diff --git a/dhcp-4.2.2-PIE-RELRO.patch b/dhcp-4.2.2-PIE-RELRO.patch deleted file mode 100644 index eb7ae4b..0000000 --- a/dhcp-4.2.2-PIE-RELRO.patch +++ /dev/null @@ -1,92 +0,0 @@ -diff -up dhcp-4.2.2b1/bind/Makefile.PIE-RELRO dhcp-4.2.2b1/bind/Makefile ---- dhcp-4.2.2b1/bind/Makefile.PIE-RELRO 2011-06-27 23:43:09.000000000 +0200 -+++ dhcp-4.2.2b1/bind/Makefile 2011-07-01 15:13:40.605394073 +0200 -@@ -45,7 +45,7 @@ all: - # Currently disable the epoll and devpoll options as they don't interact - # well with the DHCP code. - @echo Configuring BIND Export libraries for DHCP. -- @(cd ${bindsrcdir} && ./configure --disable-kqueue --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib --with-gssapi=no > ${binddir}/configure.log) -+ @(cd ${bindsrcdir} && ./configure --disable-kqueue --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib --with-gssapi=no --with-libtool --with-pic --disable-shared > ${binddir}/configure.log) - - # Build the export libraries - @echo Building BIND Export libraries - this takes some time. -diff -up dhcp-4.2.2b1/client/Makefile.am.PIE-RELRO dhcp-4.2.2b1/client/Makefile.am ---- dhcp-4.2.2b1/client/Makefile.am.PIE-RELRO 2011-07-01 15:13:40.554394544 +0200 -+++ dhcp-4.2.2b1/client/Makefile.am 2011-07-01 15:13:40.606394064 +0200 -@@ -4,15 +4,11 @@ dhclient_SOURCES = clparse.c dhclient.c - scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ - scripts/netbsd scripts/nextstep scripts/openbsd \ - scripts/solaris scripts/openwrt -+dhclient_CPPFLAGS = -DCLIENT_PATH='"$(sbindir)"' -DLOCALSTATEDIR='"$(localstatedir)"' -+dhclient_CFLAGS = -fpie - dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ - $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD) -+dhclient_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now -+ - man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 - EXTRA_DIST = $(man_MANS) -- --dhclient.o: dhclient.c -- $(COMPILE) -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \ -- -DLOCALSTATEDIR='"$(localstatedir)"' -c dhclient.c -- --dhc6.o: dhc6.c -- $(COMPILE) -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \ -- -DLOCALSTATEDIR='"$(localstatedir)"' -c dhc6.c -diff -up dhcp-4.2.2b1/common/Makefile.am.PIE-RELRO dhcp-4.2.2b1/common/Makefile.am ---- dhcp-4.2.2b1/common/Makefile.am.PIE-RELRO 2011-02-18 19:44:42.000000000 +0100 -+++ dhcp-4.2.2b1/common/Makefile.am 2011-07-01 15:13:40.606394064 +0200 -@@ -1,5 +1,5 @@ - AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"' --AM_CFLAGS = $(LDAP_CFLAGS) -+AM_CFLAGS = $(LDAP_CFLAGS) -fpic - - noinst_LIBRARIES = libdhcp.a - libdhcp_a_SOURCES = alloc.c bpf.c comapi.c conflex.c ctrace.c discover.c \ -diff -up dhcp-4.2.2b1/omapip/Makefile.am.PIE-RELRO dhcp-4.2.2b1/omapip/Makefile.am ---- dhcp-4.2.2b1/omapip/Makefile.am.PIE-RELRO 2011-07-01 15:13:40.425395732 +0200 -+++ dhcp-4.2.2b1/omapip/Makefile.am 2011-07-01 15:13:40.606394064 +0200 -@@ -1,3 +1,5 @@ -+AM_CFLAGS = -fpic -+ - lib_LIBRARIES = libomapi.a - noinst_PROGRAMS = svtest - -@@ -10,5 +12,6 @@ man_MANS = omapi.3 - EXTRA_DIST = $(man_MANS) - - svtest_SOURCES = test.c -+svtest_CFLAGS = -fpie - svtest_LDADD = libomapi.a $(BIND9_LIBDIR) -ldns-export -lisc-export - -diff -up dhcp-4.2.2b1/relay/Makefile.am.PIE-RELRO dhcp-4.2.2b1/relay/Makefile.am ---- dhcp-4.2.2b1/relay/Makefile.am.PIE-RELRO 2011-07-01 15:13:40.000000000 +0200 -+++ dhcp-4.2.2b1/relay/Makefile.am 2011-07-01 15:14:16.178059890 +0200 -@@ -2,8 +2,11 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst - - sbin_PROGRAMS = dhcrelay - dhcrelay_SOURCES = dhcrelay.c -+dhcrelay_CFLAGS = -fpie - dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ - $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD) -+dhcrelay_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now -+ - man_MANS = dhcrelay.8 - EXTRA_DIST = $(man_MANS) - -diff -up dhcp-4.2.2b1/server/Makefile.am.PIE-RELRO dhcp-4.2.2b1/server/Makefile.am ---- dhcp-4.2.2b1/server/Makefile.am.PIE-RELRO 2011-07-01 15:13:40.000000000 +0200 -+++ dhcp-4.2.2b1/server/Makefile.am 2011-07-01 15:14:50.248728082 +0200 -@@ -6,10 +6,11 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c - omapi.c mdb.c stables.c salloc.c ddns.c dhcpleasequery.c \ - dhcpv6.c mdb6.c ldap.c ldap_casa.c - --dhcpd_CFLAGS = $(LDAP_CFLAGS) -+dhcpd_CFLAGS = $(LDAP_CFLAGS) -fpie - dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ - ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export \ - $(CAPNG_LDADD) -+dhcpd_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now - - man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 - EXTRA_DIST = $(man_MANS) diff --git a/dhcp.spec b/dhcp.spec index 0550c45..9a25318 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -1,6 +1,9 @@ # vendor string (e.g., Fedora, EL) %global vvendor Fedora +#http://lists.fedoraproject.org/pipermail/devel/2011-August/155358.html +%global _hardened_build 1 + # Where dhcp configuration files are stored %global dhcpconfdir %{_sysconfdir}/dhcp @@ -16,7 +19,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.2.2 -Release: 5%{?dist} +Release: 6%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -60,7 +63,6 @@ Patch21: dhcp-4.2.0-UseMulticast.patch Patch22: dhcp-4.2.1-sendDecline.patch Patch23: dhcp-4.2.1-retransmission.patch Patch25: dhcp-4.2.2-rfc3442-classless-static-routes.patch -Patch26: dhcp-4.2.2-PIE-RELRO.patch Patch27: dhcp-4.2.0-honor-expired.patch Patch28: dhcp-4.2.0-noprefixavail.patch Patch29: dhcp420-rh637017.patch @@ -279,9 +281,6 @@ rm bind/bind.tar.gz # RFC 3442 - Classless Static Route Option for DHCPv4 (#516325) %patch25 -p1 -b .rfc3442 -# hardening dhcpd/dhcrelay/dhclient by making them PIE & RELRO -%patch26 -p1 -b .PIE-RELRO - # check whether there is any unexpired address in previous lease # prior to confirming (INIT-REBOOT) the