gcc_secure-1.0-0.13.oe24090>    fMT ;G|`u` ] Ӱ IŸ$.;_#Rb>fPGYYԽYm!lQ[{|3k-F4DVbomAuaI ;S,jg8#c\r'/r@($pgH{١ݪ]Y޶ ~OC #{0:ge4+ EKNhίzD_-pȐ{Op"ЊĜf mWF%wo=VW=`eamMp#Bj/ZIfPNm9>HG֑`6[3<h"c5ad9e3f8ddd021e54800cd352e85d3d2c95e721a0b48563a3dc6ccc4574717163e6a4964a678113a00791df362118aa786855f3&9 ӭfPXE6>+#?"d   Itx 4t4(\8d9:= > ? @ F X!Y! b!,d".e"3f"6l"8z"S"d"h"n""Cgcc_secure1.00.13.oe2409Enforcing secure compile options for abuildEnforcing secure compile option for abuildfMTdc-64g.compass-ciGPL-2.0-onlyhttp://openeuler.orgSystem/Managementlinuxx86_64echo -e '*cc1_options:\n+ %{!D__KERNEL__:%{!nostdlib:%{!nodefaultlibs:%{!fno-stack-protector:%{!fstack-protector-all:-fstack-protector-strong}}}}}' >/opt/gcc-specs-fs-cc1 echo -e '*cc1_options:\n+ %{!r:%{!D__KERNEL__:%{!pie:%{!fpic:%{!fPIC:%{!fpie:%{!fPIE:%{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE:%{!shared:%{!static:%{!nostdlib:%{!nostartfiles:-fPIE}}}}}}}}}}}}}}}' >/opt/gcc-specs-pie-cc1 echo -e '*self_spec:\n+ %{!D__KERNEL__:%{!pie:%{!A:%{!fno-pie:%{!fno-PIE:%{!fno-pic:%{!fno-PIC:%{!shared:%{!static:%{!r:%{!nostdlib:%{!nostartfiles:-pie}}}}}}}}}}}}' >/opt/gcc-specs-pie-ld old_gcc=/usr/bin/gcc mv $old_gcc $old_gcc"_old" cat < $old_gcc #!/bin/sh gcc_secure_exclude=\`rpm --eval 'podman.spec|gcc.spec|arm-trusted-firmware.spec|docker-engine-openeuler.spec|arts.spec|runc-openeuler.spec|kata-containers.spec|dyninst.spec|ipxe.spec|tboot.spec|syslinux.spec|gcc-libraries.spec|kpatch.spec|gdb.spec|xorg-x11-server.spec|xorg-x11-drv-fbdev.spec|xorg-x11-drv-vesa.spec|xorg-x11-drv-ati.spec|xorg-x11-drv-dummy.spec|xorg-x11-drv-intel.spec|xorg-x11-drv-nouveau.spec|xorg-x11-drv-qxl.spec|xorg-x11-drv-v4l.spec|xorg-x11-drv-vmware.spec|xorg-x11-drv-evdev.spec|xorg-x11-drv-synaptics.spec|xorg-x11-drv-vmmouse.spec|xorg-x11-drv-void.spec|xorg-x11-drv-wacom.spec|hivex.spec|gimp.spec|memstomp.spec|supermin.spec|system-config-firewall.spec|isdn4k-utils.spec|emacs.spec|graphviz.spec|buildah.spec|rhash.spec|automake.spec'\` if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then sec_opt='-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -fsigned-char' fs_opt='' if [[ "\$@" =~ "-O0" ]]; then #openjdk set O0 can not use FS sec_opt=\`echo \$sec_opt | sed 's/ -D_FORTIFY_SOURCE=2 -O2 / /'\` fi if [ -d '/home/abuild/rpmbuild/SOURCES' ]; then configfile=/home/abuild/rpmbuild/SOURCES/config_for_secure else configfile=/root/rpmbuild/SOURCES/config_for_secure fi if [ -f \$configfile ]; then rpm_name=\`cat \$configfile| grep rpm_name| awk -F: '{print \$NF}'\` sec_opt=\`cat \$configfile| grep sec_opt| awk -F: '{print \$NF}'\` fs_opt=\`cat \$configfile| grep fs_opt| awk -F: '{print \$NF}'\` fi if [[ x\$rpm_name = "xnumactl" ]] && [[ "\$@" =~ "-march=x86-64" ]];then #numactl i686 use asm can't add -fPIC sec_opt=\`echo \$sec_opt | sed 's/-fPIC / /'\` fi if [[ x\$rpm_name = "xglibc" ]] || [[ x\$rpm_name = "xcompat-glibc" ]];then #glibc supply fs define, can not add fs for glibc self /usr/bin/gcc_old \$sec_opt "\$@" \$fs_opt --specs=/opt/gcc-specs-pie-cc1 --specs=/opt/gcc-specs-pie-ld else /usr/bin/gcc_old \$sec_opt "\$@" \$fs_opt --specs=/opt/gcc-specs-pie-cc1 --specs=/opt/gcc-specs-pie-ld --specs=/opt/gcc-specs-fs-cc1 fi else $old_gcc"_old" "\$@" fi END1 chmod 755 $old_gcc $old_gcc"_old" old_gplus=/usr/bin/g++ if [ -f $old_gplus ]; then mv $old_gplus $old_gplus"_old" cat < $old_gplus #!/bin/sh gcc_secure_exclude=\`rpm --eval 'podman.spec|gcc.spec|arm-trusted-firmware.spec|docker-engine-openeuler.spec|arts.spec|runc-openeuler.spec|kata-containers.spec|dyninst.spec|ipxe.spec|tboot.spec|syslinux.spec|gcc-libraries.spec|kpatch.spec|gdb.spec|xorg-x11-server.spec|xorg-x11-drv-fbdev.spec|xorg-x11-drv-vesa.spec|xorg-x11-drv-ati.spec|xorg-x11-drv-dummy.spec|xorg-x11-drv-intel.spec|xorg-x11-drv-nouveau.spec|xorg-x11-drv-qxl.spec|xorg-x11-drv-v4l.spec|xorg-x11-drv-vmware.spec|xorg-x11-drv-evdev.spec|xorg-x11-drv-synaptics.spec|xorg-x11-drv-vmmouse.spec|xorg-x11-drv-void.spec|xorg-x11-drv-wacom.spec|hivex.spec|gimp.spec|memstomp.spec|supermin.spec|system-config-firewall.spec|isdn4k-utils.spec|emacs.spec|graphviz.spec|buildah.spec|rhash.spec|automake.spec'\` if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then sec_opt='-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -fsigned-char' fs_opt='' if [[ "\$@" =~ "-O0" ]]; then #openjdk set O0 can not use FS sec_opt=\`echo \$sec_opt | sed 's/ -D_FORTIFY_SOURCE=2 -O2 / /'\` fi if [ -d '/home/abuild/rpmbuild/SOURCES' ]; then configfile=/home/abuild/rpmbuild/SOURCES/config_for_secure_g++ else configfile=/root/rpmbuild/SOURCES/config_for_secure_g++ fi if [ -f \$configfile ]; then rpm_name=\`cat \$configfile| grep rpm_name| awk -F: '{print \$NF}'\` sec_opt=\`cat \$configfile| grep sec_opt| awk -F: '{print \$NF}'\` fs_opt=\`cat \$configfile| grep fs_opt| awk -F: '{print \$NF}'\` fi if [[ x"\$@" = "x-v" ]];then #libtool use g++ -v for test compile env,if add Wl opt, it will make g++ -v fail $old_gplus"_old" "\$@" else /usr/bin/g++_old \$sec_opt "\$@" \$fs_opt --specs=/opt/gcc-specs-pie-cc1 --specs=/opt/gcc-specs-pie-ld --specs=/opt/gcc-specs-fs-cc1 fi else $old_gplus"_old" "\$@" fi END1 chmod 755 $old_gplus $old_gplus"_old" fi old_cpp=/usr/bin/c++ if [ -f $old_cpp ]; then mv $old_cpp $old_cpp"_old" cat < $old_cpp #!