diff --git a/0001-Set-fPIC-and-pie-as-default-params-when-building.patch b/0001-Set-fPIC-and-pie-as-default-params-when-building.patch new file mode 100644 index 0000000..8cb4d74 --- /dev/null +++ b/0001-Set-fPIC-and-pie-as-default-params-when-building.patch @@ -0,0 +1,36 @@ +From add4f4954adc27ad7b2a698a1d3ac0fcd981602a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= +Date: Tue, 5 Jan 2016 11:20:52 +0100 +Subject: [PATCH] Set -fPIC and -pie as default params when building + +--- + Makefile.am | 1 + + configure.ac | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 7c7a866..77f8400 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,4 +1,5 @@ + ACLOCAL_AMFLAGS = -I m4 ++AM_LDFLAGS = -pie + + BUILT_SOURCES = rquota.h rquota.c rquota_clnt.c + +diff --git a/configure.ac b/configure.ac +index cb33781..489c281 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -53,7 +53,7 @@ AS_IF([test "x${prefix}" = "xNONE"], [ + # ================ + # Check for cflags + # ================ +-CFLAGS="$CFLAGS -D_GNU_SOURCE -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" ++CFLAGS="$CFLAGS -D_GNU_SOURCE -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC" + AC_ARG_ENABLE([werror], + [AS_HELP_STRING([--enable-werror], [Treat all warnings as errors, useful for development])], + [enable_werror="$enableval"], +-- +2.6.4 + diff --git a/quota.changes b/quota.changes index 95c5a47..7c4114c 100644 --- a/quota.changes +++ b/quota.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jan 5 10:23:28 UTC 2016 - tchvatal@suse.com + +- Add patch to set variables upstream rather than in spec: + * 0001-Set-fPIC-and-pie-as-default-params-when-building.patch + ------------------------------------------------------------------- Mon Jan 4 15:07:35 UTC 2016 - tchvatal@suse.com diff --git a/quota.spec b/quota.spec index c8d85fe..bbcac6a 100644 --- a/quota.spec +++ b/quota.spec @@ -29,7 +29,11 @@ Source0: %{name}-%{version}.tar.gz Source1: sysconfig.nfs-quota Source2: quotad.service Source3: quotad_env.sh +# PATCH-FIX-UPSTREAM Add pic and pie hardening to build +Patch1: 0001-Set-fPIC-and-pie-as-default-params-when-building.patch Patch2: %{name}-4.01-warnquota.patch +# needed for Patch1 +BuildRequires: automake BuildRequires: dbus-1-devel BuildRequires: e2fsprogs-devel BuildRequires: pkg-config @@ -61,11 +65,11 @@ The quotad init script, which provides quota support on NFS mounts. %prep %setup -q +%patch1 -p1 %patch2 %build -export CFLAGS="%{optflags} -fPIE" -export LDFLAGS="-pie" +autoreconf -fvi %configure \ --docdir=%{_docdir}/%{name} \ --disable-silent-rules \