[nss-util/f17] Resolves: Bug 805716 - Library needs partial RELRO support added

[Elio Maldonado]

commit f2ebee56f30018ba877450fa3dcc957e1ff1e677
Author: Elio Maldonado <emaldona at redhat.com>
Date:   Sun Apr 8 10:47:09 2012 -0700

    Resolves: Bug 805716 - Library needs partial RELRO support added
    
    - Patch coreconf/Linux.mk as was done on RHEL 6.2
    - Adding the options via the spec file worked for f18 but not for f17 or f16

 add-relro-linker-option.patch |   16 ++++++++++++++++
 nss-util.spec                 |   14 +++++++++-----
 2 files changed, 25 insertions(+), 5 deletions(-)
---
diff --git a/add-relro-linker-option.patch b/add-relro-linker-option.patch
new file mode 100644
index 0000000..05758f7
--- /dev/null
+++ b/add-relro-linker-option.patch
@@ -0,0 +1,16 @@
+diff -up mozilla/security/coreconf/Linux.mk.relro mozilla/security/coreconf/Linux.mk
+--- mozilla/security/coreconf/Linux.mk.relro	2010-08-12 18:32:29.000000000 -0700
++++ mozilla/security/coreconf/Linux.mk	2011-09-27 16:12:22.234743170 -0700
+@@ -179,6 +179,12 @@ FREEBL_NO_DEPEND = 1
+ endif
+ endif
+ 
++# harden DSOs/executables a bit against exploits
++ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE))))
++DSO_LDOPTS+=-Wl,-z,relro
++LDFLAGS	+= -Wl,-z,relro
++endif
++
+ USE_SYSTEM_ZLIB = 1
+ ZLIB_LIBS = -lz
+ 
diff --git a/nss-util.spec b/nss-util.spec
index f5bc7fe..c66972d 100644
--- a/nss-util.spec
+++ b/nss-util.spec
@@ -3,7 +3,7 @@
 Summary:          Network Security Services Utilities Library
 Name:             nss-util
 Version:          3.13.4
-Release:          1%{?dist}
+Release:          2%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -39,6 +39,7 @@ Source2:          nss-split-util.sh
 Source3:          nss-util.pc.in
 Source4:          nss-util-config.in
 
+Patch1:           add-relro-linker-option.patch
 
 %description
 Utilities for Network Security Services and the Softoken module
@@ -60,11 +61,10 @@ Header and library files for doing development with Network Security Services.
 %prep
 %setup -q
 
-%build
+%patch1 -p0 -b .relro
+
 
-# partial RELRO support as a security enhancement
-LDFLAGS+=-Wl,-z,relro
-export LDFLAGS
+%build
 
 # Enable compiler optimizations and disable debugging code
 BUILD_OPT=1
@@ -213,6 +213,10 @@ done
 %{_includedir}/nss3/utilrename.h
 
 %changelog
+* Sun Apr 08 2012 Elio Maldonado <emaldona at redhat.com> - 3.13.4-2
+- Resolves: Bug 805716 - Library needs partial RELRO support added
+- Patch coreconf/Linux.mk as done on RHEL 6.2
+
 * Fri Apr 06 2012 Elio Maldonado <emaldona at redhat.com> - 3.13.4-1
 - Update to NSS_3_13_4_RTM