PIE-RELRO.patch is not needed anymore, defining _hardened_build does the same

Jiří Popelka jpopelka at fedoraproject.org
Fri Sep 9 14:54:25 UTC 2011 

commit 031fd06f3b016e2df408b9faff0f8f6268ee0416
Author: Jiri Popelka <jpopelka at redhat.com>
Date:   Fri Sep 9 16:52:24 2011 +0200

    PIE-RELRO.patch is not needed anymore, defining _hardened_build does the same

 dhcp-4.2.2-PIE-RELRO.patch |   92 --------------------------------------------
 dhcp.spec                  |   24 ++++--------
 dhcp420-sharedlib.patch    |   84 +++++++++++++++++++---------------------
 3 files changed, 48 insertions(+), 152 deletions(-)
---
diff --git a/dhcp.spec b/dhcp.spec
index 0550c45..9a25318 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -1,6 +1,9 @@
 # vendor string (e.g., Fedora, EL)
 %global vvendor Fedora
 
+#http://lists.fedoraproject.org/pipermail/devel/2011-August/155358.html
+%global _hardened_build 1
+
 # Where dhcp configuration files are stored
 %global dhcpconfdir %{_sysconfdir}/dhcp
 
@@ -16,7 +19,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.2.2
-Release:  5%{?dist}
+Release:  6%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -60,7 +63,6 @@ Patch21:  dhcp-4.2.0-UseMulticast.patch
 Patch22:  dhcp-4.2.1-sendDecline.patch
 Patch23:  dhcp-4.2.1-retransmission.patch
 Patch25:  dhcp-4.2.2-rfc3442-classless-static-routes.patch
-Patch26:  dhcp-4.2.2-PIE-RELRO.patch
 Patch27:  dhcp-4.2.0-honor-expired.patch
 Patch28:  dhcp-4.2.0-noprefixavail.patch
 Patch29:  dhcp420-rh637017.patch
@@ -279,9 +281,6 @@ rm bind/bind.tar.gz
 # RFC 3442 - Classless Static Route Option for DHCPv4 (#516325)
 %patch25 -p1 -b .rfc3442
 
-# hardening dhcpd/dhcrelay/dhclient by making them PIE & RELRO
-%patch26 -p1 -b .PIE-RELRO
-
 # check whether there is any unexpired address in previous lease
 # prior to confirming (INIT-REBOOT) the lease (#585418)
 # (Submitted to dhcp-suggest at isc.org - [ISC-Bugs #22675])
@@ -308,16 +307,6 @@ rm bind/bind.tar.gz
 %{__install} -p -m 0755 %{SOURCE4} client/scripts/linux
 %{__install} -p -m 0644 %{SOURCE5} .
 
-# Sparc and s390 arches need to use -fPIE/-fPIC
-%ifarch sparcv9 sparc64 s390 s390x
-for i in {client,relay,server,omapip}/Makefile.am; do
-        %{__sed} -i 's|fpie|fPIE|g' $i
-done
-for i in {common,omapip}/Makefile.am; do
-        %{__sed} -i 's|fpic|fPIC|g' $i
-done
-%endif
-
 pushd contrib
 %{__chmod} -x 3.0b1-lease-convert dhclient-tz-exithook.sh ldap/dhcpd-conf-to-ldap
 %{__chmod} -x sethostname.sh solaris.init
@@ -472,7 +461,7 @@ find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';';
 getent group dhcpd >/dev/null || groupadd --system dhcpd
 getent passwd dhcpd >/dev/null || \
     useradd --system --gid dhcpd \
-            --home /var/lib/dhcpd --shell /sbin/nologin \
+            --home / --shell /sbin/nologin \
             --comment "DHCP server" dhcpd
 exit 0
 
@@ -639,6 +628,9 @@ fi
 %{_initddir}/dhcrelay
 
 %changelog
+* Fri Sep 09 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.2-6
+- PIE-RELRO.patch is not needed anymore, defining _hardened_build does the same
+
 * Fri Sep 09 2011 Adam Tkac <atkac redhat com> - 12:4.2.2-5
 - rebuild against new bind
 
