[kde-workspace/f19] Made kdm and kdm_greet hardened (#983619)
Martin Briza
mbriza at fedoraproject.org
Mon Aug 5 11:38:55 UTC 2013
commit b4210dfc448edfb5e55c6ef29872ec148844a219
Author: Martin Briza <mbriza at redhat.com>
Date: Mon Aug 5 13:23:27 2013 +0200
Made kdm and kdm_greet hardened (#983619)
kde-workspace-4.10.4-kdm-harden.patch | 23 +++++++++++++++++++++++
kde-workspace.spec | 9 ++++++++-
2 files changed, 31 insertions(+), 1 deletions(-)
---
diff --git a/kde-workspace-4.10.4-kdm-harden.patch b/kde-workspace-4.10.4-kdm-harden.patch
new file mode 100644
index 0000000..d3b6838
--- /dev/null
+++ b/kde-workspace-4.10.4-kdm-harden.patch
@@ -0,0 +1,23 @@
+--- kde-workspace-4.10.4/kdm/backend/CMakeLists.txt.harden 2013-07-18 13:59:39.736400898 +0200
++++ kde-workspace-4.10.4/kdm/backend/CMakeLists.txt 2013-07-18 14:00:24.573302699 +0200
+@@ -52,7 +52,8 @@ endif(LIBSYSTEMD_LOGIN_FOUND AND LIBSYST
+ macro_add_file_dependencies(dm.h ${confci})
+ macro_add_file_dependencies(error.c ${CMAKE_CURRENT_SOURCE_DIR}/printf.c)
+ kde4_add_executable(kdm NOGUI ${kdm_SRCS})
+-macro_add_compile_flags(kdm -U_REENTRANT)
++macro_add_compile_flags(kdm "-U_REENTRANT -fPIC")
++set_target_properties(kdm PROPERTIES LINK_FLAGS "-pie -fPIE -Wl,-z,relro,-z,now ${LINK_FLAGS}")
+ target_link_libraries( kdm
+ ${X11_X11_LIB} ${X11_Xau_LIB} ${X11_Xdmcp_LIB} ${X11_X_EXTRA_LIBS}
+ ${UNIXAUTH_LIBRARIES}
+--- kde-workspace-4.10.4/kdm/kfrontend/CMakeLists.txt.harden 2013-07-18 14:02:54.311974754 +0200
++++ kde-workspace-4.10.4/kdm/kfrontend/CMakeLists.txt 2013-07-18 14:04:16.112795602 +0200
+@@ -71,6 +71,8 @@ endif (WITH_KDM_XCONSOLE)
+
+ macro_add_file_dependencies(kdmconfig.h ${confci})
+ kde4_add_executable(kdm_greet ${kdm_greet_SRCS})
++macro_add_compile_flags(kdm_greet "-fPIC")
++set_target_properties(kdm_greet PROPERTIES LINK_FLAGS "-pie -fPIE -Wl,-z,relro,-z,now ${LINK_FLAGS}")
+ target_link_libraries(kdm_greet ${KDE4_KDEUI_LIBS} ${QT_QTXML_LIBRARY} ${X11_X11_LIB} ${POSIX4_LIBRARIES})
+ if (X11_XTest_FOUND)
+ target_link_libraries(kdm_greet ${X11_XTest_LIB})
diff --git a/kde-workspace.spec b/kde-workspace.spec
index c315ca6..7a36761 100644
--- a/kde-workspace.spec
+++ b/kde-workspace.spec
@@ -17,7 +17,7 @@
Summary: KDE Workspace
Name: kde-workspace
Version: 4.10.5
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2
URL: https://projects.kde.org/projects/kde/kde-workspace
@@ -44,6 +44,9 @@ Requires: konsole
# could be handled dynamically eventually
Patch3: kde-workspace-4.10.4-new-session-vt-numbers.patch
+# RH/Fedora-specific: Force kdm and kdm_greet to be hardened
+Patch4: kde-workspace-4.10.4-kdm-harden.patch
+
# 441062: packagekit tools do not show icons correctly on KDE
Patch7: kdebase-workspace-4.6.80-krdb.patch
@@ -449,6 +452,7 @@ Requires: akonadi
# FIXME/REBASE -- rex
%patch2 -p1 -b .plasma-konsole
%patch3 -p1 -b .vtnumbers
+%patch4 -p1 -b .harden
%patch7 -p1 -b .krdb
%patch8 -p1 -b .klipper-url
%patch9 -p1 -b .rootprivs
@@ -1029,6 +1033,9 @@ fi
%changelog
+* Mon Aug 05 2013 Martin Briza <mbriza at redhat.com> - 4.10.5-4
+- Made kdm and kdm_greet hardened (#983619)
+
* Thu Jul 11 2013 Rex Dieter <rdieter at fedoraproject.org> - 4.10.5-3
- backport systray icons memleak fix (kde #314919)
- backport potential kcheckpass security issue
More information about the scm-commits
mailing list