[nss/f17] Resolves: Bug 805723 - Library needs partial RELRO support added
Elio Maldonado
emaldonado at fedoraproject.org
Sun Apr 8 18:13:57 UTC 2012
commit 41064271a8b87addf3d5af499b3b29a013713e2a
Author: Elio Maldonado <emaldona at redhat.com>
Date: Sun Apr 8 11:13:29 2012 -0700
Resolves: Bug 805723 - Library needs partial RELRO support added
- Patch coreconf/Linux.mk as done on RHEL 6.2
add-relro-linker-option.patch | 16 ++++++++++++++++
nss.spec | 12 +++++++-----
2 files changed, 23 insertions(+), 5 deletions(-)
---
diff --git a/add-relro-linker-option.patch b/add-relro-linker-option.patch
new file mode 100644
index 0000000..05758f7
--- /dev/null
+++ b/add-relro-linker-option.patch
@@ -0,0 +1,16 @@
+diff -up mozilla/security/coreconf/Linux.mk.relro mozilla/security/coreconf/Linux.mk
+--- mozilla/security/coreconf/Linux.mk.relro 2010-08-12 18:32:29.000000000 -0700
++++ mozilla/security/coreconf/Linux.mk 2011-09-27 16:12:22.234743170 -0700
+@@ -179,6 +179,12 @@ FREEBL_NO_DEPEND = 1
+ endif
+ endif
+
++# harden DSOs/executables a bit against exploits
++ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE))))
++DSO_LDOPTS+=-Wl,-z,relro
++LDFLAGS += -Wl,-z,relro
++endif
++
+ USE_SYSTEM_ZLIB = 1
+ ZLIB_LIBS = -lz
+
diff --git a/nss.spec b/nss.spec
index 5443482..8f5e35b 100644
--- a/nss.spec
+++ b/nss.spec
@@ -7,7 +7,7 @@
Summary: Network Security Services
Name: nss
Version: 3.13.4
-Release: 1%{?dist}
+Release: 2%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -54,6 +54,7 @@ Source9: setup-nsssysinit.sh
Source10: PayPalEE.cert
Source12: %{name}-pem-20120402.tar.bz2
+Patch2: add-relro-linker-option.patch
Patch3: renegotiate-transitional.patch
Patch6: nss-enable-pem.patch
Patch16: nss-539183.patch
@@ -151,6 +152,7 @@ low level services.
%{__cp} %{SOURCE10} -f ./mozilla/security/nss/tests/libpkix/certs
%setup -q -T -D -n %{name}-%{version} -a 12
+%patch2 -p0 -b .relro
%patch3 -p0 -b .transitional
%patch6 -p0 -b .libpem
%patch16 -p0 -b .539183
@@ -168,10 +170,6 @@ low level services.
%build
-# partial RELRO support as a security enhancement
-LDFLAGS+=-Wl,-z,relro
-export LDFLAGS
-
FREEBL_NO_DEPEND=1
export FREEBL_NO_DEPEND
@@ -582,6 +580,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
+* Sun Apr 08 2012 Elio Maldonado <emaldona at redhat.com> - 3.13.4-2
+- Resolves: Bug 805723 - Library needs partial RELRO support added
+- Patch coreconf/Linux.mk as done on RHEL 6.2
+
* Fri Apr 06 2012 Elio Maldonado <emaldona at redhat.com> - 3.13.4-1
- Update to NSS_3_13_4_RTM
- Update the nss-pem source archive to the latest version
More information about the scm-commits
mailing list