From 14c675f3a55b03001d9925f75777a931e7c32d76 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 16 Feb 2015 16:10:19 +0100
Subject: [PATCH] Use global hardening specification instead of hardening made
 by openssh.

Openssh uses by default -fPIE flag, which didn't allow to build
pam_ssh_agent_auth.so with from libssh.a.
Validated using /CoreOS/openssh/Regression/bz642927-add-relro-flag
---
 openssh.spec | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/openssh.spec b/openssh.spec
index 7740c58..f65e8bb 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -5,6 +5,8 @@
 %define WITH_SELINUX 0
 %endif
 
+%global _hardened_build 1
+
 # OpenSSH privilege separation requires a user & group ID
 %define sshd_uid    74
 %define sshd_gid    74
@@ -496,6 +498,7 @@ fi
 	--without-zlib-version-check \
 	--with-ssl-engine \
 	--with-ipaddr-display \
+	--with-pie=no \
 %if %{ldap}
 	--with-ldap \
 %endif