Merge branch 'f16' into f15

This commit is contained in:
Elio Maldonado 2012-04-08 18:37:36 -07:00
commit 57f4023415
2 changed files with 23 additions and 6 deletions

View File

@ -0,0 +1,16 @@
diff -up mozilla/security/coreconf/Linux.mk.relro mozilla/security/coreconf/Linux.mk
--- mozilla/security/coreconf/Linux.mk.relro 2010-08-12 18:32:29.000000000 -0700
+++ mozilla/security/coreconf/Linux.mk 2011-09-27 16:12:22.234743170 -0700
@@ -179,6 +179,12 @@ FREEBL_NO_DEPEND = 1
endif
endif
+# harden DSOs/executables a bit against exploits
+ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE))))
+DSO_LDOPTS+=-Wl,-z,relro
+LDFLAGS += -Wl,-z,relro
+endif
+
USE_SYSTEM_ZLIB = 1
ZLIB_LIBS = -lz

View File

@ -7,7 +7,7 @@
Summary: Network Security Services
Name: nss
Version: 3.13.4
Release: 1%{?dist}
Release: 2%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@ -54,6 +54,7 @@ Source9: setup-nsssysinit.sh
Source10: PayPalEE.cert
Source12: %{name}-pem-20120402.tar.bz2
Patch2: add-relro-linker-option.patch
Patch3: renegotiate-transitional.patch
Patch6: nss-enable-pem.patch
Patch16: nss-539183.patch
@ -148,6 +149,7 @@ low level services.
%{__cp} %{SOURCE10} -f ./mozilla/security/nss/tests/libpkix/certs
%setup -q -T -D -n %{name}-%{version} -a 12
%patch2 -p0 -b .relro
%patch3 -p0 -b .transitional
%patch6 -p0 -b .libpem
%patch16 -p0 -b .539183
@ -155,7 +157,6 @@ low level services.
# link pem against buildroot's freebl, esential wen mixing and matching
%patch25 -p0 -b .systemfreebl
%patch26 -p0 -b .nofipstest
%patch28 -p0 -b .754771
%patch29 -p0 -b .770682
%patch30 -p0 -b .784672
%patch32 -p0 -b .800674
@ -164,10 +165,6 @@ low level services.
%build
# partial RELRO support as a security enhancement
LDFLAGS+=-Wl,-z,relro
export LDFLAGS
FREEBL_NO_DEPEND=1
export FREEBL_NO_DEPEND
@ -578,6 +575,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
* Sun Apr 08 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-2
- Resolves: Bug 805723 - Library needs partial RELRO support added
- Patch coreconf/Linux.mk as done on RHEL 6.2
* Sat Apr 07 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-1
- Update to NSS_3_13_4_RTM
- Update the nss-pem source archive to the latest version