Hi,

the attached patches fix <https://fedorahosted.org/freeipa/ticket/3896>.

Patch 207 should fix build failures some of you were having after hardenening was enabled in the spec file.

Honza

--
Jan Cholasta
>From 749622ddeaf5f918c00b222304159c36d8ddedfe Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Wed, 4 Dec 2013 18:37:18 +0100
Subject: [PATCH 1/4] Prefer user CFLAGS/CPPFLAGS over those provided by
 rpmbuild in the spec file.

https://fedorahosted.org/freeipa/ticket/3896
---
 freeipa.spec.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 08c82f2..fa382b0 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -320,8 +320,8 @@ This package contains tests that verify IPA functionality.
 %setup -n freeipa-%{version} -q
 
 %build
-export CFLAGS="$CFLAGS %{optflags}"
-export CPPFLAGS="$CPPFLAGS %{optflags}"
+export CFLAGS="%{optflags} $CFLAGS"
+export CPPFLAGS="%{optflags} $CPPFLAGS"
 %if 0%{?fedora} >= 19
 export SUPPORTED_PLATFORM=fedora19
 %else
-- 
1.8.4.2

>From 00f719e9b678825d6fc7f0902d616f56346c5bd7 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Wed, 4 Dec 2013 18:39:44 +0100
Subject: [PATCH 2/4] Include LDFLAGS provided by rpmbuild in global LDFLAGS in
 the spec file.

Remove explicitly specified hardening flags from LDFLAGS in ipa-otpd.

https://fedorahosted.org/freeipa/ticket/3896
---
 daemons/ipa-otpd/Makefile.am | 2 +-
 freeipa.spec.in              | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/daemons/ipa-otpd/Makefile.am b/daemons/ipa-otpd/Makefile.am
index f0b7528..ed99c3e 100644
--- a/daemons/ipa-otpd/Makefile.am
+++ b/daemons/ipa-otpd/Makefile.am
@@ -1,5 +1,5 @@
 AM_CFLAGS := $(CFLAGS) @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@
-AM_LDFLAGS := $(LDFLAGS) @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@ -pie -Wl,-z,relro -Wl,-z,now
+AM_LDFLAGS := $(LDFLAGS) @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@
 
 noinst_HEADERS = internal.h
 libexec_PROGRAMS = ipa-otpd
diff --git a/freeipa.spec.in b/freeipa.spec.in
index fa382b0..2a4d8fc 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -322,6 +322,7 @@ This package contains tests that verify IPA functionality.
 %build
 export CFLAGS="%{optflags} $CFLAGS"
 export CPPFLAGS="%{optflags} $CPPFLAGS"
+export LDFLAGS="%{__global_ldflags} $LDFLAGS"
 %if 0%{?fedora} >= 19
 export SUPPORTED_PLATFORM=fedora19
 %else
-- 
1.8.4.2

>From ffcef966b54fab5965a993122f3ae105d84e91e7 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Wed, 4 Dec 2013 18:42:36 +0100
Subject: [PATCH 3/4] Add stricter default CFLAGS to Makefile.

https://fedorahosted.org/freeipa/ticket/3896
---
 Makefile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Makefile b/Makefile
index 0664ddd..a722634 100644
--- a/Makefile
+++ b/Makefile
@@ -52,6 +52,9 @@ endif
 
 PYTHON ?= $(shell rpm -E %__python || echo /usr/bin/python)
 
+CFLAGS := -g -O2 -Werror -Wall -Wextra -Wformat-security -Wno-unused-parameter -Wno-sign-compare -Wno-missing-field-initializers $(CFLAGS)
+export CFLAGS
+
 all: bootstrap-autogen server tests
 	@for subdir in $(SUBDIRS); do \
 		(cd $$subdir && $(MAKE) $@) || exit 1; \
-- 
1.8.4.2

>From a42a0fe6fdaa1cf3f777633977594d68428ded49 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Wed, 4 Dec 2013 18:43:20 +0100
Subject: [PATCH 4/4] Fix compilation error in ipa-cldap.

https://fedorahosted.org/freeipa/ticket/3896
---
 daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap.c b/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap.c
index fb63c9c..363c337 100644
--- a/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap.c
+++ b/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap.c
@@ -82,7 +82,11 @@ static int ipa_cldap_stop(Slapi_PBlock *pb)
     }
 
     /* send stop signal to terminate worker thread */
-    write(ctx->stopfd[1], "", 1);
+    ret = write(ctx->stopfd[1], "", 1);
+    if (ret == -1) {
+        LOG_FATAL("Failed to signal worker thread\n");
+        return -1;
+    }
     close(ctx->stopfd[1]);
 
     ret = pthread_join(ctx->tid, &retval);
-- 
1.8.4.2

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to