Resolves: Bug 805723 - Library needs partial RELRO support added
- Patch coreconf/Linux.mk as done on RHEL 6.2
This commit is contained in:
parent
c42fe44c92
commit
971f5d4461
16
add-relro-linker-option.patch
Normal file
16
add-relro-linker-option.patch
Normal file
@ -0,0 +1,16 @@
|
||||
diff -up mozilla/security/coreconf/Linux.mk.relro mozilla/security/coreconf/Linux.mk
|
||||
--- mozilla/security/coreconf/Linux.mk.relro 2010-08-12 18:32:29.000000000 -0700
|
||||
+++ mozilla/security/coreconf/Linux.mk 2011-09-27 16:12:22.234743170 -0700
|
||||
@@ -179,6 +179,12 @@ FREEBL_NO_DEPEND = 1
|
||||
endif
|
||||
endif
|
||||
|
||||
+# harden DSOs/executables a bit against exploits
|
||||
+ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE))))
|
||||
+DSO_LDOPTS+=-Wl,-z,relro
|
||||
+LDFLAGS += -Wl,-z,relro
|
||||
+endif
|
||||
+
|
||||
USE_SYSTEM_ZLIB = 1
|
||||
ZLIB_LIBS = -lz
|
||||
|
12
nss.spec
12
nss.spec
@ -7,7 +7,7 @@
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.13.4
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
@ -54,6 +54,7 @@ Source9: setup-nsssysinit.sh
|
||||
Source10: PayPalEE.cert
|
||||
Source12: %{name}-pem-20120402.tar.bz2
|
||||
|
||||
Patch2: add-relro-linker-option.patch
|
||||
Patch3: renegotiate-transitional.patch
|
||||
Patch6: nss-enable-pem.patch
|
||||
Patch16: nss-539183.patch
|
||||
@ -148,6 +149,7 @@ low level services.
|
||||
%{__cp} %{SOURCE10} -f ./mozilla/security/nss/tests/libpkix/certs
|
||||
%setup -q -T -D -n %{name}-%{version} -a 12
|
||||
|
||||
%patch2 -p0 -b .relro
|
||||
%patch3 -p0 -b .transitional
|
||||
%patch6 -p0 -b .libpem
|
||||
%patch16 -p0 -b .539183
|
||||
@ -163,10 +165,6 @@ low level services.
|
||||
|
||||
%build
|
||||
|
||||
# partial RELRO support as a security enhancement
|
||||
LDFLAGS+=-Wl,-z,relro
|
||||
export LDFLAGS
|
||||
|
||||
FREEBL_NO_DEPEND=1
|
||||
export FREEBL_NO_DEPEND
|
||||
|
||||
@ -577,6 +575,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
||||
|
||||
|
||||
%changelog
|
||||
* Sun Apr 08 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-2
|
||||
- Resolves: Bug 805723 - Library needs partial RELRO support added
|
||||
- Patch coreconf/Linux.mk as done on RHEL 6.2
|
||||
|
||||
* Sat Apr 07 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-1
|
||||
- Update to NSS_3_13_4_RTM
|
||||
- Update the nss-pem source archive to the latest version
|
||||
|
Loading…
Reference in New Issue
Block a user