diff --git a/coreutils-8.4-su-pie.patch b/coreutils-8.4-su-pie.patch index 75db725..07d1d5e 100644 --- a/coreutils-8.4-su-pie.patch +++ b/coreutils-8.4-su-pie.patch @@ -5,7 +5,7 @@ diff -urNp coreutils-8.4-orig/src/Makefile.am coreutils-8.4/src/Makefile.am # for crypt su_LDADD += $(LIB_CRYPT) @LIB_PAM@ -+su_LDFLAGS = -pie ++su_LDFLAGS = -pie -Wl,-z,relro,-z,now # for various ACL functions copy_LDADD += $(LIB_ACL) diff --git a/coreutils.spec b/coreutils.spec index 3f0c69a..3774910 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,7 +1,7 @@ Summary: A set of basic GNU tools commonly used in shell scripts Name: coreutils Version: 8.5 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv3+ Group: System Environment/Base Url: http://www.gnu.org/software/coreutils/ @@ -64,7 +64,7 @@ Patch912: coreutils-overflow.patch Patch915: coreutils-split-pam.patch #prevent koji build failure with wrong getfacl exit code Patch916: coreutils-getfacl-exit-code.patch -#compile su with pie flag +#compile su with pie flag and RELRO protection Patch917: coreutils-8.4-su-pie.patch #SELINUX Patch - implements Redhat changes @@ -344,6 +344,9 @@ fi %{_libdir}/coreutils %changelog +* Wed Sep 09 2010 Ondrej Vasik - 8.5-7 +- add RELRO protection to su as well (#630017) + * Mon Sep 06 2010 Ondrej Vasik - 8.5-6 - compile su with pie again (#630017)