[openldap] add partial RELRO support

[jvcelak]

commit 924b91284dd4d192ac69dcb550089f732485bd23
Author: Jan Vcelak <jvcelak at redhat.com>
Date:   Wed Aug 24 18:12:01 2011 +0200

    add partial RELRO support
    
    Resolves: #733071

 openldap.spec |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/openldap.spec b/openldap.spec
index 327aee9..27ef48f 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -1,12 +1,15 @@
 # TODO: add make test after build
 
+# TODO: hardening using RPM macros - instead of -Wl,-z,relro in LDFLAGS
+#%global _hardened_build 1
+
 %define evolution_connector_prefix %{_libdir}/evolution-openldap
 %define evolution_connector_includedir %{evolution_connector_prefix}/include
 %define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
 
 Name: openldap
 Version: 2.4.26
-Release: 1%{?dist}.1
+Release: 2%{?dist}
 Summary: LDAP support libraries
 Group: System Environment/Daemons
 License: OpenLDAP
@@ -164,6 +167,7 @@ export CPPFLAGS="-I%_includedir/nss3 -I%_includedir/nspr4"
 export CFLAGS="$RPM_OPT_FLAGS $CPPFLAGS -fPIC -D_REENTRANT -DLDAP_CONNECTIONLESS -D_GNU_SOURCE -DHAVE_TLS -DHAVE_MOZNSS -DSLAPD_LMHASH"
 export NSS_LIBS="-lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4"
 export LIBS=""
+export LDFLAGS="$LDFLAGS -Wl,-z,relro"
 
 build() {
 
@@ -649,6 +653,9 @@ exit 0
 %attr(0644,root,root)      %{evolution_connector_libdir}/*.a
 
 %changelog
+* Wed Aug 24 2011 Jan Vcelak <jvcelak at redhat.com> 2.4.26-2
+- security hardening: library needs partial RELRO support added (#733071)
+
 * Sun Aug 14 2011 Rex Dieter <rdieter at fedoraproject.org> - 2.4.26-1.1
 - Rebuilt for rpm (#728707)