[netdump-server] Hardening netdump-server by building with -pie

Mon Apr 22 19:13:29 UTC 2013

commit 659200b94dbf4f60463da46c9490d530f9456706
Author: Neil Horman <nhorman at tuxdriver.com>
Date:   Mon Apr 22 15:13:10 2013 -0400

    Hardening netdump-server by building with -pie

 netdump-ldflags.patch |   11 +++++++++++
 netdump-server.spec   |   11 +++++++++--
 2 files changed, 20 insertions(+), 2 deletions(-)
---

diff --git a/netdump-ldflags.patch b/netdump-ldflags.patch
new file mode 100644
index 0000000..187e86d
--- /dev/null
+++ b/netdump-ldflags.patch
@@ -0,0 +1,11 @@
+diff -up netdump-0.7.16/Makefile.orig netdump-0.7.16/Makefile
+--- netdump-0.7.16/Makefile.orig	2013-04-22 15:07:19.490639334 -0400
++++ netdump-0.7.16/Makefile	2013-04-22 15:07:28.461889035 -0400
+@@ -1,6 +1,6 @@
+ DEBUG_FLAGS=-Wall -g
+ 
+-LDFLAGS=`glib-config --libs` -lpopt
++LDFLAGS+=`glib-config --libs` -lpopt
+ 
+ VERSION=$(shell awk '/Version:/ { print $$2 }' netdump.spec)
+ # Used to append this to CVSTAG: _$(subst .,-,$(RELEASE)), but now that
diff --git a/netdump-server.spec b/netdump-server.spec
index 5b68e66..41ccc89 100644
--- a/netdump-server.spec
+++ b/netdump-server.spec
@@ -1,7 +1,7 @@
 Summary: Server for network kernel message logging and crash dumps
 Name: netdump-server
 Version: 0.7.16
-Release: 32%{dist}
+Release: 33%{dist}
 # This is a Red Hat maintained package which is specific to
 # our distribution.  Thus the source is only available from
 # within this srpm.
@@ -32,6 +32,7 @@ Patch8: netdump-server-init.patch
 Patch9: netdump-clientport.patch
 Patch10: netdump-server-use-ip-cmd.patch
 Patch11: netdump-server-default-dir.patch
+Patch12: netdump-ldflags.patch
 
 Group: System Environment/Daemons
 
@@ -54,9 +55,12 @@ contact it and then writes the oops log and a memory dump to
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1
 
 %build
-export CFLAGS="%{optflags} `glib-config --cflags`"; make %{?_smp_mflags}
+export CFLAGS="%{optflags} `glib-config --cflags` -fPIE"
+export LDFLAGS="-pie"
+make %{?_smp_mflags}
 
 %install
 rm -rf $RPM_BUILD_ROOT
@@ -104,6 +108,9 @@ exit 0
 %doc COPYING
 
 %changelog
+* Mon Apr 22 2013 Neil Horman <nhorman at redhat.com> - 0.7.16-33
+- Updated to build netdump-server with -pie
+
 * Fri Feb 22 2013 Neil Horman <nhorman at redhat.com> - 0.7.16-32
 - Updated to use service script for systemd (bz 914748)
 
