diff --git a/redhat-rpm-config-9.1.0-strict-format.patch b/redhat-rpm-config-9.1.0-strict-format.patch new file mode 100644 index 0000000..7e2f05c --- /dev/null +++ b/redhat-rpm-config-9.1.0-strict-format.patch @@ -0,0 +1,13 @@ +diff --git a/macros b/macros +index cf59046..f24b2ec 100644 +--- a/macros ++++ b/macros +@@ -180,7 +180,7 @@ package or when debugging this package.\ + %_hardened_cflags %{?_hardened_build:%{_hardening_cflags}} + %_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}} + +-%__global_cflags -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches %{_hardened_cflags} ++%__global_cflags -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches %{_hardened_cflags} + %__global_ldflags -Wl,-z,relro %{_hardened_ldflags} + + # Use these macros to differentiate between RH and other KMP implementation(s). diff --git a/redhat-rpm-config.spec b/redhat-rpm-config.spec index 8ad8fa7..b722db5 100644 --- a/redhat-rpm-config.spec +++ b/redhat-rpm-config.spec @@ -1,7 +1,7 @@ Summary: Red Hat specific rpm configuration files Name: redhat-rpm-config Version: 9.1.0 -Release: 54%{?dist} +Release: 55%{?dist} # No version specified. License: GPL+ Group: Development/System @@ -68,6 +68,8 @@ Patch25: redhat-rpm-config-9.1.0-libtool-hardened-build.patch # Drop versioning on docdirs in Fedora 20+ # https://bugzilla.redhat.com/show_bug.cgi?id=986871 Patch26: redhat-rpm-config-9.1.0-unversioned-docdirs.patch +# Enable "-Werror=format-security" by default +Patch27: redhat-rpm-config-9.1.0-strict-format.patch %endif BuildArch: noarch @@ -114,6 +116,7 @@ Red Hat specific rpm configuration files. %patch26 -p1 %endif +%patch27 -p1 %build %install @@ -134,6 +137,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_sysconfdir}/rpm/* %changelog +* Wed Dec 18 2013 Dhiru Kholia - 9.1.0-55 +- Enable "-Werror=format-security" by default (#1043495) + * Wed Sep 04 2013 Karsten Hopp 9.1.0-54 - update config.sub with ppc64p7 support (from Fedora automake)