Build flags: Disable -z defs again (#1535422)

buildflags.md

@@ -76,7 +76,7 @@ the `CFLAGS` variable contents).
 
 ### Strict symbol checks in the link editor (ld)
 
-By default, the link editor will refuse to link shared objects which
+Optionally, the link editor will refuse to link shared objects which
 contain undefined symbols.  Such symbols lack symbol versioning
 information and can be bound to the wrong (compatibility) symbol
 version at run time, and not the actual (default) symbol version which
@@ -86,10 +86,14 @@ not have complete dependency information (in the form of DT_NEEDED
 entries), which can lead to errors (crashes) if IFUNC resolvers are
 executed before the shared object containing them is fully relocated.
 
-With the default flags, link failures will occur if the linker command
-line does not list all shared objects which are needed.  In this case,
-you need to add the missing DSOs (with linker arguments such as
-`-lm`).  As a result, the link editor will also generated the
+To switch on these checks, define this macro in the RPM spec file:
+
+    %define _strict_symbol_defs_build 1
+
+If this RPM spec option is active, link failures will occur if the
+linker command line does not list all shared objects which are needed.
+In this case, you need to add the missing DSOs (with linker arguments
+such as `-lm`).  As a result, the link editor will also generated the
 necessary DT_NEEDED entries.
 
 In some cases (such as when a DSO is loaded as a plugin and is
@@ -262,7 +266,7 @@ to the compiler driver `gcc`, and not directly to the link editor
   dynamic linking.  Full protection of relocation data requires the
   `-z now` flag (see below).
 * `-z defs`: Refuse to link shared objects (DSOs) with undefined symbols
-  (see above).
+  (optional, see above).
 
 For hardened builds, the
 `-specs=/usr/lib/rpm/redhat/redhat-hardened-ld` flag is added to the

macros

@@ -167,9 +167,9 @@
 %_annotated_cflags	%{?_annotated_build:%{_annobin_cflags}}
 
 # Fail linking if there are undefined symbols.  Required for proper
-# ELF symbol versioning support.
-# Use %undefine _strict_symbol_defs_build" to disable.
-%_strict_symbol_defs_build	1
+# ELF symbol versioning support.  Disabled by default.
+# Use "%define _strict_symbol_defs_build 1" to enable.
+#%_strict_symbol_defs_build	1
 %_ld_symbols_flags		%{?_strict_symbol_defs_build:-Wl,-z,defs}
 
 %__global_compiler_flags	-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches %{_hardened_cflags} %{_annotated_cflags}

redhat-rpm-config.spec

@@ -6,7 +6,7 @@
 
 Summary: Red Hat specific rpm configuration files
 Name: redhat-rpm-config
-Version: 86
+Version: 87
 Release: 1%{?dist}
 # No version specified.
 License: GPL+
@@ -160,6 +160,9 @@ install -p -m 755 -t %{buildroot}%{_rpmconfigdir} kmod.prov
 %{_rpmconfigdir}/macros.d/macros.kmp
 
 %changelog
+* Mon Jan 29 2018 Florian Weimer <fweimer@redhat.com> - 87-1
+- Build flags: Disable -z defs again (#1535422)
+
 * Mon Jan 29 2018 Florian Weimer <fweimer@redhat.com> - 86-1
 - Build flags: Enable CET on i686, x86_64 (#1538725)