commit 56dfec1918e77fc905d31ee63dc804f392a27174
Author: Jan Rękorajski <bagg...@pld-linux.org>
Date: Tue Oct 30 23:07:26 2018 +0100
- add macro to check ELF file for executable stack
(see https://www.openwall.com/lists/oss-security/2018/10/22/3 and
followup)
- up to 1.735
rpm-build-macros.spec | 4 ++--
rpm.macros | 25 +++++++++++++++++++++++++
2 files changed, 27 insertions(+), 2 deletions(-)
---
diff --git a/rpm-build-macros.spec b/rpm-build-macros.spec
index 239faa4..90b0fef 100644
--- a/rpm-build-macros.spec
+++ b/rpm-build-macros.spec
@@ -1,10 +1,10 @@
-%define rpm_macros_rev 1.734
+%define rpm_macros_rev 1.735
%define find_lang_rev 1.40
Summary: PLD Linux RPM build macros
Summary(pl.UTF-8): Makra do budowania pakietów RPM dla Linuksa PLD
Name: rpm-build-macros
Version: %{rpm_macros_rev}
-Release: 2
+Release: 1
License: GPL
Group: Development/Building
Source0: rpm.macros
diff --git a/rpm.macros b/rpm.macros
index 896c953..4baa339 100644
--- a/rpm.macros
+++ b/rpm.macros
@@ -745,6 +745,31 @@ __spec_install_post_check_so() { \
%{!?no_install_post_check_so:return $fail;} \
}; __spec_install_post_check_so }}
+#-----------------------------------------------------------------
+# Find all ELF files with executable stac. Warn and terminate if any found
+# (termination can be turned off by define).
+#%no_install_post_check_stackexec 1
+#%skip_post_check_stackexec libwithexecstackok.so.*
+#
+# NOTE: define skip_post_check_stackexec only if such program or library
+# really requires executable stack and always leave a comment why
+# it is required:
+# # Programs full of nested functions that cannot be fixed
+# %define skip_post_check_execstack /bin/foo libwithexecstack.so.*
+#
+%__spec_install_post_check_execstack { \
+__spec_install_post_check_execstack() { \
+%{!?debug:set +x;} \
+ fail=0; \
+ printf "Searching for ELF programs with executable stack..."; \
+ for f in $(find $RPM_BUILD_ROOT -type f -print) ; do \
+ LC_ALL=C readelf -lW $f 2>/dev/null | \
+ LC_ALL=C awk -v "file=$f" 'BEGIN { found=0; } /GNU_STACK/ { if
($7 ~ "E") { found=1 } } END { if (found) { print "\nExecutable stack found in:
" file; %{?skip_post_check_execstack:split("%{skip_post_check_execstack}", R);
for (i=1; i in R; i++) { if (file ~ "(^|/)" R[i] "$") { print "File marked with
skip_post_check_execstack, ignoring errors.\n"; exit(0); } } } exit(1); } }' ||
fail=1 ; \
+ done ; \
+ echo " DONE"; \
+ %{!?no_install_post_check_execstack:return $fail;} \
+}; __spec_install_post_check_execstack }}
+
#-----------------------------------------------------------------
# Verify that for each directory under /var/run package contains
# tmpfiles.d configuration. Warn and terminate build if config is
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/rpm-build-macros.git/commitdiff/56dfec1918e77fc905d31ee63dc804f392a27174
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
