diff --git a/uwsgi-ld-noexecstack.patch b/uwsgi-ld-noexecstack.patch new file mode 100644 index 0000000..60520f3 --- /dev/null +++ b/uwsgi-ld-noexecstack.patch @@ -0,0 +1,49 @@ +diff --git a/uwsgiconfig.py b/uwsgiconfig.py +index 9998bc5..abb44e4 100644 +--- a/uwsgiconfig.py ++++ b/uwsgiconfig.py +@@ -539,7 +539,7 @@ def build_uwsgi(uc, print_only=False, gcll=None): + gcc_list.append('%s/%s' % (path, cfile)) + for bfile in up.get('BINARY_LIST', []): + try: +- binary_link_cmd = "ld -r -b binary -o %s/%s.o %s/%s" % (path, bfile[1], path, bfile[1]) ++ binary_link_cmd = "ld -z noexecstack -r -b binary -o %s/%s.o %s/%s" % (path, bfile[1], path, bfile[1]) + print(binary_link_cmd) + if os.system(binary_link_cmd) != 0: + raise Exception('unable to link binary file') +@@ -1146,7 +1146,7 @@ class uConf(object): + if not self.embed_config: + self.embed_config = self.get('embed_config') + if self.embed_config: +- binary_link_cmd = "ld -r -b binary -o %s.o %s" % (binarize(self.embed_config), self.embed_config) ++ binary_link_cmd = "ld -z noexecstack -r -b binary -o %s.o %s" % (binarize(self.embed_config), self.embed_config) + print(binary_link_cmd) + os.system(binary_link_cmd) + self.cflags.append("-DUWSGI_EMBED_CONFIG=_binary_%s_start" % binarize(self.embed_config)) +@@ -1165,7 +1165,7 @@ class uConf(object): + for directory, directories, files in os.walk(ef): + for f in files: + fname = "%s/%s" % (directory, f) +- binary_link_cmd = "ld -r -b binary -o %s.o %s" % (binarize(fname), fname) ++ binary_link_cmd = "ld -z noexecstack -r -b binary -o %s.o %s" % (binarize(fname), fname) + print(binary_link_cmd) + os.system(binary_link_cmd) + if symbase: +@@ -1175,7 +1175,7 @@ class uConf(object): + os.system(objcopy_cmd) + binary_list.append(binarize(fname)) + else: +- binary_link_cmd = "ld -r -b binary -o %s.o %s" % (binarize(ef), ef) ++ binary_link_cmd = "ld -z noexecstack -r -b binary -o %s.o %s" % (binarize(ef), ef) + print(binary_link_cmd) + os.system(binary_link_cmd) + binary_list.append(binarize(ef)) +@@ -1465,7 +1465,7 @@ def build_plugin(path, uc, cflags, ldflags, libs, name = None): + gcc_list.append(path + '/' + cfile) + for bfile in up.get('BINARY_LIST', []): + try: +- binary_link_cmd = "ld -r -b binary -o %s/%s.o %s/%s" % (path, bfile[1], path, bfile[1]) ++ binary_link_cmd = "ld -z noexecstack -r -b binary -o %s/%s.o %s/%s" % (path, bfile[1], path, bfile[1]) + print(binary_link_cmd) + if os.system(binary_link_cmd) != 0: + raise Exception('unable to link binary file') diff --git a/uwsgi.changes b/uwsgi.changes index a963b6a..b79a7ba 100644 --- a/uwsgi.changes +++ b/uwsgi.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu May 12 07:28:54 UTC 2022 - Martin Liška + +- Add uwsgi-ld-noexecstack.patch in order to fix gh#unbit/uwsgi#2436. + ------------------------------------------------------------------- Sun Dec 5 14:20:26 UTC 2021 - Michael Ströder diff --git a/uwsgi.spec b/uwsgi.spec index 6ad0c0e..03db49c 100644 --- a/uwsgi.spec +++ b/uwsgi.spec @@ -1,7 +1,7 @@ # # spec file for package uwsgi # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -43,6 +43,8 @@ Patch2: uwsgi-1.9.13-objc_gc-no-fobjc-gc.patch Patch3: uwsgi-1.9.11-systemd_logger-old_systemd.patch # PATCH-FIX-OPENSUSE uwsgi-2.0.18-postgresql-config.patch - Use pkg-config instead of pg_config Patch4: uwsgi-2.0.18-postgresql-config.patch +# PATCH-FIX-UPSTREAM uwsgi-ld-noexecstack.patch - Do not create executable stack +Patch5: uwsgi-ld-noexecstack.patch BuildRequires: apache-rpm-macros %if 0%{suse_version} < 1500 BuildRequires: apache2-devel @@ -397,6 +399,7 @@ This package contains support for PHP version 7. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 # Generate a config that builds all plugins except for examples and stuff we # can't satisfy the requirements for or are just broken excluded_plugins=""