lease (#585418) # (Submitted to dhcp-suggest@isc.org - [ISC-Bugs #22675]) @@ -308,16 +307,6 @@ rm bind/bind.tar.gz %{__install} -p -m 0755 %{SOURCE4} client/scripts/linux %{__install} -p -m 0644 %{SOURCE5} . -# Sparc and s390 arches need to use -fPIE/-fPIC -%ifarch sparcv9 sparc64 s390 s390x -for i in {client,relay,server,omapip}/Makefile.am; do - %{__sed} -i 's|fpie|fPIE|g' $i -done -for i in {common,omapip}/Makefile.am; do - %{__sed} -i 's|fpic|fPIC|g' $i -done -%endif - pushd contrib %{__chmod} -x 3.0b1-lease-convert dhclient-tz-exithook.sh ldap/dhcpd-conf-to-ldap %{__chmod} -x sethostname.sh solaris.init @@ -472,7 +461,7 @@ find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';'; getent group dhcpd >/dev/null || groupadd --system dhcpd getent passwd dhcpd >/dev/null || \ useradd --system --gid dhcpd \ - --home /var/lib/dhcpd --shell /sbin/nologin \ + --home / --shell /sbin/nologin \ --comment "DHCP server" dhcpd exit 0 @@ -639,6 +628,9 @@ fi %{_initddir}/dhcrelay %changelog +* Fri Sep 09 2011 Jiri Popelka - 12:4.2.2-6 +- PIE-RELRO.patch is not needed anymore, defining _hardened_build does the same + * Fri Sep 09 2011 Adam Tkac - 12:4.2.2-5 - rebuild against new bind diff --git a/dhcp420-sharedlib.patch b/dhcp420-sharedlib.patch index 749bef6..74fe9f1 100644 --- a/dhcp420-sharedlib.patch +++ b/dhcp420-sharedlib.patch @@ -1,18 +1,18 @@ -diff -up dhcp-4.2.1-P1/client/Makefile.am.sharedlib dhcp-4.2.1-P1/client/Makefile.am ---- dhcp-4.2.1-P1/client/Makefile.am.sharedlib 2011-06-30 17:04:29.476676590 +0200 -+++ dhcp-4.2.1-P1/client/Makefile.am 2011-06-30 17:04:29.488676414 +0200 -@@ -6,7 +6,7 @@ dhclient_SOURCES = clparse.c dhclient.c +diff -up dhcp-4.2.2/client/Makefile.am.sharedlib dhcp-4.2.2/client/Makefile.am +--- dhcp-4.2.2/client/Makefile.am.sharedlib 2011-09-09 16:35:56.000000000 +0200 ++++ dhcp-4.2.2/client/Makefile.am 2011-09-09 16:36:29.849007951 +0200 +@@ -4,7 +4,7 @@ dhclient_SOURCES = clparse.c dhclient.c + scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ + scripts/netbsd scripts/nextstep scripts/openbsd \ scripts/solaris scripts/openwrt - dhclient_CPPFLAGS = -DCLIENT_PATH='"$(sbindir)"' -DLOCALSTATEDIR='"$(localstatedir)"' - dhclient_CFLAGS = -fpie -dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ +dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD) - dhclient_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now - -diff -up dhcp-4.2.1-P1/configure.ac.sharedlib dhcp-4.2.1-P1/configure.ac ---- dhcp-4.2.1-P1/configure.ac.sharedlib 2011-06-30 17:04:29.428677294 +0200 -+++ dhcp-4.2.1-P1/configure.ac 2011-06-30 17:04:29.707673194 +0200 + man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 + EXTRA_DIST = $(man_MANS) +diff -up dhcp-4.2.2/configure.ac.sharedlib dhcp-4.2.2/configure.ac +--- dhcp-4.2.2/configure.ac.sharedlib 2011-09-09 16:35:56.097000001 +0200 ++++ dhcp-4.2.2/configure.ac 2011-09-09 