[mariadb] Compile all binaries with full RELRO (RHBZ#1092548)
Honza Horak
hhorak at fedoraproject.org
Mon Jul 21 14:16:57 UTC 2014
commit a6b32994bad7b113e1d775d373c3579e229fa37e
Author: Honza Horak <hhorak at redhat.com>
Date: Fri Jul 18 09:55:25 2014 +0200
Compile all binaries with full RELRO (RHBZ#1092548)
mariadb.spec | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
---
diff --git a/mariadb.spec b/mariadb.spec
index f38aa62..2274fb5 100644
--- a/mariadb.spec
+++ b/mariadb.spec
@@ -25,6 +25,9 @@
# (Fedora 22?)
%bcond_without mysqld_unit
+# use Full RELRO for all binaries (RHBZ#1092548)
+%global _hardened_build 1
+
Name: mariadb
Version: 10.0.12
Release: 3%{?dist}
@@ -358,9 +361,11 @@ CFLAGS=`echo $CFLAGS| sed -e "s|-O2|-O3|g" `
%endif
CXXFLAGS="$CFLAGS"
export CFLAGS CXXFLAGS
+%if 0%{?_hardened_build}
# building with PIE
-LDFLAGS="$LDFLAGS -pie"
+LDFLAGS="$LDFLAGS -pie -Wl,-z,relro,-z,now"
export LDFLAGS
+%endif
# The INSTALL_xxx macros have to be specified relative to CMAKE_INSTALL_PREFIX
# so we can't use %%{_datadir} and so forth here.
@@ -841,6 +846,7 @@ fi
- Introduce new option with_mysqld_unit
- Removed obsolete mysql-cluster, the package should already be removed
- Improve error message when log file is not writable
+- Compile all binaries with full RELRO (RHBZ#1092548)
* Wed Jun 18 2014 Mikko Tiihonen <mikko.tiihonen at iki.fi> - 1:10.0.12-2
- Use -fno-delete-null-pointer-checks to avoid segfaults with gcc 4.9
More information about the scm-commits
mailing list