[supermin/f20] Add upstream patch which removes need to run execstack (RHBZ#1093261).
Richard W.M. Jones
rjones at fedoraproject.org
Sat May 10 08:41:21 UTC 2014
commit e74ffe7df36abf423babf91bf5bcf01a6d9a85cd
Author: Richard W.M. Jones <rjones at redhat.com>
Date: Thu May 1 09:51:33 2014 +0100
Add upstream patch which removes need to run execstack (RHBZ#1093261).
(cherry picked from commit 4c45d36beba52604b794774fe9025ac2dccc4736)
0001-bin2s-Mark-stack-as-non-executable.patch | 47 +++++++++++++++++++++++++
supermin.spec | 19 +++-------
2 files changed, 53 insertions(+), 13 deletions(-)
---
diff --git a/0001-bin2s-Mark-stack-as-non-executable.patch b/0001-bin2s-Mark-stack-as-non-executable.patch
new file mode 100644
index 0000000..66bd948
--- /dev/null
+++ b/0001-bin2s-Mark-stack-as-non-executable.patch
@@ -0,0 +1,47 @@
+From c9f7a7998021e1cbe22a8ec325d43e2bdc3eff5a Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones at redhat.com>
+Date: Thu, 1 May 2014 09:42:11 +0100
+Subject: [PATCH] bin2s: Mark stack as non-executable.
+
+Every object file linked to supermin has to be marked as having a
+non-executable stack. The object generated by bin2s was not being
+marked this way, thus the final supermin binary ended up as having an
+executable stack (wrongly).
+
+Before this change:
+
+$ execstack -q src/supermin
+X src/supermin
+
+After applying this patch and rebuilding:
+
+$ execstack -q src/supermin
+- src/supermin
+
+See also:
+
+http://gcc.gnu.org/ml/gcc-patches/2007-07/msg01155.html
+https://wiki.gentoo.org/wiki/Project:Hardened/GNU_stack_quickstart
+http://caml.inria.fr/mantis/print_bug_page.php?bug_id=4564
+---
+ src/bin2s.pl | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/bin2s.pl b/src/bin2s.pl
+index 2c78b5e..1b1c253 100755
+--- a/src/bin2s.pl
++++ b/src/bin2s.pl
+@@ -18,6 +18,10 @@ open my $ofh, '>', $outfile or die "open $outfile: $!";
+ print $ofh <<"EOF";
+ /* This file has been automatically generated from $infile by $0 */
+
++/* Mark stack as non-executable for GNU tools. */
++\t.section .note.GNU-stack,"",%progbits
++\t.previous
++
+ \t.globl\t_binary_${infile}_start
+ \t.globl\t_binary_${infile}_end
+ \t.globl\t_binary_${infile}_size
+--
+1.9.0
+
diff --git a/supermin.spec b/supermin.spec
index 84b1a9b..d8cbeb7 100644
--- a/supermin.spec
+++ b/supermin.spec
@@ -1,7 +1,7 @@
Summary: Tool for creating supermin appliances
Name: supermin
Version: 5.1.7
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2+
%if 0%{?rhel} >= 7
@@ -12,6 +12,7 @@ URL: http://people.redhat.com/~rjones/supermin/
Source0: http://libguestfs.org/download/supermin/%{name}-%{version}.tar.gz
Patch1: 0001-Add-quoting-around-parameter-when-calling-external-m.patch
+Patch2: 0001-bin2s-Mark-stack-as-non-executable.patch
BuildRequires: /usr/bin/pod2man
BuildRequires: rpm
@@ -20,9 +21,6 @@ BuildRequires: /usr/sbin/mke2fs
BuildRequires: e2fsprogs-devel
BuildRequires: glibc-static, zlib-static
BuildRequires: ocaml, ocaml-findlib-devel
-%ifnarch aarch64
-BuildRequires: /usr/bin/execstack
-%endif
# These are required only to run the tests. We could patch out the
# tests to not require these packages.
@@ -55,6 +53,7 @@ second when you need to boot one of them.
%setup -q
%patch1 -p1
+%patch2 -p1
%build
@@ -65,15 +64,6 @@ make
%install
make DESTDIR=$RPM_BUILD_ROOT install
-# supermin is marked as requiring an executable stack. This happens
-# because we use objcopy to create one of the component object files
-# from a data file. The program does not in fact require an
-# executable stack. The easiest way to fix this is to clear the flag
-# here.
-%ifnarch aarch64
-execstack -c $RPM_BUILD_ROOT%{_bindir}/supermin
-%endif
-
%check
make check || {
@@ -89,6 +79,9 @@ make check || {
%changelog
+* Thu May 1 2014 Richard W.M. Jones <rjones at redhat.com> - 5.1.7-3
+- Add upstream patch which removes need to run execstack (RHBZ#1093261).
+
* Mon Apr 7 2014 Richard W.M. Jones <rjones at redhat.com> - 5.1.7-2
- Add patch to fix quoting around mke2fs parameter (RHBZ#1084960).
More information about the scm-commits
mailing list