16:35:56.383000000 +0200 @@ -30,7 +30,8 @@ fi # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API. AC_USE_SYSTEM_EXTENSIONS @@ -23,9 +23,9 @@ diff -up dhcp-4.2.1-P1/configure.ac.sharedlib dhcp-4.2.1-P1/configure.ac AC_CONFIG_HEADERS([includes/config.h]) # we sometimes need to know byte order for building packets -diff -up dhcp-4.2.1-P1/dhcpctl/Makefile.am.sharedlib dhcp-4.2.1-P1/dhcpctl/Makefile.am ---- dhcp-4.2.1-P1/dhcpctl/Makefile.am.sharedlib 2011-06-30 17:04:29.311679013 +0200 -+++ dhcp-4.2.1-P1/dhcpctl/Makefile.am 2011-06-30 17:04:29.489676399 +0200 +diff -up dhcp-4.2.2/dhcpctl/Makefile.am.sharedlib dhcp-4.2.2/dhcpctl/Makefile.am +--- dhcp-4.2.2/dhcpctl/Makefile.am.sharedlib 2011-09-09 16:35:55.459000001 +0200 ++++ dhcp-4.2.2/dhcpctl/Makefile.am 2011-09-09 16:35:56.384000000 +0200 @@ -1,15 +1,15 @@ bin_PROGRAMS = omshell -lib_LIBRARIES = libdhcpctl.a @@ -46,9 +46,9 @@ diff -up dhcp-4.2.1-P1/dhcpctl/Makefile.am.sharedlib dhcp-4.2.1-P1/dhcpctl/Makef -cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ +cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ $(BIND9_LIBDIR) -ldns-export -lisc-export -diff -up dhcp-4.2.1-P1/dst/base64.c.sharedlib dhcp-4.2.1-P1/dst/base64.c ---- dhcp-4.2.1-P1/dst/base64.c.sharedlib 2009-11-20 02:49:01.000000000 +0100 -+++ dhcp-4.2.1-P1/dst/base64.c 2011-06-30 17:04:29.489676399 +0200 +diff -up dhcp-4.2.2/dst/base64.c.sharedlib dhcp-4.2.2/dst/base64.c +--- dhcp-4.2.2/dst/base64.c.sharedlib 2009-11-20 02:49:01.000000000 +0100 ++++ dhcp-4.2.2/dst/base64.c 2011-09-09 16:35:56.385000000 +0200 @@ -64,6 +64,7 @@ static const char rcsid[] = "$Id: base64 #include @@ -57,9 +57,9 @@ diff -up dhcp-4.2.1-P1/dst/base64.c.sharedlib dhcp-4.2.1-P1/dst/base64.c #include "cdefs.h" #include "osdep.h" #include "arpa/nameser.h" -diff -up dhcp-4.2.1-P1/dst/Makefile.am.sharedlib dhcp-4.2.1-P1/dst/Makefile.am ---- dhcp-4.2.1-P1/dst/Makefile.am.sharedlib 2007-05-29 18:32:10.000000000 +0200 -+++ dhcp-4.2.1-P1/dst/Makefile.am 2011-06-30 17:04:29.490676384 +0200 +diff -up dhcp-4.2.2/dst/Makefile.am.sharedlib dhcp-4.2.2/dst/Makefile.am +--- dhcp-4.2.2/dst/Makefile.am.sharedlib 2007-05-29 18:32:10.000000000 +0200 ++++ dhcp-4.2.2/dst/Makefile.am 2011-09-09 16:35:56.386000000 +0200 @@ -1,8 +1,8 @@ AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5 @@ -71,12 +71,10 @@ diff -up dhcp-4.2.1-P1/dst/Makefile.am.sharedlib dhcp-4.2.1-P1/dst/Makefile.am base64.c prandom.c EXTRA_DIST = dst_internal.h md5.h md5_locl.h -diff -up dhcp-4.2.1-P1/omapip/Makefile.am.sharedlib dhcp-4.2.1-P1/omapip/Makefile.am ---- dhcp-4.2.1-P1/omapip/Makefile.am.sharedlib 2011-06-30 17:04:29.477676575 +0200 -+++ dhcp-4.2.1-P1/omapip/Makefile.am 2011-06-30 17:04:29.490676384 +0200 -@@ -1,9 +1,9 @@ - AM_CFLAGS = -fpic - +diff -up dhcp-4.2.2/omapip/Makefile.am.sharedlib dhcp-4.2.2/omapip/Makefile.am +--- dhcp-4.2.2/omapip/Makefile.am.sharedlib 2011-09-09 