rpms/nss
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: Bug 805723 - Library needs partial RELRO support added

Browse Source 
- Patch coreconf/Linux.mk as done on RHEL 6.2
This commit is contained in:
Elio Maldonado 2012-04-08 11:13:29 -07:00
parent 034c16be36
commit 41064271a8
2 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
add-relro-linker-option.patch Normal file
View File

@ -0,0 +1,16 @@
diff -up mozilla/security/coreconf/Linux.mk.relro mozilla/security/coreconf/Linux.mk
--- mozilla/security/coreconf/Linux.mk.relro 2010-08-12 18:32:29.000000000 -0700
+++ mozilla/security/coreconf/Linux.mk 2011-09-27 16:12:22.234743170 -0700
@@ -179,6 +179,12 @@ FREEBL_NO_DEPEND = 1
endif
endif
+# harden DSOs/executables a bit against exploits
+ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE))))
+DSO_LDOPTS+=-Wl,-z,relro
+LDFLAGS += -Wl,-z,relro
+endif
+
USE_SYSTEM_ZLIB = 1
ZLIB_LIBS = -lz

12
nss.spec
View File

@ -7,7 +7,7 @@
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: 3.13.4 Version: 3.13.4
Release: 1%{?dist} Release: 2%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -54,6 +54,7 @@ Source9: setup-nsssysinit.sh
Source10: PayPalEE.cert Source10: PayPalEE.cert
Source12: %{name}-pem-20120402.tar.bz2 Source12: %{name}-pem-20120402.tar.bz2
Patch2: add-relro-linker-option.patch
Patch3: renegotiate-transitional.patch Patch3: renegotiate-transitional.patch
Patch6: nss-enable-pem.patch Patch6: nss-enable-pem.patch
Patch16: nss-539183.patch Patch16: nss-539183.patch
@ -151,6 +152,7 @@ low level services.
%{__cp} %{SOURCE10} -f ./mozilla/security/nss/tests/libpkix/certs %{__cp} %{SOURCE10} -f ./mozilla/security/nss/tests/libpkix/certs
%setup -q -T -D -n %{name}-%{version} -a 12 %setup -q -T -D -n %{name}-%{version} -a 12
%patch2 -p0 -b .relro
%patch3 -p0 -b .transitional %patch3 -p0 -b .transitional
%patch6 -p0 -b .libpem %patch6 -p0 -b .libpem
%patch16 -p0 -b .539183 %patch16 -p0 -b .539183
@ -168,10 +170,6 @@ low level services.
%build %build
# partial RELRO support as a security enhancement
LDFLAGS+=-Wl,-z,relro
export LDFLAGS
FREEBL_NO_DEPEND=1 FREEBL_NO_DEPEND=1
export FREEBL_NO_DEPEND export FREEBL_NO_DEPEND
@ -582,6 +580,10 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog %changelog
* Sun Apr 08 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-2
- Resolves: Bug 805723 - Library needs partial RELRO support added
- Patch coreconf/Linux.mk as done on RHEL 6.2
* Fri Apr 06 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-1 * Fri Apr 06 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-1
- Update to NSS_3_13_4_RTM - Update to NSS_3_13_4_RTM
- Update the nss-pem source archive to the latest version - Update the nss-pem source archive to the latest version