From 41f17253fd0ed3d2b74319b53c09e00ef6471623 Mon Sep 17 00:00:00 2001 From: orange-snn Date: Fri, 13 Mar 2020 22:22:46 +0800 Subject: [PATCH 1/4] add secure compile option --- emacs.spec | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/emacs.spec b/emacs.spec index 2a1ce35..4d4723e 100644 --- a/emacs.spec +++ b/emacs.spec @@ -4,7 +4,7 @@ Name: emacs Epoch: 1 Version: 26.1 -Release: 11 +Release: 12 Summary: An extensible GNU text editor License: GPLv3+ and CC0-1.0 URL: http://www.gnu.org/software/emacs @@ -134,7 +134,7 @@ ln -s ../../%{name}/%{version}/etc/COPYING doc ln -s ../../%{name}/%{version}/etc/NEWS doc %build -export CFLAGS="-DMAIL_USE_LOCKF %{optflags}" +export CFLAGS="-DMAIL_USE_LOCKF %{optflags} -fPIE" export HARDENING_PIE=0 %if !%{with bootstrap} @@ -142,7 +142,7 @@ export HARDENING_PIE=0 mkdir build-gtk && cd build-gtk ln -s ../configure . -LDFLAGS=-Wl,-z,relro; export LDFLAGS; +LDFLAGS="-Wl,-z,relro,-z,now -pie"; export LDFLAGS; %configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \ --with-tiff --with-xft --with-xpm --with-x-toolkit=gtk3 --with-gpm=no \ @@ -155,7 +155,7 @@ cd .. mkdir build-lucid && cd build-lucid ln -s ../configure . -LDFLAGS=-Wl,-z,relro; export LDFLAGS; +LDFLAGS="-Wl,-z,relro,-z,now -pie"; export LDFLAGS; %configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \ --with-tiff --with-xft --with-xpm --with-x-toolkit=lucid --with-gpm=no \ @@ -168,6 +168,9 @@ cd .. # Build binary without X support mkdir build-nox && cd build-nox ln -s ../configure . + +LDFLAGS="-Wl,-z,relro,-z,now -pie"; export LDFLAGS; + %configure --with-x=no --with-modules %{setarch} %make_build cd .. @@ -356,6 +359,9 @@ fi %{_infodir}/* %changelog +* Fri Mar 13 2020 songnannan - 1:26.1-12 +- add secure compile option + * Sat Jan 11 2020 openEuler Buildteam - 1:26.1-11 - remove unnecessary source -- Gitee From 9ddae2fff10db302e0c350773fd8ee5c9578f2e2 Mon Sep 17 00:00:00 2001 From: orange-snn Date: Mon, 16 Mar 2020 16:50:23 +0800 Subject: [PATCH 2/4] disable package --- emacs-spellchecker.patch | 16 ++++++++++++++++ emacs.spec | 14 +++++++------- 2 files changed, 23 insertions(+), 7 deletions(-) create mode 100644 emacs-spellchecker.patch diff --git a/emacs-spellchecker.patch b/emacs-spellchecker.patch new file mode 100644 index 0000000..48c2b57 --- /dev/null +++ b/emacs-spellchecker.patch @@ -0,0 +1,16 @@ +diff --git a/lisp/textmodes/ispell.el b/lisp/textmodes/ispell.el +index 1d28de7..1daec44 100644 +--- a/lisp/textmodes/ispell.el ++++ b/lisp/textmodes/ispell.el +@@ -200,9 +200,9 @@ + ;; cause an error; and one of the other spelling engines below is + ;; almost certainly installed in any case, for enchant to use. + (defcustom ispell-program-name +- (or (executable-find "aspell") ++ (or (executable-find "hunspell") ++ (executable-find "aspell") + (executable-find "ispell") +- (executable-find "hunspell") + "ispell") + "Program invoked by \\[ispell-word] and \\[ispell-region] commands." + :type 'string diff --git a/emacs.spec b/emacs.spec index 4d4723e..728d2b4 100644 --- a/emacs.spec +++ b/emacs.spec @@ -13,8 +13,9 @@ Source3: site-start.el Source4: default.el Source7: emacs.service -Patch1: emacs-system-crypto-policies.patch -Patch2: emacs-xft-color-font-crash.patch +Patch1: emacs-spellchecker.patch +Patch2: emacs-system-crypto-policies.patch +Patch3: emacs-xft-color-font-crash.patch BuildRequires: gcc atk-devel cairo-devel freetype-devel fontconfig-devel dbus-devel giflib-devel BuildRequires: glibc-devel zlib-devel gnutls-devel libselinux-devel GConf2-devel alsa-lib-devel @@ -134,8 +135,7 @@ ln -s ../../%{name}/%{version}/etc/COPYING doc ln -s ../../%{name}/%{version}/etc/NEWS doc %build -export CFLAGS="-DMAIL_USE_LOCKF %{optflags} -fPIE" -export HARDENING_PIE=0 +export CFLAGS="-DMAIL_USE_LOCKF $RPM_OPT_FLAGS -fPIE" %if !%{with bootstrap} # Build GTK+ binary @@ -146,7 +146,7 @@ LDFLAGS="-Wl,-z,relro,-z,now -pie"; export LDFLAGS; %configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \ --with-tiff --with-xft --with-xpm --with-x-toolkit=gtk3 --with-gpm=no \ - --with-xwidgets --with-modules --without-libotf --without-m17n-flt --without-imagemagick + --with-xwidgets --with-modules --without-libotf --without-m17n-flt --without-imagemagick CANNOT_DUMP=yes make bootstrap %{setarch} %make_build cd .. @@ -159,7 +159,7 @@ LDFLAGS="-Wl,-z,relro,-z,now -pie"; export LDFLAGS; %configure --with-dbus --with-gif --with-jpeg --with-png --with-rsvg \ --with-tiff --with-xft --with-xpm --with-x-toolkit=lucid --with-gpm=no \ - --with-modules --without-libotf --without-m17n-flt --without-imagemagick + --with-modules --without-libotf --without-m17n-flt --without-imagemagick CANNOT_DUMP=yes make bootstrap %{setarch} %make_build cd .. @@ -171,7 +171,7 @@ ln -s ../configure . LDFLAGS="-Wl,-z,relro,-z,now -pie"; export LDFLAGS; -%configure --with-x=no --with-modules +%configure --with-x=no --with-modules CANNOT_DUMP=yes %{setarch} %make_build cd .. rm build-{gtk,lucid,nox}/src/emacs-%{version}.* -- Gitee From 94609e1333e8166bc2033d36f7403ad1cf5cc6e3 Mon Sep 17 00:00:00 2001 From: orange-snn Date: Mon, 16 Mar 2020 19:42:51 +0800 Subject: [PATCH 3/4] add pie --- emacs.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/emacs.spec b/emacs.spec index 728d2b4..cc45783 100644 --- a/emacs.spec +++ b/emacs.spec @@ -173,8 +173,6 @@ LDFLAGS="-Wl,-z,relro,-z,now -pie"; export LDFLAGS; %configure --with-x=no --with-modules CANNOT_DUMP=yes %{setarch} %make_build -cd .. -rm build-{gtk,lucid,nox}/src/emacs-%{version}.* # Generate pkgconfig file cat > emacs.pc << EOF -- Gitee From 3ba1508a4a8d7839d9d94120f1421f4868e73e03 Mon Sep 17 00:00:00 2001 From: orange-snn Date: Mon, 16 Mar 2020 20:26:14 +0800 Subject: [PATCH 4/4] add pie --- emacs.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/emacs.spec b/emacs.spec index cc45783..8c7fcff 100644 --- a/emacs.spec +++ b/emacs.spec @@ -173,6 +173,7 @@ LDFLAGS="-Wl,-z,relro,-z,now -pie"; export LDFLAGS; %configure --with-x=no --with-modules CANNOT_DUMP=yes %{setarch} %make_build +cd ../ # Generate pkgconfig file cat > emacs.pc << EOF -- Gitee