rpms
/
firefox
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Enabled hardened builds for Fedora 22

This commit is contained in:
Martin Stransky 2015-08-25 08:58:24 +02:00
parent ce65d65db6
commit d9a1f10a2a
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
firefox.spec
View File

@ -25,6 +25,13 @@
%define system_cairo 1 %define system_cairo 1
%endif %endif
# Hardened build?
%if 0%{?fedora} > 21
%define hardened_build 1
%else
%define hardened_build 0
%endif
%define system_jpeg 1 %define system_jpeg 1
%define enable_gstreamer 1 %define enable_gstreamer 1
@ -84,7 +91,7 @@
Summary: Mozilla Firefox Web browser Summary: Mozilla Firefox Web browser
Name: firefox Name: firefox
Version: 40.0 Version: 40.0
Release: 7%{?pre_tag}%{?dist} Release: 8%{?pre_tag}%{?dist}
URL: http://www.mozilla.org/projects/firefox/ URL: http://www.mozilla.org/projects/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
Group: Applications/Internet Group: Applications/Internet
@ -421,7 +428,7 @@ MOZ_OPT_FLAGS=$(echo "$RPM_OPT_FLAGS" | %{__sed} -e 's/-Wall//')
# See also https://fedoraproject.org/wiki/Changes/Harden_All_Packages # See also https://fedoraproject.org/wiki/Changes/Harden_All_Packages
MOZ_OPT_FLAGS="$MOZ_OPT_FLAGS -Wformat-security -Wformat -Werror=format-security" MOZ_OPT_FLAGS="$MOZ_OPT_FLAGS -Wformat-security -Wformat -Werror=format-security"
# Use hardened build? # Use hardened build?
%if 0%{?fedora} > 22 %if %{?hardened_build}
MOZ_OPT_FLAGS="$MOZ_OPT_FLAGS -fPIC -Wl,-z,relro -Wl,-z,now" MOZ_OPT_FLAGS="$MOZ_OPT_FLAGS -fPIC -Wl,-z,relro -Wl,-z,now"
%endif %endif
%if %{?debug_build} %if %{?debug_build}
@ -770,6 +777,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
#--------------------------------------------------------------------- #---------------------------------------------------------------------
%changelog %changelog
* Thu Aug 25 2015 Martin Stransky <stransky@redhat.com> - 40.0-8
- Enabled hardened builds for Fedora 22
* Thu Aug 20 2015 Martin Stransky <stransky@redhat.com> - 40.0-7 * Thu Aug 20 2015 Martin Stransky <stransky@redhat.com> - 40.0-7
- Enabled pie - rhbz#1246287 - Enabled pie - rhbz#1246287