From c42fe44c92d04658f858515dba5b6f075fb311f3 Mon Sep 17 00:00:00 2001
From: Elio Maldonado <emaldona@redhat.com>
Date: Sat, 7 Apr 2012 12:11:59 -0700
Subject: [PATCH 1/2] Don't try to apply patch 28 which was removed

---
 nss.spec | 1 -
 1 file changed, 1 deletion(-)

diff --git a/nss.spec b/nss.spec
index 1447264..b97d3ac 100644
--- a/nss.spec
+++ b/nss.spec
@@ -155,7 +155,6 @@ low level services.
 # link pem against buildroot's freebl, esential wen mixing and matching
 %patch25 -p0 -b .systemfreebl
 %patch26 -p0 -b .nofipstest
-%patch28 -p0 -b .754771
 %patch29 -p0 -b .770682
 %patch30 -p0 -b .784672
 %patch32 -p0 -b .800674

From 971f5d4461d75f5a36247e41b30314e6d7edbe15 Mon Sep 17 00:00:00 2001
From: Elio Maldonado <emaldona@redhat.com>
Date: Sun, 8 Apr 2012 11:48:58 -0700
Subject: [PATCH 2/2] Resolves: Bug 805723 - Library needs partial RELRO
 support added

- Patch coreconf/Linux.mk as done on RHEL 6.2
---
 add-relro-linker-option.patch | 16 ++++++++++++++++
 nss.spec                      | 12 +++++++-----
 2 files changed, 23 insertions(+), 5 deletions(-)
 create mode 100644 add-relro-linker-option.patch

diff --git a/add-relro-linker-option.patch b/add-relro-linker-option.patch
new file mode 100644
index 0000000..05758f7
--- /dev/null
+++ b/add-relro-linker-option.patch
@@ -0,0 +1,16 @@
+diff -up mozilla/security/coreconf/Linux.mk.relro mozilla/security/coreconf/Linux.mk
+--- mozilla/security/coreconf/Linux.mk.relro	2010-08-12 18:32:29.000000000 -0700
++++ mozilla/security/coreconf/Linux.mk	2011-09-27 16:12:22.234743170 -0700
+@@ -179,6 +179,12 @@ FREEBL_NO_DEPEND = 1
+ endif
+ endif
+ 
++# harden DSOs/executables a bit against exploits
++ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE))))
++DSO_LDOPTS+=-Wl,-z,relro
++LDFLAGS	+= -Wl,-z,relro
++endif
++
+ USE_SYSTEM_ZLIB = 1
+ ZLIB_LIBS = -lz
+ 
diff --git a/nss.spec b/nss.spec
index b97d3ac..b27280e 100644
--- a/nss.spec
+++ b/nss.spec
@@ -7,7 +7,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.13.4
-Release:          1%{?dist}
+Release:          2%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -54,6 +54,7 @@ Source9:          setup-nsssysinit.sh
 Source10:         PayPalEE.cert
 Source12:         %{name}-pem-20120402.tar.bz2
 
+Patch2:           add-relro-linker-option.patch
 Patch3:           renegotiate-transitional.patch
 Patch6:           nss-enable-pem.patch
 Patch16:          nss-539183.patch
@@ -148,6 +149,7 @@ low level services.
 %{__cp} %{SOURCE10} -f ./mozilla/security/nss/tests/libpkix/certs
 %setup -q -T -D -n %{name}-%{version} -a 12
 
+%patch2 -p0 -b .relro
 %patch3 -p0 -b .transitional
 %patch6 -p0 -b .libpem
 %patch16 -p0 -b .539183
@@ -163,10 +165,6 @@ low level services.
 
 %build
 
-# partial RELRO support as a security enhancement
-LDFLAGS+=-Wl,-z,relro
-export LDFLAGS
-
 FREEBL_NO_DEPEND=1
 export FREEBL_NO_DEPEND
 
@@ -577,6 +575,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 
 
 %changelog
+* Sun Apr 08 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-2
+- Resolves: Bug 805723 - Library needs partial RELRO support added
+- Patch coreconf/Linux.mk as done on RHEL 6.2
+
 * Sat Apr 07 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-1
 - Update to NSS_3_13_4_RTM
 - Update the nss-pem source archive to the latest version