From 44e8d833a2dff106a142f9ee2aefdb17538a6f5e Mon Sep 17 00:00:00 2001 From: zhongtao Date: Tue, 9 Apr 2024 09:31:37 +0800 Subject: [PATCH] add secure complie option and code improve Signed-off-by: zhongtao (cherry picked from commit 3fb64f0af0727a03b3c67c2edd00bc69c58fca7c) --- 0001-add-secure-compile-option.patch | 17 +++++++------- ...atch => 0002-Fix-CC-compiler-support.patch | 0 protobuf.spec | 23 ++++++++++++++----- 3 files changed, 26 insertions(+), 14 deletions(-) rename 0001-Fix-CC-compiler-support.patch => 0002-Fix-CC-compiler-support.patch (100%) diff --git a/0001-add-secure-compile-option.patch b/0001-add-secure-compile-option.patch index 32167a1..0594f0e 100644 --- a/0001-add-secure-compile-option.patch +++ b/0001-add-secure-compile-option.patch @@ -1,26 +1,27 @@ -From bc32151458494ce41b4ccc0e0e87999ce27a15fc Mon Sep 17 00:00:00 2001 +From 4cf6dc9f628fc2c5b3478d70e15d4fab8a32ae86 Mon Sep 17 00:00:00 2001 From: zhongtao -Date: Wed, 10 Jan 2024 16:21:07 +0800 +Date: Wed, 10 Apr 2024 11:43:51 +0800 Subject: [PATCH] add secure compile option Signed-off-by: zhongtao --- - CMakeLists.txt | 2 ++ - 1 file changed, 2 insertions(+) + CMakeLists.txt | 3 +++ + 1 file changed, 3 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt -index 4137ce2..05ee303 100644 +index 4137ce2..d17f09d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -2,6 +2,8 @@ +@@ -2,6 +2,9 @@ # to 3.26. cmake_minimum_required(VERSION 3.10...3.26) -+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,-z,now -fstack-check") ++set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,-z,now -fstack-check -fPIE") ++set(CMAKE_EXE_LINKER_FLAGS "-pie") + # Revert to old behavior for MSVC debug symbols. if(POLICY CMP0141) cmake_policy(SET CMP0141 OLD) -- -2.43.0 +2.25.1 diff --git a/0001-Fix-CC-compiler-support.patch b/0002-Fix-CC-compiler-support.patch similarity index 100% rename from 0001-Fix-CC-compiler-support.patch rename to 0002-Fix-CC-compiler-support.patch diff --git a/protobuf.spec b/protobuf.spec index c4b6ac8..824b74c 100644 --- a/protobuf.spec +++ b/protobuf.spec @@ -7,7 +7,7 @@ Summary: Protocol Buffers - Google's data interchange format Name: protobuf Version: 25.1 -Release: 2 +Release: 3 License: BSD URL: https://github.com/protocolbuffers/protobuf Source: https://github.com/protocolbuffers/protobuf/releases/download/v%{version}%{?rcver}/%{name}-all-%{version}%{?rcver}.tar.gz @@ -15,7 +15,7 @@ Source1: protobuf-init.el %global so_version 25.1 Patch9000: 0001-add-secure-compile-option.patch -Patch9001: 0001-Fix-CC-compiler-support.patch +Patch9001: 0002-Fix-CC-compiler-support.patch BuildRequires: cmake gcc-c++ emacs zlib-devel gmock-devel gtest-devel jsoncpp-devel BuildRequires: fdupes pkgconfig python-rpm-macros pkgconfig(zlib) ninja-build @@ -233,8 +233,9 @@ pushd build -DCMAKE_MODULE_LINKER_FLAGS=-Wl,--as-needed \ -DCMAKE_SHARED_LINKER_FLAGS=-Wl,--as-needed \ -DCMAKE_CXX_FLAGS="-g -O2" \ - -DCMAKE_C_COMPILER=%{__cc} \ - -DCMAKE_CXX_COMPILER=%{__cxx} \ + -DCMAKE_C_COMPILER=%{__cc} \ + -DCMAKE_CXX_COMPILER=%{__cxx} \ + -DCMAKE_SKIP_RPATH=TRUE \ -G Ninja \ ../ popd @@ -250,8 +251,9 @@ export CMAKE_BUILD_DIR=build-static -Dprotobuf_ABSL_PROVIDER=package \ -Dprotobuf_BUILD_TESTS:BOOL=OFF \ -DCMAKE_CXX_FLAGS="-fPIC" \ - -DCMAKE_C_COMPILER=%{__cc} \ - -DCMAKE_CXX_COMPILER=%{__cxx} \ + -DCMAKE_C_COMPILER=%{__cc} \ + -DCMAKE_CXX_COMPILER=%{__cxx} \ + -DCMAKE_SKIP_RPATH=TRUE \ -G Ninja \ ../ popd @@ -260,6 +262,9 @@ popd %ninja_build -C build %ninja_build -C build-static +# we have to override LD_LIBRARY_PATH because we eliminated rpath +export LD_LIBRARY_PATH="${PWD}/build":$LD_LIBRARY_PATH + %if %{with python} # Use the just built protoc instead of any # system version for python and/or java bindings @@ -392,6 +397,12 @@ install -p -m 0644 %{SOURCE1} %{buildroot}%{_emacs_sitestartdir} %endif %changelog +* Tue Apr 09 2024 zhongtao - 25.1-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: add secure complie option and code improve + * Wed Mar 20 2024 wangqiang - 25.1-2 - Support package build with clang -- Gitee