From 01f96238f698e18d01095e3b178126cc67148b28 Mon Sep 17 00:00:00 2001
From: veega2022 <zhuweijia@huawei.com>
Date: Wed, 14 Dec 2022 13:59:42 +0800
Subject: [PATCH] fix compiler security option problem

add compiler option -g -pie -FPIE -Wall
and link option -Wl,-z,relro,-z,now -Wl,-z,noexecstack

Signed-off-by: veega2022 <zhuweijia@huawei.com>
---
 ...fix-compiler-security-option-problem.patch | 39 +++++++++++++++++++
 hikptool.spec                                 |  8 ++--
 2 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 0002-fix-compiler-security-option-problem.patch

diff --git a/0002-fix-compiler-security-option-problem.patch b/0002-fix-compiler-security-option-problem.patch
new file mode 100644
index 0000000..6a96cfd
--- /dev/null
+++ b/0002-fix-compiler-security-option-problem.patch
@@ -0,0 +1,39 @@
+From 0a4e7eb4cb35e126e9ca6e8e1f8f4282a008d0d2 Mon Sep 17 00:00:00 2001
+From: veega2022 <zhuweijia@huawei.com>
+Date: Tue, 13 Dec 2022 21:32:52 +0800
+Subject: [PATCH] fix compiler security option problem
+
+add compiler option -pie -fPIE, -Wl,-z,relro,-z,now
+and disable rpath
+
+Signed-off-by: veega2022 <zhuweijia@huawei.com>
+---
+ CMakeLists.txt | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 1d79a31..c697edf 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -11,6 +11,9 @@
+ 
+ project(hikptool C)
+ 
++set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 -pie -fPIE -Wall")
++set(CMAKE_SKIP_RPATH TRUE)
++
+ macro(get_header_dir_recurse HEADER_DIR_LIST)
+     file(GLOB_RECURSE HEADER_LIST *.h)
+     set(DIR_LIST "")
+@@ -40,5 +43,7 @@ get_header_dir_recurse(HIKPTOOL_HEADER_DIR)
+ target_include_directories(hikptool PRIVATE ${HIKPTOOL_HEADER_DIR})
+ target_link_directories(hikptool PRIVATE ${CMAKE_INSTALL_PREFIX}/lib)
+ target_link_libraries(hikptool PRIVATE KPTDEV_SO)
+-target_link_options(hikptool PRIVATE -g -lpthread -ldl -lm -lrt -T ${CMAKE_CURRENT_SOURCE_DIR}/hikp_register.ld)
++target_link_options(hikptool PRIVATE
++	-Wl,-z,relro,-z,now -Wl,-z,noexecstack	
++	-g -lpthread -ldl -lm -lrt -T ${CMAKE_CURRENT_SOURCE_DIR}/hikp_register.ld)
+ install(TARGETS hikptool RUNTIME DESTINATION bin OPTIONAL)
+-- 
+2.33.0
+
diff --git a/hikptool.spec b/hikptool.spec
index 22658c2..792f5e5 100644
--- a/hikptool.spec
+++ b/hikptool.spec
@@ -1,9 +1,7 @@
-%global debug_package %{nil}
-
 Name:          hikptool
 Summary:       A userspace tool for Linux providing problem location on Kunpeng chips
 Version:       1.0.0
-Release:       6
+Release:       7
 License:       MulanPSL2
 Source:        %{name}-%{version}.tar.gz
 ExclusiveOS:   linux
@@ -17,6 +15,7 @@ Requires:      glibc
 ExclusiveArch: aarch64
 
 Patch0001:     0001-socip-Return-EINVAL-when-the-parameter-check-fails.patch
+Patch0002:     0002-fix-compiler-security-option-problem.patch
 
 %description
 This package contains the hikptool
@@ -69,6 +68,9 @@ fi
 /sbin/ldconfig
 
 %changelog
+* Tue Dec 13 2022 veega2022 <zhuweijia@huawei.com> 1.0.0-7
+- fix compiler security option problem
+
 * Mon Dec 12 2022 veega2022 <zhuweijia@huawei.com> 1.0.0-6
 - Add socip patch for fix return -EINVAL when the parameter check fails
 
-- 
Gitee