rpms/nss
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'f16' into f15

Browse Source
This commit is contained in:
Elio Maldonado 2012-04-08 18:37:36 -07:00
commit 57f4023415
2 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
add-relro-linker-option.patch Normal file
View File

@ -0,0 +1,16 @@
diff -up mozilla/security/coreconf/Linux.mk.relro mozilla/security/coreconf/Linux.mk
--- mozilla/security/coreconf/Linux.mk.relro 2010-08-12 18:32:29.000000000 -0700
+++ mozilla/security/coreconf/Linux.mk 2011-09-27 16:12:22.234743170 -0700
@@ -179,6 +179,12 @@ FREEBL_NO_DEPEND = 1
endif
endif
+# harden DSOs/executables a bit against exploits
+ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE))))
+DSO_LDOPTS+=-Wl,-z,relro
+LDFLAGS += -Wl,-z,relro
+endif
+
USE_SYSTEM_ZLIB = 1
ZLIB_LIBS = -lz

13
nss.spec
View File

@ -7,7 +7,7 @@
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: 3.13.4 Version: 3.13.4
Release: 1%{?dist} Release: 2%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -54,6 +54,7 @@ Source9: setup-nsssysinit.sh
Source10: PayPalEE.cert Source10: PayPalEE.cert
Source12: %{name}-pem-20120402.tar.bz2 Source12: %{name}-pem-20120402.tar.bz2
Patch2: add-relro-linker-option.patch
Patch3: renegotiate-transitional.patch Patch3: renegotiate-transitional.patch
Patch6: nss-enable-pem.patch Patch6: nss-enable-pem.patch
Patch16: nss-539183.patch Patch16: nss-539183.patch
@ -148,6 +149,7 @@ low level services.
%{__cp} %{SOURCE10} -f ./mozilla/security/nss/tests/libpkix/certs %{__cp} %{SOURCE10} -f ./mozilla/security/nss/tests/libpkix/certs
%setup -q -T -D -n %{name}-%{version} -a 12 %setup -q -T -D -n %{name}-%{version} -a 12
%patch2 -p0 -b .relro
%patch3 -p0 -b .transitional %patch3 -p0 -b .transitional
%patch6 -p0 -b .libpem %patch6 -p0 -b .libpem
%patch16 -p0 -b .539183 %patch16 -p0 -b .539183
@ -155,7 +157,6 @@ low level services.
# link pem against buildroot's freebl, esential wen mixing and matching # link pem against buildroot's freebl, esential wen mixing and matching
%patch25 -p0 -b .systemfreebl %patch25 -p0 -b .systemfreebl
%patch26 -p0 -b .nofipstest %patch26 -p0 -b .nofipstest
%patch28 -p0 -b .754771
%patch29 -p0 -b .770682 %patch29 -p0 -b .770682
%patch30 -p0 -b .784672 %patch30 -p0 -b .784672
%patch32 -p0 -b .800674 %patch32 -p0 -b .800674
@ -164,10 +165,6 @@ low level services.
%build %build
# partial RELRO support as a security enhancement
LDFLAGS+=-Wl,-z,relro
export LDFLAGS
FREEBL_NO_DEPEND=1 FREEBL_NO_DEPEND=1
export FREEBL_NO_DEPEND export FREEBL_NO_DEPEND
@ -578,6 +575,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog %changelog
* Sun Apr 08 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-2
- Resolves: Bug 805723 - Library needs partial RELRO support added
- Patch coreconf/Linux.mk as done on RHEL 6.2
* Sat Apr 07 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-1 * Sat Apr 07 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-1
- Update to NSS_3_13_4_RTM - Update to NSS_3_13_4_RTM
- Update the nss-pem source archive to the latest version - Update the nss-pem source archive to the latest version