[coreutils] add RELRO protection to su as well (#630017)
Ondrej Vasik
ovasik at fedoraproject.org
Wed Sep 8 08:25:17 UTC 2010
commit c28546fac45c8b31a2282ab0790f4bd8aaea06f0
Author: Ondřej Vašík <ovasik at redhat.com>
Date: Wed Sep 8 10:25:18 2010 +0200
add RELRO protection to su as well (#630017)
coreutils-8.4-su-pie.patch | 2 +-
coreutils.spec | 7 +++++--
2 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/coreutils-8.4-su-pie.patch b/coreutils-8.4-su-pie.patch
index 75db725..07d1d5e 100644
--- a/coreutils-8.4-su-pie.patch
+++ b/coreutils-8.4-su-pie.patch
@@ -5,7 +5,7 @@ diff -urNp coreutils-8.4-orig/src/Makefile.am coreutils-8.4/src/Makefile.am
# for crypt
su_LDADD += $(LIB_CRYPT) @LIB_PAM@
-+su_LDFLAGS = -pie
++su_LDFLAGS = -pie -Wl,-z,relro,-z,now
# for various ACL functions
copy_LDADD += $(LIB_ACL)
diff --git a/coreutils.spec b/coreutils.spec
index 3f0c69a..3774910 100644
--- a/coreutils.spec
+++ b/coreutils.spec
@@ -1,7 +1,7 @@
Summary: A set of basic GNU tools commonly used in shell scripts
Name: coreutils
Version: 8.5
-Release: 6%{?dist}
+Release: 7%{?dist}
License: GPLv3+
Group: System Environment/Base
Url: http://www.gnu.org/software/coreutils/
@@ -64,7 +64,7 @@ Patch912: coreutils-overflow.patch
Patch915: coreutils-split-pam.patch
#prevent koji build failure with wrong getfacl exit code
Patch916: coreutils-getfacl-exit-code.patch
-#compile su with pie flag
+#compile su with pie flag and RELRO protection
Patch917: coreutils-8.4-su-pie.patch
#SELINUX Patch - implements Redhat changes
@@ -344,6 +344,9 @@ fi
%{_libdir}/coreutils
%changelog
+* Wed Sep 09 2010 Ondrej Vasik <ovasik at redhat.com> - 8.5-7
+- add RELRO protection to su as well (#630017)
+
* Mon Sep 06 2010 Ondrej Vasik <ovasik at redhat.com> - 8.5-6
- compile su with pie again (#630017)
More information about the scm-commits
mailing list