From bdf4e9ddafd86e3a7273a9f41e23536dc8251f6c Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 13 Sep 2018 16:15:14 +0200 Subject: [PATCH] Fix LDFLAGS injection when creating DSO --- add-relro-linker-option.patch | 16 ---------------- nss.spec | 10 +++++++--- 2 files changed, 7 insertions(+), 19 deletions(-) delete mode 100644 add-relro-linker-option.patch diff --git a/add-relro-linker-option.patch b/add-relro-linker-option.patch deleted file mode 100644 index 7ab9db1..0000000 --- a/add-relro-linker-option.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up nss/coreconf/Linux.mk.relro nss/coreconf/Linux.mk ---- nss/coreconf/Linux.mk.relro 2013-04-09 14:29:45.943228682 -0700 -+++ nss/coreconf/Linux.mk 2013-04-09 14:31:26.194953927 -0700 -@@ -174,6 +174,12 @@ endif - endif - endif - -+# harden DSOs/executables a bit against exploits -+ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE)))) -+DSO_LDOPTS+=-Wl,-z,relro -+LDFLAGS += -Wl,-z,relro -+endif -+ - USE_SYSTEM_ZLIB = 1 - ZLIB_LIBS = -lz - diff --git a/nss.spec b/nss.spec index e579ae6..1b27d8f 100644 --- a/nss.spec +++ b/nss.spec @@ -18,7 +18,7 @@ Name: nss Version: %{nss_version} # for Rawhide, please always use release >= 2 # for Fedora release branches, please use release < 2 (1.0, 1.1, ...) -Release: 2%{?dist} +Release: 3%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -62,7 +62,6 @@ Source26: key4.db.xml Source27: secmod.db.xml Source28: nss-p11-kit.config -Patch2: add-relro-linker-option.patch Patch3: renegotiate-transitional.patch # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723 Patch16: nss-539183.patch @@ -156,7 +155,6 @@ low level services. %prep %setup -q -n %{name}-%{nss_archive_version} -%patch2 -p0 -b .relro %patch3 -p0 -b .transitional %patch16 -p0 -b .539183 %patch47 -p0 -b .templates @@ -216,6 +214,9 @@ export XCFLAGS LDFLAGS=$RPM_LD_FLAGS export LDFLAGS +DSO_LDOPTS=$RPM_LD_FLAGS +export DSO_LDOPTS + PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 @@ -743,6 +744,9 @@ update-crypto-policies %changelog +* Thu Sep 13 2018 Daiki Ueno - 3.39.0-3 +- Fix LDFLAGS injection + * Mon Sep 3 2018 Daiki Ueno - 3.39.0-2 - Update to NSS 3.39 - Use the upstream tarball as it is (rhbz#1578106)