From a75cfdb4831a8f173503e077bb117b25c3c8e47aaea1bea57a677cd67aa92e18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Thu, 27 Sep 2018 07:41:36 +0000 Subject: [PATCH] - Add patch to add some linker hardening: * foma-harden-build.patch - Update to version 0.9.18+git20180511.bad2f09: * Various small fixes OBS-URL: https://build.opensuse.org/package/show/LibreOffice:Factory/foma?expand=0&rev=7 --- foma-0.9.18+git20170507.07bb944.tar.xz | 3 --- foma-0.9.18+git20180511.bad2f09.tar.xz | 3 +++ foma-harden-build.patch | 29 ++++++++++++++++++++++++++ foma.changes | 12 +++++++++++ foma.spec | 25 +++++++++++----------- 5 files changed, 57 insertions(+), 15 deletions(-) delete mode 100644 foma-0.9.18+git20170507.07bb944.tar.xz create mode 100644 foma-0.9.18+git20180511.bad2f09.tar.xz create mode 100644 foma-harden-build.patch diff --git a/foma-0.9.18+git20170507.07bb944.tar.xz b/foma-0.9.18+git20170507.07bb944.tar.xz deleted file mode 100644 index bb8c85b..0000000 --- a/foma-0.9.18+git20170507.07bb944.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2dbdd391a45d3733f7515f1ab4d8a62a96ce5ff8c57926d76fc186e4d5a0167e -size 135360 diff --git a/foma-0.9.18+git20180511.bad2f09.tar.xz b/foma-0.9.18+git20180511.bad2f09.tar.xz new file mode 100644 index 0000000..ea54a3b --- /dev/null +++ b/foma-0.9.18+git20180511.bad2f09.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:80855b348f534f9fb026b043d14e501d07b13c5edc1ea5ba52a1e9572c215fb4 +size 136220 diff --git a/foma-harden-build.patch b/foma-harden-build.patch new file mode 100644 index 0000000..74bbe29 --- /dev/null +++ b/foma-harden-build.patch @@ -0,0 +1,29 @@ +diff -Naur foma-0fa48dbacfe39509577ae6741054be7c05a19aac.orig/foma/Makefile foma-0fa48dbacfe39509577ae6741054be7c05a19aac/foma/Makefile +--- foma-0fa48dbacfe39509577ae6741054be7c05a19aac.orig/foma/Makefile 2015-06-13 19:50:43.000000000 +0300 ++++ foma-0fa48dbacfe39509577ae6741054be7c05a19aac/foma/Makefile 2018-08-05 13:48:07.836080649 +0300 +@@ -23,13 +23,13 @@ + all: libfoma foma flookup cgflookup + + foma: $(FOMAOBJS) $(LIBOBJS) +- $(CC) $(CFLAGS) $(FOMAOBJS) $(LIBOBJS) $(LDFLAGS) -o $@ ++ $(CC) $(CFLAGS) -pie -Wl,-z,now $(FOMAOBJS) $(LIBOBJS) $(LDFLAGS) -o $@ + + flookup: flookup.o libfoma +- $(CC) $(CFLAGS) flookup.o $(FLOOKUPLDFLAGS) -o $@ ++ $(CC) $(CFLAGS) -pie -Wl,-z,now flookup.o $(FLOOKUPLDFLAGS) -o $@ + + cgflookup: cgflookup.o libfoma +- $(CC) $(CFLAGS) cgflookup.o $(FLOOKUPLDFLAGS) -o $@ ++ $(CC) $(CFLAGS) -pie -Wl,-z,now cgflookup.o $(FLOOKUPLDFLAGS) -o $@ + + STATICLIB = libfoma.a + +@@ -68,7 +68,7 @@ + $(SHAREDLIBV): $(LIBOBJS) + $(AR) $(ARFLAGS) $(STATICLIB) $(LIBOBJS) + $(RANLIB) $(STATICLIB) +- $(CC) $(CFLAGS) -shared -Wl,$(DFLAG),$(SHAREDLIBM) -o $(SHAREDLIBV) $(LIBOBJS) $(LDFLAGS) ++ $(CC) $(CFLAGS) -shared -Wl,-z,now,$(DFLAG),$(SHAREDLIBM) -o $(SHAREDLIBV) $(LIBOBJS) $(LDFLAGS) + + install: foma libfoma + -@if [ ! -d $(exec_prefix) ]; then mkdir -p $(exec_prefix); fi diff --git a/foma.changes b/foma.changes index d089033..82460d0 100644 --- a/foma.changes +++ b/foma.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Thu Sep 27 07:28:30 UTC 2018 - Tomáš Chvátal + +- Add patch to add some linker hardening: + * foma-harden-build.patch + +------------------------------------------------------------------- +Thu Sep 27 06:32:24 UTC 2018 - tchvatal@suse.com + +- Update to version 0.9.18+git20180511.bad2f09: + * Various small fixes + ------------------------------------------------------------------- Wed May 17 09:33:31 UTC 2017 - tchvatal@suse.com diff --git a/foma.spec b/foma.spec index 7c1ddf8..a64ec8e 100644 --- a/foma.spec +++ b/foma.spec @@ -1,7 +1,7 @@ # # spec file for package foma # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,21 +12,23 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define libname libfoma0 Name: foma -Version: 0.9.18+git20170507.07bb944 +Version: 0.9.18+git20180511.bad2f09 Release: 0 Summary: Finite-state compiler and C library License: Apache-2.0 Group: Productivity/Text/Utilities -Url: https://fomafst.github.io/ +URL: https://fomafst.github.io/ # Source must be from git tarball has different license than git, no idea why Source0: foma-%{version}.tar.xz -BuildRequires: flex bison +Patch0: foma-harden-build.patch +BuildRequires: bison +BuildRequires: flex BuildRequires: ncurses-devel BuildRequires: pkgconfig BuildRequires: readline-devel @@ -61,12 +63,14 @@ Finite-state C library development files and headers for %{name}. %prep %setup -q -n %{name}-%{version}/%{name} +%patch0 -p2 +sed -i '/^CFLAGS/c\CFLAGS = %{optflags} -Wl,--as-needed -D_GNU_SOURCE -std=c99 -fvisibility=hidden -fPIC' Makefile +sed -i '/^LDFLAGS/c\LDFLAGS = -lreadline -lz -lreadline -fpic' Makefile +sed -i '/^FLOOKUPLDFLAGS/c\FLOOKUPLDFLAGS = libfoma.a -lz -fpic' Makefile %build # hand written Makefile that gets to be quite PITA -make -j1 \ - CFLAGS="%{optflags} -D_GNU_SOURCE -std=c99 -fPIC" \ - LDFLAGS="-lreadline -lz" +make -j1 %install %make_install \ @@ -78,20 +82,17 @@ rm -rf %{buildroot}%{_libdir}/*.a %postun -n %{libname} -p /sbin/ldconfig %files -%defattr(-,root,root) -%doc COPYING %{_bindir}/cgflookup %{_bindir}/flookup %{_bindir}/foma %files devel -%defattr(-,root,root) %{_includedir}/fomalib.h %{_includedir}/fomalibconf.h %{_libdir}/libfoma.so %files -n %{libname} -%defattr(-,root,root) +%license COPYING %{_libdir}/libfoma.so.* %changelog