Enable BIND_NOW to prevent GOT overwrite attacks

Related: rhbz#2002747
2021-09-22 20:17:57 -07:00 · 2021-09-22 20:17:57 -07:00 · 539f1489c0
commit 539f1489c0
parent b267b23c3f
1 changed files with 6 additions and 2 deletions
--- a/openldap.spec
+++ b/openldap.spec
@ -7,7 +7,7 @@

 Name: openldap
 Version: 2.4.59
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: LDAP support libraries
 License: OpenLDAP
 URL: http://www.openldap.org/
@ -191,7 +191,7 @@ popd

 %set_build_flags
 # enable experimental support for LDAP over UDP (LDAP_CONNECTIONLESS)
-export CFLAGS="${CFLAGS} ${LDFLAGS} -Wl,--as-needed -DLDAP_CONNECTIONLESS -DLDAP_USE_NON_BLOCKING_TLS -DOPENSSL_NO_MD2"
+export CFLAGS="${CFLAGS} ${LDFLAGS} -Wl,--as-needed -Wl,-z,now -DLDAP_CONNECTIONLESS -DLDAP_USE_NON_BLOCKING_TLS -DOPENSSL_NO_MD2"

 pushd openldap-%{version}
 %configure \
@ -556,6 +556,10 @@ exit 0
 %{_libdir}/libldap-2.4*.so.*

 %changelog
+* Wed Sep 22 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.59-2
+- Enable BIND_NOW to prevent GOT overwrite attacks.
+  Related: rhbz#2002747
+
 * Tue Sep 14 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.59-1
 - Rebase openldap to 2.4.59 Related: rhbz#2002747