packages/firebird
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix rpath security issue.

Browse Source 
Due to the libtool and firebird defaultly to enable rpath option during compiliation.
But that would raise some security issues relied on rpath.
So this commit will remove all the generated rpath record via chrpath.

(cherry picked from commit b652c7b4684b4ca89d86bfc0e42eaf5c633b5a9c)
This commit is contained in:
bzhaoop 2021-09-10 07:25:14 +00:00 committed by openeuler-sync-bot
parent 3e59901e0b
commit 2b417b1965
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
firebird.spec
View File

@ -1,6 +1,6 @@
Name: firebird Name: firebird
Version: 3.0.3.32900 Version: 3.0.3.32900
Release: 7 Release: 8
Summary: SQL relational database management system Summary: SQL relational database management system
License: Interbase License: Interbase
URL: http://www.firebirdsql.org/ URL: http://www.firebirdsql.org/
@ -21,6 +21,7 @@ Patch0007: 0001-Port-to-RISC-V-64-bit-riscv64.patch
BuildRequires: autoconf automake libtommath-devel libtool ncurses-devel libicu-devel BuildRequires: autoconf automake libtommath-devel libtool ncurses-devel libicu-devel
BuildRequires: libedit-devel gcc-c++ libstdc++-static systemd-units chrpath zlib-devel procmail BuildRequires: libedit-devel gcc-c++ libstdc++-static systemd-units chrpath zlib-devel procmail
BuildRequires: chrpath
Requires(post): systemd-units Requires(post): systemd-units
Requires(preun):systemd-units Requires(preun):systemd-units
@ -84,6 +85,7 @@ cd gen
make -f Makefile.install buildRoot make -f Makefile.install buildRoot
chmod -R u+w buildroot%{_docdir}/firebird chmod -R u+w buildroot%{_docdir}/firebird
%install %install
chmod u+rw,a+rx gen/buildroot/usr/include/firebird/firebird/impl chmod u+rw,a+rx gen/buildroot/usr/include/firebird/firebird/impl
cp -r gen/buildroot/* ${RPM_BUILD_ROOT}/ cp -r gen/buildroot/* ${RPM_BUILD_ROOT}/
@ -109,6 +111,20 @@ install -d .%{_tmpfilesdir} && cp %{SOURCE2} .%{_tmpfilesdir}/
install -d .%{_unitdir} install -d .%{_unitdir}
cp .%{_datadir}/firebird/misc/firebird-superserver.service .%{_unitdir}/firebird-superserver.service cp .%{_datadir}/firebird/misc/firebird-superserver.service .%{_unitdir}/firebird-superserver.service
# remove rpath info
for ff in $(find %{buildroot}/ -executable -type f -exec file '{}' ';' | grep "\<ELF\>" | awk -F ':' '{print $1}')
do
if [ ! -u "$ff" ]; then
if [ -w "$ff" ]; then
chrpath -d $ff
fi
fi
done
# add rpath path /usr/lib/systemd in ld.so.cond.d
mkdir -p %{buildroot}%{_sysconfdir}/ld.so.conf.d
echo "/usr/lib/systemd" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
%pre %pre
@ -123,11 +139,13 @@ fi
%post %post
/sbin/ldconfig
systemd-tmpfiles --create %{_tmpfilesdir}/firebird.conf systemd-tmpfiles --create %{_tmpfilesdir}/firebird.conf
%systemd_post firebird-superserver.service %systemd_post firebird-superserver.service
%postun %postun
/sbin/ldconfig
%systemd_postun_with_restart firebird-superserver.service %systemd_postun_with_restart firebird-superserver.service
@ -161,6 +179,7 @@ systemd-tmpfiles --create %{_tmpfilesdir}/firebird.conf
%dir %{_localstatedir}/log/firebird %dir %{_localstatedir}/log/firebird
%config(noreplace) %attr(0664,firebird,firebird) %{_localstatedir}/log/firebird/firebird.log %config(noreplace) %attr(0664,firebird,firebird) %{_localstatedir}/log/firebird/firebird.log
%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/logrotate.d/firebird %config(noreplace) %attr(0644,root,root) %{_sysconfdir}/logrotate.d/firebird
%config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
%defattr(0755,root,root,0755) %defattr(0755,root,root,0755)
%{_unitdir}/firebird-superserver.service %{_unitdir}/firebird-superserver.service
@ -184,6 +203,9 @@ systemd-tmpfiles --create %{_tmpfilesdir}/firebird.conf
%exclude %{_docdir}/firebird/IPLicense.txt %exclude %{_docdir}/firebird/IPLicense.txt
%changelog %changelog
* Fri Sep 10 2021 bzhaoop <bzhaojyathousandy@gmail.com> - 3.0.3.32900-8
- Del rpath in some binaries for firebird.
* Thu Feb 25 2021 huanghaitao <huanghaitao8@huawei.com> - 3.0.3.32900-7 * Thu Feb 25 2021 huanghaitao <huanghaitao8@huawei.com> - 3.0.3.32900-7
- Fix login shell to /sbin/nologin - Fix login shell to /sbin/nologin