From c6e98a75a80aad8c55ed0f3aa44ab9854ba8e8ba Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Sat, 20 Aug 2022 15:28:43 +0800
Subject: [PATCH] add secure compile option -fstack-protector-strong

(cherry picked from commit 64503078c531631613acace543aef3ce48c0c681)
---
 ...jit-add-secure-compile-option-fstack.patch | 21 +++++++++++++++++++
 luajit.spec                                   |  6 +++++-
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 0001-luajit-add-secure-compile-option-fstack.patch

diff --git a/0001-luajit-add-secure-compile-option-fstack.patch b/0001-luajit-add-secure-compile-option-fstack.patch
new file mode 100644
index 0000000..7f83e38
--- /dev/null
+++ b/0001-luajit-add-secure-compile-option-fstack.patch
@@ -0,0 +1,21 @@
+diff -Nur LuaJIT-2.1.0-beta3/src/Makefile LuaJIT-2.1.0-beta3-new/src/Makefile
+--- LuaJIT-2.1.0-beta3/src/Makefile	2017-05-02 03:05:00.000000000 +0800
++++ LuaJIT-2.1.0-beta3-new/src/Makefile	2021-05-25 17:24:07.075839335 +0800
+@@ -217,7 +217,7 @@
+ TARGET_DYLIBNAME= libluajit-$(ABIVER).$(MAJVER).dylib
+ TARGET_DYLIBPATH= $(TARGET_LIBPATH)/$(TARGET_DYLIBNAME)
+ TARGET_DLLNAME= lua$(NODOTABIVER).dll
+-TARGET_XSHLDFLAGS= -shared -fPIC -Wl,-soname,$(TARGET_SONAME)
++TARGET_XSHLDFLAGS= -shared -fstack-protector-strong -fPIC -Wl,-soname,$(TARGET_SONAME)
+ TARGET_DYNXLDOPTS=
+ 
+ TARGET_LFSFLAGS= -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+@@ -309,7 +309,7 @@
+   TARGET_DYNXLDOPTS=
+ else
+ ifeq (,$(shell $(TARGET_CC) -o /dev/null -c -x c /dev/null -fno-stack-protector 2>/dev/null || echo 1))
+-  TARGET_XCFLAGS+= -fno-stack-protector
++  TARGET_XCFLAGS+=
+ endif
+ ifeq (Darwin,$(TARGET_SYS))
+   ifeq (,$(MACOSX_DEPLOYMENT_TARGET))
diff --git a/luajit.spec b/luajit.spec
index d1be120..0810755 100644
--- a/luajit.spec
+++ b/luajit.spec
@@ -2,7 +2,7 @@
 
 Name:           luajit
 Version:        2.1.0
-Release:        3
+Release:        4
 Summary:        Just-In-Time Compiler for Lua
 License:        MIT
 URL:            http://luajit.org/
@@ -10,6 +10,7 @@ Source0:        http://luajit.org/download/LuaJIT-2.1.0-beta3.tar.gz
 Patch0:         CVE-2020-15890.patch
 Patch1:         CVE-2020-24372-1.patch
 Patch2:         CVE-2020-24372-2.patch
+Patch3:         0001-luajit-add-secure-compile-option-fstack.patch
 
 ExclusiveArch:  %{arm} %{ix86} x86_64 %{mips} aarch64
 
@@ -75,6 +76,9 @@ ln -s luajit-2.1.0-beta3 %{buildroot}%{_bindir}/luajit
 %{_mandir}/man1/%{name}.1*
 
 %changelog
+* Sat Aug 20 2022 wangkai <wangkai385@h-partners.com> - 2.1.0-4
+- add secure compile option -fstack-protector-strong
+
 * Wed Jun 30 2021 liuyumeng <liuyumeng5@huawei.com> - 2.1.0-3
 - add BuildRequires: gcc
 
-- 
Gitee