diff --git a/dhcp420-sharedlib.patch b/dhcp420-sharedlib.patch
index 749bef6..74fe9f1 100644
--- a/dhcp420-sharedlib.patch
+++ b/dhcp420-sharedlib.patch
@@ -1,18 +1,18 @@
-diff -up dhcp-4.2.1-P1/client/Makefile.am.sharedlib dhcp-4.2.1-P1/client/Makefile.am
---- dhcp-4.2.1-P1/client/Makefile.am.sharedlib	2011-06-30 17:04:29.476676590 +0200
-+++ dhcp-4.2.1-P1/client/Makefile.am	2011-06-30 17:04:29.488676414 +0200
-@@ -6,7 +6,7 @@ dhclient_SOURCES = clparse.c dhclient.c 
+diff -up dhcp-4.2.2/client/Makefile.am.sharedlib dhcp-4.2.2/client/Makefile.am
+--- dhcp-4.2.2/client/Makefile.am.sharedlib	2011-09-09 16:35:56.000000000 +0200
++++ dhcp-4.2.2/client/Makefile.am	2011-09-09 16:36:29.849007951 +0200
+@@ -4,7 +4,7 @@ dhclient_SOURCES = clparse.c dhclient.c
+ 		   scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
+ 		   scripts/netbsd scripts/nextstep scripts/openbsd \
  		   scripts/solaris scripts/openwrt
- dhclient_CPPFLAGS = -DCLIENT_PATH='"$(sbindir)"' -DLOCALSTATEDIR='"$(localstatedir)"'
- dhclient_CFLAGS = -fpie
 -dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
 +dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
  		 $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD)
- dhclient_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now
- 
-diff -up dhcp-4.2.1-P1/configure.ac.sharedlib dhcp-4.2.1-P1/configure.ac
---- dhcp-4.2.1-P1/configure.ac.sharedlib	2011-06-30 17:04:29.428677294 +0200
-+++ dhcp-4.2.1-P1/configure.ac	2011-06-30 17:04:29.707673194 +0200
+ man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
+ EXTRA_DIST = $(man_MANS)
+diff -up dhcp-4.2.2/configure.ac.sharedlib dhcp-4.2.2/configure.ac
+--- dhcp-4.2.2/configure.ac.sharedlib	2011-09-09 16:35:56.097000001 +0200
++++ dhcp-4.2.2/configure.ac	2011-09-09 16:35:56.383000000 +0200
 @@ -30,7 +30,8 @@ fi
  # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API.
  AC_USE_SYSTEM_EXTENSIONS
@@ -23,9 +23,9 @@ diff -up dhcp-4.2.1-P1/configure.ac.sharedlib dhcp-4.2.1-P1/configure.ac
  AC_CONFIG_HEADERS([includes/config.h])
  
  # we sometimes need to know byte order for building packets
-diff -up dhcp-4.2.1-P1/dhcpctl/Makefile.am.sharedlib dhcp-4.2.1-P1/dhcpctl/Makefile.am
---- dhcp-4.2.1-P1/dhcpctl/Makefile.am.sharedlib	2011-06-30 17:04:29.311679013 +0200
-+++ dhcp-4.2.1-P1/dhcpctl/Makefile.am	2011-06-30 17:04:29.489676399 +0200
+diff -up dhcp-4.2.2/dhcpctl/Makefile.am.sharedlib dhcp-4.2.2/dhcpctl/Makefile.am
+--- dhcp-4.2.2/dhcpctl/Makefile.am.sharedlib	2011-09-09 16:35:55.459000001 +0200
++++ dhcp-4.2.2/dhcpctl/Makefile.am	2011-09-09 16:35:56.384000000 +0200
 @@ -1,15 +1,15 @@
  bin_PROGRAMS = omshell
 -lib_LIBRARIES = libdhcpctl.a
@@ -46,9 +46,9 @@ diff -up dhcp-4.2.1-P1/dhcpctl/Makefile.am.sharedlib dhcp-4.2.1-P1/dhcpctl/Makef
 -cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
 +cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \
  	       $(BIND9_LIBDIR) -ldns-export -lisc-export
-diff -up dhcp-4.2.1-P1/dst/base64.c.sharedlib dhcp-4.2.1-P1/dst/base64.c
---- dhcp-4.2.1-P1/dst/base64.c.sharedlib	2009-11-20 02:49:01.000000000 +0100
-+++ dhcp-4.2.1-P1/dst/base64.c	2011-06-30 17:04:29.489676399 +0200
+diff -up dhcp-4.2.2/dst/base64.c.sharedlib dhcp-4.2.2/dst/base64.c
+--- dhcp-4.2.2/dst/base64.c.sharedlib	2009-11-20 02:49:01.000000000 +0100
++++ dhcp-4.2.2/dst/base64.c	2011-09-09 16:35:56.385000000 +0200
 @@ -64,6 +64,7 @@ static const char rcsid[] = "$Id: base64
  
  #include <sys/socket.h>
@@ -57,9 +57,9 @@ diff -up dhcp-4.2.1-P1/dst/base64.c.sharedlib dhcp-4.2.1-P1/dst/base64.c
  #include "cdefs.h"
  #include "osdep.h"
  #include "arpa/nameser.h"
-diff -up dhcp-4.2.1-P1/dst/Makefile.am.sharedlib dhcp-4.2.1-P1/dst/Makefile.am
---- dhcp-4.2.1-P1/dst/Makefile.am.sharedlib	2007-05-29 18:32:10.000000000 +0200
-+++ dhcp-4.2.1-P1/dst/Makefile.am	2011-06-30 17:04:29.490676384 +0200
+diff -up dhcp-4.2.2/dst/Makefile.am.sharedlib dhcp-4.2.2/dst/Makefile.am
+--- dhcp-4.2.2/dst/Makefile.am.sharedlib	2007-05-29 18:32:10.000000000 +0200
++++ dhcp-4.2.2/dst/Makefile.am	2011-09-09 16:35:56.386000000 +0200
 @@ -1,8 +1,8 @@
  AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5
  
