From cc633b001822e59e3a9ff5b5869813d47bd133a9 Mon Sep 17 00:00:00 2001 From: snoweay Date: Wed, 21 Dec 2022 02:56:13 +0000 Subject: [PATCH] Add safety compile options Becaues of the foolish usage of gcc_secure, those safety options was added by OBS with gcc_secure, without our knowing it. Especially, gcc_secure does this by change gcc to a shell script, and hide the true gcc. This makes a huge amount of confusion for developers and users. So we add these options '-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -fsigned-char' directly to nginx.spec. After this, we can confirm the compile options' consistency with or without gcc_secure. Signed-off-by: snoweay (cherry picked from commit bb0a157ddfef4c1f5f1baa276392f0aae46feddb) --- nginx.spec | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/nginx.spec b/nginx.spec index 477c11c..7c829da 100644 --- a/nginx.spec +++ b/nginx.spec @@ -17,7 +17,7 @@ Name: nginx Epoch: 1 Version: 1.21.5 -Release: 4 +Release: 5 Summary: A HTTP server, reverse proxy and mail proxy server License: BSD URL: http://nginx.org/ @@ -161,7 +161,8 @@ mv ../%{name}-%{version}-%{release}-src . %build export DESTDIR=%{buildroot} -nginx_ldopts="$RPM_LD_FLAGS -Wl,-E" +nginx_ldopts="$RPM_LD_FLAGS -Wl,-E -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack" +nginx_ccopts="-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wtrampolines -fsigned-char" if ! ./configure \ --prefix=%{_datadir}/nginx --sbin-path=%{_sbindir}/nginx --modules-path=%{_libdir}/nginx/modules \ --conf-path=%{_sysconfdir}/nginx/nginx.conf --error-log-path=%{_localstatedir}/log/nginx/error.log \ @@ -187,7 +188,7 @@ if ! ./configure \ --with-http_perl_module=dynamic --with-http_auth_request_module \ --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic \ --with-stream_ssl_module --with-google_perftools_module --with-debug \ - --with-cc-opt="%{optflags} $(pcre2-config --cflags)" --with-ld-opt="$nginx_ldopts"; then + --with-cc-opt="%{optflags} $(pcre2-config --cflags) $nginx_ccopts" --with-ld-opt="$nginx_ldopts"; then : configure failed cat objs/autoconf.err exit 1 @@ -387,6 +388,9 @@ fi %{_mandir}/man8/nginx.8* %changelog +* Wed Dec 21 2022 snoweay - 1:1.21.5-5 +- add safety compile options + * Thu Nov 24 2022 zhouyihang - 1:1.21.5-4 - add package mod-devel -- Gitee