diff --git a/.dotnet3.1.metadata b/.dotnet3.1.metadata index 3920b02..a8ce2f2 100644 --- a/.dotnet3.1.metadata +++ b/.dotnet3.1.metadata @@ -1 +1 @@ -3818a42e01f00d5fe00548704a1878bc38fc74ef SOURCES/dotnet-v3.1.105-SDK.tar.gz +41ced806ec9822be40925072dbb59afe8f1083e0 SOURCES/dotnet-v3.1.106-SDK.tar.gz diff --git a/.gitignore b/.gitignore index a2c673a..155e20f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/dotnet-v3.1.105-SDK.tar.gz +SOURCES/dotnet-v3.1.106-SDK.tar.gz diff --git a/SOURCES/core-setup-hardening-flags.patch b/SOURCES/core-setup-hardening-flags.patch index 3f6b91c..5eb3848 100644 --- a/SOURCES/core-setup-hardening-flags.patch +++ b/SOURCES/core-setup-hardening-flags.patch @@ -1,11 +1,23 @@ diff --git a/src/settings.cmake b/src/settings.cmake --- a/src/settings.cmake +++ b/src/settings.cmake -@@ -218,6 +218,7 @@ if(${CMAKE_SYSTEM_NAME} MATCHES "Linux") +@@ -218,6 +218,8 @@ if(${CMAKE_SYSTEM_NAME} MATCHES "Linux") set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Xlinker -Bsymbolic -Bsymbolic-functions") set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,--build-id=sha1") ++ set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -pie") set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--build-id=sha1") + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -pie") add_compile_options(-fstack-protector-strong) elseif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") add_compile_options(-fstack-protector) +--- a/src/corehost/cli/apphost/CMakeLists.txt ++++ b/src/corehost/cli/apphost/CMakeLists.txt +@@ -50,6 +50,8 @@ + + add_definitions(-DFEATURE_APPHOST=1) + ++set_target_properties("apphost" PROPERTIES LINK_FLAGS -pie) ++ + # Disable manifest generation into the file .exe on Windows + if(WIN32) + set_property(TARGET ${PROJECT_NAME} PROPERTY diff --git a/SOURCES/coreclr-hardening-flags.patch b/SOURCES/coreclr-hardening-flags.patch index e2599a7..bd9a4ba 100644 --- a/SOURCES/coreclr-hardening-flags.patch +++ b/SOURCES/coreclr-hardening-flags.patch @@ -9,3 +9,14 @@ target_link_libraries(createdump createdump_lib # share the PAL/corguids in the dac module +--- a/src/corefx/System.Globalization.Native/CMakeLists.txt ++++ b/src/corefx/System.Globalization.Native/CMakeLists.txt +@@ -71,6 +71,8 @@ + set_target_properties(System.Globalization.Native_Static PROPERTIES PREFIX "") + set_target_properties(System.Globalization.Native_Static PROPERTIES OUTPUT_NAME System.Globalization.Native) + ++set_target_properties(System.Globalization.Native PROPERTIES LINK_FLAGS -pie) ++ + if(NOT CLR_CMAKE_PLATFORM_DARWIN) + if (NOT CMAKE_SYSTEM_NAME STREQUAL FreeBSD AND NOT CMAKE_SYSTEM_NAME STREQUAL NetBSD) + target_link_libraries(System.Globalization.Native diff --git a/SOURCES/corefx-hardening-flags.patch b/SOURCES/corefx-hardening-flags.patch new file mode 100644 index 0000000..b1588e2 --- /dev/null +++ b/SOURCES/corefx-hardening-flags.patch @@ -0,0 +1,11 @@ +--- a/src/Native/Unix/System.Native/CMakeLists.txt ++++ b/src/Native/Unix/System.Native/CMakeLists.txt +@@ -48,6 +48,8 @@ + set_target_properties(System.Native-Static PROPERTIES PREFIX "") + set_target_properties(System.Native-Static PROPERTIES OUTPUT_NAME System.Native CLEAN_DIRECT_OUTPUT 1) + ++set_target_properties(System.Native PROPERTIES LINK_FLAGS -pie) ++ + if (CMAKE_SYSTEM_NAME STREQUAL Linux AND NOT CLR_CMAKE_PLATFORM_ANDROID) + target_link_libraries(System.Native rt) + endif () diff --git a/SPECS/dotnet3.1.spec b/SPECS/dotnet3.1.spec index e2cc09e..7efaf98 100644 --- a/SPECS/dotnet3.1.spec +++ b/SPECS/dotnet3.1.spec @@ -23,10 +23,10 @@ %endif %global dotnet_ldflags %(echo %{__global_ldflags} | sed -re 's/-specs=[^ ]*//g') -%global host_version 3.1.5 -%global runtime_version 3.1.5 +%global host_version 3.1.6 +%global runtime_version 3.1.6 %global aspnetcore_runtime_version %{runtime_version} -%global sdk_version 3.1.105 +%global sdk_version 3.1.106 %global templates_version %(echo %{runtime_version} | awk 'BEGIN { FS="."; OFS="." } {print $1, $2, $3+1 }') %global host_rpm_version %{host_version} @@ -59,7 +59,7 @@ Name: dotnet3.1 Version: %{sdk_rpm_version} -Release: 1%{?dist} +Release: 3%{?dist} Summary: .NET Core CLI tools and runtime License: MIT and ASL 2.0 and BSD URL: https://github.com/dotnet/ @@ -73,6 +73,7 @@ Source101: dotnet.sh.in Patch100: corefx-optflags-support.patch Patch103: corefx-39633-cgroupv2-mountpoints.patch +Patch104: corefx-hardening-flags.patch Patch200: coreclr-27048-sysctl-deprecation.patch Patch201: coreclr-hardening-flags.patch @@ -304,9 +305,10 @@ sed -i 's|skiptests|skiptests ignorewarnings|' repos/coreclr.common.props pushd src/dotnet-corefx.* %patch100 -p1 %patch103 -p1 +%patch104 -p1 popd -pushd src/dotnet-coreclr.* +pushd src/coreclr.* %patch200 -p1 %patch201 -p1 popd @@ -460,6 +462,19 @@ echo "Testing build results for debug symbols..." %dir %{_libdir}/dotnet/packs %changelog +* Mon Jul 27 2020 Omair Majid - 3.1.106-3 +- Improve hardening in core-setup and corefx +- Resolves: RHBZ#1811776 + +* Fri Jul 24 2020 Omair Majid - 3.1.106-2 +- Improve hardening in CoreCLR +- Resolves: RHBZ#1811776 + +* Thu Jul 16 2020 Omair Majid - 3.1.106-1 +- Update to .NET Core SDK 3.1.106 and Runtime 3.1.6 +- Resolves: RHBZ#1853772 +- Resolves: RHBZ#1856939 + * Tue Jun 09 2020 Omair Majid - 3.1.105-1 - Update to .NET Core Runtime 3.1.5 and SDK 3.1.105 - Resolves: RHBZ#1844491