packages/spdk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!44 [sync] PR-43: Enhance security for share library

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @liuzhiqiang26 
Signed-off-by: @liuzhiqiang26
This commit is contained in:
openeuler-ci-bot 2022-03-17 07:22:43 +00:00 committed by Gitee
commit a2c21675f2
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
0016-Enhance-security-for-share-library.patch Normal file
View File

@ -0,0 +1,28 @@
From 56b3831310673beeb0b7d5121cf36b1993ebe322 Mon Sep 17 00:00:00 2001
From: Weifeng Su <suweifeng1@huawei.com>
Date: Tue, 15 Mar 2022 11:25:02 +0000
Subject: [PATCH] Enhance security for share library
Remove rpath link option, Due to it's easy for attacher to
construct 'rpath' attacks.
Signed-off-by: Weifeng Su <suweifeng1@huawei.com>
---
mk/spdk.common.mk | 1 -
1 file changed, 1 deletion(-)
diff --git a/mk/spdk.common.mk b/mk/spdk.common.mk
index f9409c4..8569687 100644
--- a/mk/spdk.common.mk
+++ b/mk/spdk.common.mk
@@ -293,7 +293,6 @@ LINK_CXX=\
# Provide function to ease build of a shared lib
define spdk_build_realname_shared_lib
$(CC) -o $@ -shared $(CPPFLAGS) $(LDFLAGS) \
- -Wl,-rpath=$(DESTDIR)/$(libdir) \
-Wl,--soname,$(notdir $@) \
-Wl,--whole-archive $(1) -Wl,--no-whole-archive \
-Wl,--version-script=$(2) \
--
2.27.0

7
spdk.spec
View File

@ -3,7 +3,7 @@
Name: spdk Name: spdk
Version: 21.01.1 Version: 21.01.1
Release: 3 Release: 4
Summary: Set of libraries and utilities for high performance user-mode storage Summary: Set of libraries and utilities for high performance user-mode storage
License: BSD and MIT License: BSD and MIT
URL: http://spdk.io URL: http://spdk.io
@ -23,6 +23,7 @@ Patch12: 0012-spdk-use-fstack-protector-strong-instead-of-fstack-p.patch
Patch13: 0013-lib-vhost-Fix-compilation-with-dpdk-21.11.patch Patch13: 0013-lib-vhost-Fix-compilation-with-dpdk-21.11.patch
Patch14: 0014-mk-Fix-debug-build-error-on-ARM-ThunderX2-and-neoverse_N1_platform.patch Patch14: 0014-mk-Fix-debug-build-error-on-ARM-ThunderX2-and-neoverse_N1_platform.patch
Patch15: 0015-configure-add-gcc-version-check-for-ARM-Neoverse-N1_platform.patch Patch15: 0015-configure-add-gcc-version-check-for-ARM-Neoverse-N1_platform.patch
Patch16: 0016-Enhance-security-for-share-library.patch
%define package_version %{version}-%{release} %define package_version %{version}-%{release}
@ -176,6 +177,10 @@ mv doc/output/html/ %{install_docdir}
%changelog %changelog
* Tue Mar 15 2022 Weifeng Su <suweifeng1@huawei.com> - 21.01.1-4
- Remove rpath link option, Due to it's easy for attacher to
construct 'rpath' attacks
* Fri Feb 25 2022 Hongtao Zhang <zhanghongtao22@huawei.com> - 21.01.1-3 * Fri Feb 25 2022 Hongtao Zhang <zhanghongtao22@huawei.com> - 21.01.1-3
- Fix build error on ARM ThunderX2 and neoverse N1 platform - Fix build error on ARM ThunderX2 and neoverse N1 platform