rpms/mariadb10.11
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Diable upstream hardening - it overrides the default compilation flags of the distribution, but provides lower level of hardening than the default flags

Browse Source 
This issue was originally discovered by Annocheck stack-protection test in RHEL 9: #2044388

The -DSECURITY_HARDENED is used to force a set of compilation flags for hardening
The issue is that the MariaDB upstream level of hardening is lower than expected by Red Hat
We disable this option to the default compilation flags (which have higher level of hardening) will be used
This commit is contained in:
Michal Schorm 2022-02-07 14:02:25 +01:00
parent b0ed606846
commit db03980787
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
mariadb.spec
View File

@ -845,7 +845,7 @@ fi
-DGROONGA_NORMALIZER_MYSQL_PROJECT_NAME=%{name}-server/groonga-normalizer-mysql \
-DENABLED_LOCAL_INFILE=ON \
-DENABLE_DTRACE=ON \
-DSECURITY_HARDENED=ON \
-DSECURITY_HARDENED=OFF \
-DWITH_WSREP=%{?with_galera:ON}%{!?with_galera:OFF} \
-DWITH_INNODB_DISALLOW_WRITES=%{?with_galera:ON}%{!?with_galera:OFF} \
-DWITH_EMBEDDED_SERVER=%{?with_embedded:ON}%{!?with_embedded:OFF} \
@ -876,6 +876,10 @@ fi
-DCONNECT_WITH_JDBC=OFF \
%{?with_debug: -DCMAKE_BUILD_TYPE=Debug -DWITH_ASAN=OFF -DWITH_INNODB_EXTRA_DEBUG=ON -DWITH_VALGRIND=ON}
# The -DSECURITY_HARDENED is used to force a set of compilation flags for hardening
# The issue is that the MariaDB upstream level of hardening is lower than expected by Red Hat
# We disable this option to the default compilation flags (which have higher level of hardening) will be used
CFLAGS="$CFLAGS -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE"
# force PIC mode so that we can build libmysqld.so