Enabled hardened builds for Fedora 22

2015-08-25 08:58:24 +02:00 · 2015-08-25 08:58:24 +02:00 · d9a1f10a2a
commit d9a1f10a2a
parent ce65d65db6
1 changed files with 12 additions and 2 deletions
--- a/firefox.spec
+++ b/firefox.spec
@ -25,6 +25,13 @@
 %define system_cairo      1
 %endif

+# Hardened build?
+%if 0%{?fedora} > 21
+%define hardened_build    1
+%else
+%define hardened_build    0
+%endif
+
 %define system_jpeg       1

 %define enable_gstreamer  1
@ -84,7 +91,7 @@
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
 Version:        40.0
-Release:        7%{?pre_tag}%{?dist}
+Release:        8%{?pre_tag}%{?dist}
 URL:            http://www.mozilla.org/projects/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 Group:          Applications/Internet
@ -421,7 +428,7 @@ MOZ_OPT_FLAGS=$(echo "$RPM_OPT_FLAGS" | %{__sed} -e 's/-Wall//')
 # See also https://fedoraproject.org/wiki/Changes/Harden_All_Packages
 MOZ_OPT_FLAGS="$MOZ_OPT_FLAGS -Wformat-security -Wformat -Werror=format-security"
 # Use hardened build?
-%if 0%{?fedora} > 22
+%if %{?hardened_build}
 MOZ_OPT_FLAGS="$MOZ_OPT_FLAGS -fPIC -Wl,-z,relro -Wl,-z,now"
 %endif
 %if %{?debug_build}
@ -770,6 +777,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 #---------------------------------------------------------------------

 %changelog
+* Thu Aug 25 2015 Martin Stransky <stransky@redhat.com> - 40.0-8
+- Enabled hardened builds for Fedora 22
+
 * Thu Aug 20 2015 Martin Stransky <stransky@redhat.com> - 40.0-7
 - Enabled pie - rhbz#1246287