From 7234c8b839c51ed8c393bc92ebbb5f0b1caacbd5 Mon Sep 17 00:00:00 2001
From: sherlock2010 <15151851377@163.com>
Date: Tue, 21 Oct 2025 14:21:39 +0800
Subject: [PATCH] add secure compilation options for tools

(cherry picked from commit 6c8c7ddda548d2b69a919e6e890deab92d5371a7)
---
 ...secure-compilation-options-for-tools.patch | 53 +++++++++++++++++++
 xorg-x11-drv-intel.spec                       |  9 +++-
 2 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100644 add-secure-compilation-options-for-tools.patch

diff --git a/add-secure-compilation-options-for-tools.patch b/add-secure-compilation-options-for-tools.patch
new file mode 100644
index 0000000..014cd5a
--- /dev/null
+++ b/add-secure-compilation-options-for-tools.patch
@@ -0,0 +1,53 @@
+From d5883f71ac62c25f606d113c7b40a20ac872b482 Mon Sep 17 00:00:00 2001
+From: zhouyihang <zhouyihang3@h-partners.com>
+Date: Tue, 21 Oct 2025 14:17:25 +0800
+Subject: [PATCH] add secure compilation options for tools
+
+---
+ tools/Makefile.am | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/tools/Makefile.am b/tools/Makefile.am
+index 92df266..9d4feed 100644
+--- a/tools/Makefile.am
++++ b/tools/Makefile.am
+@@ -18,9 +18,11 @@
+ #  IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ #  CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ 
++SEC_CFLAGS = -Wl,-z,now -fPIE -pie
+ AM_CFLAGS = \
+ 	@CWARNFLAGS@ \
+ 	@NOWARNFLAGS@ \
++	$(SEC_CFLAGS) \
+ 	$(NULL)
+ 
+ drivermandir = $(DRIVER_MAN_DIR)
+@@ -37,14 +39,14 @@ endif
+ 
+ if BUILD_TOOL_CURSOR
+ noinst_PROGRAMS += cursor
+-cursor_CFLAGS = $(TOOL_CURSOR_CFLAGS)
++cursor_CFLAGS = $(TOOL_CURSOR_CFLAGS) $(SEC_CFLAGS)
+ cursor_LDADD = $(TOOL_CURSOR_LIBS)
+ endif
+ 
+ if X11_DRI3
+ noinst_PROGRAMS += dri3info
+ dri3info_SOURCES = dri3info.c
+-dri3info_CFLAGS = $(X11_DRI3_CFLAGS) $(DRI_CFLAGS)
++dri3info_CFLAGS = $(X11_DRI3_CFLAGS) $(DRI_CFLAGS) $(SEC_CFLAGS)
+ dri3info_LDADD = $(X11_DRI3_LIBS) $(DRI_LIBS)
+ endif
+ 
+@@ -61,6 +63,7 @@ intel_virtual_output_CFLAGS = \
+ 	@CWARNFLAGS@ \
+ 	$(IVO_CFLAGS) \
+ 	@NOWARNFLAGS@ \
++	$(SEC_CFLAGS) \
+ 	$(NULL)
+ intel_virtual_output_SOURCES = \
+ 	virtual.c \
+-- 
+2.43.0
+
diff --git a/xorg-x11-drv-intel.spec b/xorg-x11-drv-intel.spec
index e9921ea..bd383b3 100644
--- a/xorg-x11-drv-intel.spec
+++ b/xorg-x11-drv-intel.spec
@@ -6,7 +6,7 @@
 
 Name:			xorg-x11-drv-intel	
 Version:		2.99.917	
-Release:		47
+Release:		48
 Summary:		Xorg X11 Intel video driver
 License:		MIT
 URL:			http://www.x.org
@@ -27,6 +27,7 @@ Patch0000:    	intel-gcc-pr65873.patch
 Patch0001:     	0001-sna-Avoid-clobbering-output-physical-size-with-xf86O.patch
 Patch0002:     	0001-Fix-build-on-F28-and-later.patch
 Patch0003:     	0001-Fix-build-on-i686.patch
+Patch0004:     	add-secure-compilation-options-for-tools.patch
 
 %description
 X.Org X11 Intel video driver.
@@ -64,6 +65,12 @@ rm -f %{buildroot}%{_libdir}/libI*XvMC.so
 %{_mandir}/man4/i*
 
 %changelog
+* Tue Oct 21 2025 zhouyihang <zhouyihang3@h-partners.com> - 2.99.917-48
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:add secure compilation options for tools
+
 * Mon Jun 26 2023 liuxinhao <liuxinhao@kylinsec.com.cn> - 2.99.917-47
 - undefine _hardened_build , partially enable lazybinding to avoid driver loading failure on xorg
 
-- 
Gitee