Adjustments to _hardened_build and %configure macro in rawhide

Kevin Fenzi kevin at scrye.com
Mon Jan 13 20:36:04 UTC 2014


Greetings. 

Packages currently using the _hardened_build macro that also use
libtool may have been built only with "partial" RELRO instead of full
RELRO protections. 
https://fedoraproject.org/wiki/Security_Features_Matrix#Built_with_RELRO

A workaround has been added today to the redhat-rpm-config package in
rawhide to fix this issue. Maintainers are encouraged to check their
_hardened_build packages to confirm that they rebuild correctly with
full RELRO protections. Additionally since this change is in the
%configure macro used by many packages, maintainers that find
regressions due to this change should file bugs on the
redhat-rpm-macros package or note them in
https://bugzilla.redhat.com/show_bug.cgi?id=978949

You can check your package for RELRO by unpacking it and running the
hardening-check tool from the hardening-check package over it's
libraries. 

Thanks, 

kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140113/ecf587c2/attachment.sig>
-------------- next part --------------
_______________________________________________
devel-announce mailing list
devel-announce at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce


More information about the devel mailing list