@@ -71,12 +71,10 @@ diff -up dhcp-4.2.1-P1/dst/Makefile.am.sharedlib dhcp-4.2.1-P1/dst/Makefile.am
  		   base64.c prandom.c
  
  EXTRA_DIST = dst_internal.h md5.h md5_locl.h
-diff -up dhcp-4.2.1-P1/omapip/Makefile.am.sharedlib dhcp-4.2.1-P1/omapip/Makefile.am
---- dhcp-4.2.1-P1/omapip/Makefile.am.sharedlib	2011-06-30 17:04:29.477676575 +0200
-+++ dhcp-4.2.1-P1/omapip/Makefile.am	2011-06-30 17:04:29.490676384 +0200
-@@ -1,9 +1,9 @@
- AM_CFLAGS = -fpic
- 
+diff -up dhcp-4.2.2/omapip/Makefile.am.sharedlib dhcp-4.2.2/omapip/Makefile.am
+--- dhcp-4.2.2/omapip/Makefile.am.sharedlib	2011-09-09 16:35:55.000000000 +0200
++++ dhcp-4.2.2/omapip/Makefile.am	2011-09-09 16:37:36.734000324 +0200
+@@ -1,7 +1,7 @@
 -lib_LIBRARIES = libomapi.a
 +lib_LTLIBRARIES = libomapi.la
  noinst_PROGRAMS = svtest
@@ -86,38 +84,36 @@ diff -up dhcp-4.2.1-P1/omapip/Makefile.am.sharedlib dhcp-4.2.1-P1/omapip/Makefil
  		     errwarn.c listener.c dispatch.c generic.c support.c \
  		     handle.c message.c convert.c hash.c auth.c inet_addr.c \
  		     array.c trace.c toisc.c iscprint.c isclib.c
-@@ -13,5 +13,5 @@ EXTRA_DIST = $(man_MANS)
+@@ -10,5 +10,5 @@ man_MANS = omapi.3
+ EXTRA_DIST = $(man_MANS)
  
  svtest_SOURCES = test.c
- svtest_CFLAGS = -fpie
 -svtest_LDADD = libomapi.a $(BIND9_LIBDIR) -ldns-export -lisc-export
 +svtest_LDADD = libomapi.la $(BIND9_LIBDIR) -ldns-export -lisc-export
  
-diff -up dhcp-4.2.1-P1/relay/Makefile.am.sharedlib dhcp-4.2.1-P1/relay/Makefile.am
---- dhcp-4.2.1-P1/relay/Makefile.am.sharedlib	2011-06-30 17:04:29.478676560 +0200
-+++ dhcp-4.2.1-P1/relay/Makefile.am	2011-06-30 17:04:29.490676384 +0200
-@@ -3,7 +3,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
+diff -up dhcp-4.2.2/relay/Makefile.am.sharedlib dhcp-4.2.2/relay/Makefile.am
+--- dhcp-4.2.2/relay/Makefile.am.sharedlib	2011-09-09 16:35:56.000000000 +0200
++++ dhcp-4.2.2/relay/Makefile.am	2011-09-09 16:37:57.058019749 +0200
+@@ -2,7 +2,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
+ 
  sbin_PROGRAMS = dhcrelay
  dhcrelay_SOURCES = dhcrelay.c
- dhcrelay_CFLAGS = -fpie
 -dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
 +dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
  		 $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD)
- dhcrelay_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now
- 
-diff -up dhcp-4.2.1-P1/server/Makefile.am.sharedlib dhcp-4.2.1-P1/server/Makefile.am
---- dhcp-4.2.1-P1/server/Makefile.am.sharedlib	2011-06-30 17:04:29.478676560 +0200
-+++ dhcp-4.2.1-P1/server/Makefile.am	2011-06-30 17:06:32.831862566 +0200
-@@ -7,9 +7,9 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
+ man_MANS = dhcrelay.8
+ EXTRA_DIST = $(man_MANS)
+diff -up dhcp-4.2.2/server/Makefile.am.sharedlib dhcp-4.2.2/server/Makefile.am
+--- dhcp-4.2.2/server/Makefile.am.sharedlib	2011-09-09 16:35:56.000000000 +0200
++++ dhcp-4.2.2/server/Makefile.am	2011-09-09 16:38:56.291004599 +0200
+@@ -7,8 +7,8 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
  		dhcpv6.c mdb6.c ldap.c ldap_casa.c
  
- dhcpd_CFLAGS = $(LDAP_CFLAGS) -fpie
+ dhcpd_CFLAGS = $(LDAP_CFLAGS)
 -dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
 -	      ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export \
--	      $(CAPNG_LDADD)
 +dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
-+	      ../dhcpctl/libdhcpctl.la $(BIND9_LIBDIR) \
-+	      -ldns-export -lisc-export $(CAPNG_LDADD)
- dhcpd_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now
++	      ../dhcpctl/libdhcpctl.la $(BIND9_LIBDIR) -ldns-export -lisc-export \
+ 	      $(CAPNG_LDADD)
  
  man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5

More information about the scm-commits mailing list