[arpwatch] harden the package (#954336)

jsynacek jsynacek at fedoraproject.org
Tue Apr 23 10:51:04 UTC 2013 

commit ba6360b3c4a43ff87a5c32092edcf0aa751da23a
Author: Jan Synacek <jsynacek at redhat.com>
Date:   Tue Apr 23 12:47:04 2013 +0200

    harden the package (#954336)

 arpwatch-pie.patch |   18 ++++++++++++++++++
 arpwatch.spec      |    8 +++++++-
 2 files changed, 25 insertions(+), 1 deletions(-)
---
diff --git a/arpwatch-pie.patch b/arpwatch-pie.patch
new file mode 100644
index 0000000..c6e7d87
--- /dev/null
+++ b/arpwatch-pie.patch
@@ -0,0 +1,18 @@
+--- arpwatch-2.1a15/Makefile.in	2013-04-23 11:17:51.994488347 +0200
++++ arpwatch-2.1a15/Makefile.in.new	2013-04-23 11:17:24.000000000 +0200
+@@ -48,12 +48,12 @@
+ DEFS = -DDEBUG @DEFS@ -DARPDIR=\"$(ARPDIR)\" -DPATH_SENDMAIL=\"$(SENDMAIL)\"
+ 
+ # Standard CFLAGS
+-CFLAGS = $(CCOPT) $(DEFS) $(INCLS)
++CFLAGS = $(CCOPT) $(DEFS) $(INCLS) -pie
+ 
+ # Standard LIBS
+-LIBS = @LIBS@
++LIBS = @LIBS@ -pie -Wl,-z,relro,-z,now
+ # Standard LIBS without libpcap.a
+-SLIBS = @LBL_LIBS@
++SLIBS = @LBL_LIBS@ -pie -Wl,-z,relro,-z,now
+ 
+ INSTALL = @INSTALL@
+ SENDMAIL = @V_SENDMAIL@
diff --git a/arpwatch.spec b/arpwatch.spec
index 2fd8495..def5ef6 100644
--- a/arpwatch.spec
+++ b/arpwatch.spec
@@ -1,9 +1,10 @@
 %global _vararpwatch %{_localstatedir}/lib/arpwatch
+%global _hardened_build 1
 
 Name: arpwatch
 Epoch: 14
 Version: 2.1a15
-Release: 27%{?dist}
+Release: 28%{?dist}
 Summary: Network monitoring tools for tracking IP addresses on a network
 Group: Applications/System
 License: BSD with advertising
@@ -38,6 +39,7 @@ Patch13: arpwatch-2.1a15-devlookup.patch
 Patch14: arpwatch-2.1a15-lookupiselect.patch
 Patch15: arpwatch-2.1a15-lookupiinvalid.patch
 Patch16: arpwatch-201301-ethcodes.patch
+Patch17: arpwatch-pie.patch
 
 %description
 The arpwatch package contains arpwatch and arpsnmp.  Arpwatch and
@@ -68,6 +70,7 @@ network.
 %patch14 -p1 -b .iselect
 %patch15 -p1 -b .iinval
 %patch16 -p1 -b .ethcode
+%patch17 -p1 -b .pie
 
 %build
 %configure
@@ -147,6 +150,9 @@ fi
 %attr(0644,-,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/ethercodes.dat
 
 %changelog
+* Tue Apr 23 2013 Jan Synáček <jsynacek at redhat.com> 14:2.1a15-28
+- harden the package (#954336)
+
 * Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 14:2.1a15-27
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

More information about the scm-commits mailing list