16:35:55.000000000 +0200 ++++ dhcp-4.2.2/omapip/Makefile.am 2011-09-09 16:37:36.734000324 +0200 +@@ -1,7 +1,7 @@ -lib_LIBRARIES = libomapi.a +lib_LTLIBRARIES = libomapi.la noinst_PROGRAMS = svtest @@ -86,38 +84,36 @@ diff -up dhcp-4.2.1-P1/omapip/Makefile.am.sharedlib dhcp-4.2.1-P1/omapip/Makefil errwarn.c listener.c dispatch.c generic.c support.c \ handle.c message.c convert.c hash.c auth.c inet_addr.c \ array.c trace.c toisc.c iscprint.c isclib.c -@@ -13,5 +13,5 @@ EXTRA_DIST = $(man_MANS) +@@ -10,5 +10,5 @@ man_MANS = omapi.3 + EXTRA_DIST = $(man_MANS) svtest_SOURCES = test.c - svtest_CFLAGS = -fpie -svtest_LDADD = libomapi.a $(BIND9_LIBDIR) -ldns-export -lisc-export +svtest_LDADD = libomapi.la $(BIND9_LIBDIR) -ldns-export -lisc-export -diff -up dhcp-4.2.1-P1/relay/Makefile.am.sharedlib dhcp-4.2.1-P1/relay/Makefile.am ---- dhcp-4.2.1-P1/relay/Makefile.am.sharedlib 2011-06-30 17:04:29.478676560 +0200 -+++ dhcp-4.2.1-P1/relay/Makefile.am 2011-06-30 17:04:29.490676384 +0200 -@@ -3,7 +3,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst +diff -up dhcp-4.2.2/relay/Makefile.am.sharedlib dhcp-4.2.2/relay/Makefile.am +--- dhcp-4.2.2/relay/Makefile.am.sharedlib 2011-09-09 16:35:56.000000000 +0200 ++++ dhcp-4.2.2/relay/Makefile.am 2011-09-09 16:37:57.058019749 +0200 +@@ -2,7 +2,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst + sbin_PROGRAMS = dhcrelay dhcrelay_SOURCES = dhcrelay.c - dhcrelay_CFLAGS = -fpie -dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ +dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD) - dhcrelay_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now - -diff -up dhcp-4.2.1-P1/server/Makefile.am.sharedlib dhcp-4.2.1-P1/server/Makefile.am ---- dhcp-4.2.1-P1/server/Makefile.am.sharedlib 2011-06-30 17:04:29.478676560 +0200 -+++ dhcp-4.2.1-P1/server/Makefile.am 2011-06-30 17:06:32.831862566 +0200 -@@ -7,9 +7,9 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c + man_MANS = dhcrelay.8 + EXTRA_DIST = $(man_MANS) +diff -up dhcp-4.2.2/server/Makefile.am.sharedlib dhcp-4.2.2/server/Makefile.am +--- dhcp-4.2.2/server/Makefile.am.sharedlib 2011-09-09 16:35:56.000000000 +0200 ++++ dhcp-4.2.2/server/Makefile.am 2011-09-09 16:38:56.291004599 +0200 +@@ -7,8 +7,8 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c dhcpv6.c mdb6.c ldap.c ldap_casa.c - dhcpd_CFLAGS = $(LDAP_CFLAGS) -fpie + dhcpd_CFLAGS = $(LDAP_CFLAGS) -dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ - ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export \ -- $(CAPNG_LDADD) +dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ -+ ../dhcpctl/libdhcpctl.la $(BIND9_LIBDIR) \ -+ -ldns-export -lisc-export $(CAPNG_LDADD) - dhcpd_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now ++ ../dhcpctl/libdhcpctl.la $(BIND9_LIBDIR) -ldns-export -lisc-export \ + $(CAPNG_LDADD) man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5