From e7214bcb1bba0a79b1ad05f9b27b29f1626736e3 Mon Sep 17 00:00:00 2001
From: fly_fzc <2385803914@qq.com>
Date: Wed, 9 Apr 2025 20:48:07 +0800
Subject: [PATCH] fix secure compiler options

---
 0001-add-secure-compile-option.patch            | 2 +-
 0003-protobuf-add-coverage-compile-option.patch | 2 +-
 protobuf.spec                                   | 5 ++++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/0001-add-secure-compile-option.patch b/0001-add-secure-compile-option.patch
index 0594f0e..7b2996e 100644
--- a/0001-add-secure-compile-option.patch
+++ b/0001-add-secure-compile-option.patch
@@ -16,7 +16,7 @@ index 4137ce2..d17f09d 100644
  # to 3.26.
  cmake_minimum_required(VERSION 3.10...3.26)
  
-+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,-z,now -fstack-check -fPIE")
++set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,-z,now -fstack-check -fPIE -D_FORTIFY_SOURCE=2 -O2 -fstack-protector-strong")
 +set(CMAKE_EXE_LINKER_FLAGS "-pie")
 +
  # Revert to old behavior for MSVC debug symbols.
diff --git a/0003-protobuf-add-coverage-compile-option.patch b/0003-protobuf-add-coverage-compile-option.patch
index 7a6aa17..4f65db5 100644
--- a/0003-protobuf-add-coverage-compile-option.patch
+++ b/0003-protobuf-add-coverage-compile-option.patch
@@ -14,7 +14,7 @@ index d17f09d..0b169f3 100644
 +++ b/CMakeLists.txt
 @@ -4,6 +4,9 @@ cmake_minimum_required(VERSION 3.10...3.26)
  
- set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,-z,now -fstack-check -fPIE")
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,-z,now -fstack-check -fPIE -D_FORTIFY_SOURCE=2 -O2 -fstack-protector-strong")
  set(CMAKE_EXE_LINKER_FLAGS "-pie")
 +if (ENABLE_CONVERAGE)
 +  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fprofile-arcs -ftest-coverage")
diff --git a/protobuf.spec b/protobuf.spec
index a9b00db..6feb4ee 100644
--- a/protobuf.spec
+++ b/protobuf.spec
@@ -11,7 +11,7 @@
 Summary:        Protocol Buffers - Google's data interchange format
 Name:           protobuf
 Version:        25.1
-Release:        1
+Release:        2
 License:        BSD
 URL:            https://github.com/protocolbuffers/protobuf
 Source:         https://github.com/protocolbuffers/protobuf/releases/download/v%{version}%{?rcver}/%{name}-all-%{version}%{?rcver}.tar.gz
@@ -407,6 +407,9 @@ install -p -m 0644 %{SOURCE1} %{buildroot}%{_emacs_sitestartdir}
 %endif
 
 %changelog
+* Wed Apr 09 2025 fuanan <fuanan3@h-partners.com> - 25.1-2
+- fix secure compiler options
+
 * Mon Apr 07 2025 xinghe <xinghe2@h-partners.com> - 25.1-1
 - DESC:update to 25.1
 
-- 
Gitee