diff --git a/SOURCES/at-3.1.13-makefile.patch b/SOURCES/at-3.1.13-makefile.patch index e429719..edcdff6 100644 --- a/SOURCES/at-3.1.13-makefile.patch +++ b/SOURCES/at-3.1.13-makefile.patch @@ -6,14 +6,14 @@ diff -up at-3.1.13/Makefile.in.make at-3.1.13/Makefile.in at: $(ATOBJECTS) - $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) -+ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB) ++ $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-z,now -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB) rm -f $(CLONES) $(LN_S) -f at atq $(LN_S) -f at atrm atd: $(RUNOBJECTS) - $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) -+ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB) ++ $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-z,now -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB) y.tab.c y.tab.h: parsetime.y $(YACC) -d parsetime.y diff --git a/SPECS/at.spec b/SPECS/at.spec index 95245bf..f6ea576 100644 --- a/SPECS/at.spec +++ b/SPECS/at.spec @@ -1,9 +1,10 @@ %bcond_without pam +%global _hardened_build 1 Summary: Job spooling tools Name: at Version: 3.1.13 -Release: 17%{?dist}.1 +Release: 20%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -189,7 +190,10 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0755,root,root) %{_initrddir}/atd %changelog -* Mon Oct 6 2014 Tomáš Mráz - 3.1.13-17.1 +* Mon Jun 22 2015 Tomáš Mráz - 3.1.13-20 +- build the package with hardening flags (PIE, full RELRO) + +* Fri Oct 3 2014 Tomáš Mráz - 3.1.13-18 - filter environment variables not acceptable in bash input * Fri Jan 24 2014 Daniel Mach - 3.1.13-17