Add partial relro support for libraries

tcp_wrappers-7.6-relro.patch

@@ -0,0 +1,12 @@
+diff -up tcp_wrappers_7.6/Makefile.relro tcp_wrappers_7.6/Makefile
+--- tcp_wrappers_7.6/Makefile.relro	2011-08-10 03:33:25.457892277 +0200
++++ tcp_wrappers_7.6/Makefile	2011-08-10 03:33:39.565892352 +0200
+@@ -726,7 +726,7 @@ $(LIB):	$(LIB_OBJ)
+ 	-$(RANLIB) $(LIB)
+ 
+ $(SHLIB): $(LIB_OBJ)
+-	gcc -shared -fPIC -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \
++	gcc -shared -fPIC -Wl,-z,relro -Wl,-soname -Wl,$(SHLIB).$(MAJOR) \
+ 		-o $(SHLIB).$(MAJOR).$(MINOR).$(REL) $^ $(LIBS)
+ 	ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB).$(MAJOR)
+ 	ln -s $(SHLIB).$(MAJOR).$(MINOR).$(REL) $(SHLIB)

tcp_wrappers.spec

@@ -1,7 +1,7 @@
 Summary: A security tool which acts as a wrapper for TCP daemons
 Name: tcp_wrappers
 Version: 7.6
-Release: 64%{?dist}
+Release: 65%{?dist}
 
 %define LIB_MAJOR 0
 %define LIB_MINOR 7
@@ -36,6 +36,7 @@ Patch21: tcp_wrappers-7.6-196326.patch
 Patch22: tcp_wrappers_7.6-249430.patch
 Patch23: tcp_wrappers-7.6-inetdconf.patch
 Patch24: tcp_wrappers-7.6-bug698464.patch
+Patch25: tcp_wrappers-7.6-relro.patch
 # required by sin_scope_id in ipv6 patch
 BuildRequires: glibc-devel >= 2.2
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -94,6 +95,7 @@ develop applications with tcp_wrappers support.
 %patch22 -p1 -b .249430
 %patch23 -p1 -b .inetdconf
 %patch24 -p1 -b .698464
+%patch25 -p1 -b .relro
 
 %build
 make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR" LDFLAGS="-pie" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux
@@ -151,6 +153,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man3/*
 
 %changelog
+* Wed Aug 10 2011 Jan F. Chadima <jchadima@redhat.com> - 7.6-65
+- Add partial relro support for libraries
+
 * Tue May 24 2011 Jan F. Chadima <jchadima@redhat.com> - 7.6-64
 - Improve the support for IPv4 /prefix notation (#698464)