/bin/sh gcc_secure_exclude=\`rpm --eval 'podman.spec|gcc.spec|arm-trusted-firmware.spec|docker-engine-openeuler.spec|arts.spec|runc-openeuler.spec|kata-containers.spec|dyninst.spec|ipxe.spec|tboot.spec|syslinux.spec|gcc-libraries.spec|kpatch.spec|gdb.spec|xorg-x11-server.spec|xorg-x11-drv-fbdev.spec|xorg-x11-drv-vesa.spec|xorg-x11-drv-ati.spec|xorg-x11-drv-dummy.spec|xorg-x11-drv-intel.spec|xorg-x11-drv-nouveau.spec|xorg-x11-drv-qxl.spec|xorg-x11-drv-v4l.spec|xorg-x11-drv-vmware.spec|xorg-x11-drv-evdev.spec|xorg-x11-drv-synaptics.spec|xorg-x11-drv-vmmouse.spec|xorg-x11-drv-void.spec|xorg-x11-drv-wacom.spec|hivex.spec|gimp.spec|memstomp.spec|supermin.spec|system-config-firewall.spec|isdn4k-utils.spec|emacs.spec|graphviz.spec|buildah.spec|rhash.spec|automake.spec'\` if ! cat /.build.command | egrep "\$gcc_secure_exclude" &>/dev/null; then sec_opt='-fPIC -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wtrampolines -fsigned-char' fs_opt='' if [[ "\$@" =~ "-O0" ]]; then #openjdk set O0 can not use FS sec_opt=\`echo \$sec_opt | sed 's/ -D_FORTIFY_SOURCE=2 -O2 / /'\` fi if [ -d '/home/abuild/rpmbuild/SOURCES' ]; then configfile=/home/abuild/rpmbuild/SOURCES/config_for_secure_c++ else configfile=/root/rpmbuild/SOURCES/config_for_secure_c++ fi if [ -f \$configfile ]; then rpm_name=\`cat \$configfile| grep rpm_name| awk -F: '{print \$NF}'\` sec_opt=\`cat \$configfile| grep sec_opt| awk -F: '{print \$NF}'\` fs_opt=\`cat \$configfile| grep fs_opt| awk -F: '{print \$NF}'\` fi /usr/bin/c++_old \$sec_opt "\$@" \$fs_opt --specs=/opt/gcc-specs-pie-cc1 --specs=/opt/gcc-specs-pie-ld --specs=/opt/gcc-specs-fs-cc1 else $old_cpp"_old" "\$@" fi END1 chmod 755 $old_cpp $old_cpp"_old" figcc_secure-1.0-0.13.oe2409.src.rpmgcc_securegcc_secure(x86-64)     /bin/sh/bin/sh/bin/sh/bin/shbinutilscoreutilsgccgcc-c++greprpmrpm-buildrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)util-linux3.0.4-14.6.0-14.0-15.2-14.18.2c@bz@b8b@` @`.`n@Ge Wang - 1.0-0.13Chenyx - 1.0-0.12zoulin - 1.0-0.11zhangchenfeng - 1.0-0.10licihua - 1.0-0.9shenyangyang - 1.0-0.8shenyangyang - 1.0-0.7- Type:enhancement - ID:NA - SUG:NA - DESC: add requires gcc-c++- License compliance rectification- Type:enhancement - ID:NA - SUG:NA - DESC: Add automake.spec to gcc_secure_exclude- Type:enhancement - ID:NA - SUG:NA - DESC: clean spec- Type:enhancement - ID:NA - SUG:NA - DESC: support -fsigned-char for g++- Type:enhancement - ID:NA - SUG:NA - DESC:change file mode from 777 to 755 for secure- Type:enhancement - ID:NA - SUG:NA - DESC: bump release rebuilding for adding rhash.spec to macro gcc_secure_exclude/bin/sh/bin/sh/bin/sh/bin/shdc-64g.compass-ci 17268278601.0-0.13.oe24091.0-0.13.oe2409-O2 -g -grecord-gcc-switches -pipe -fstack-protector-strong -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/generic-hardened-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection cpioxz2x86_64-openEuler-linux-gnu9ԓ<|\utf-8fa127960f98c176c3e57432cbd96a74767f5fa803db325c0eacae18b47d5210523d0422b4fea28f771e872741bb370790b3cd0538eafb461233e820b84b57a2e?P7zXZ !#,{] b3;APtqB&DZ.#B+O(qrtpy z.Q|)K YZ