From 539f1489c066fa446e8432edde80352d7efafa92 Mon Sep 17 00:00:00 2001 From: Simon Pichugin Date: Wed, 22 Sep 2021 20:17:57 -0700 Subject: [PATCH] Enable BIND_NOW to prevent GOT overwrite attacks Related: rhbz#2002747 --- openldap.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/openldap.spec b/openldap.spec index 9c84fdc..3dda44a 100644 --- a/openldap.spec +++ b/openldap.spec @@ -7,7 +7,7 @@ Name: openldap Version: 2.4.59 -Release: 1%{?dist} +Release: 2%{?dist} Summary: LDAP support libraries License: OpenLDAP URL: http://www.openldap.org/ @@ -191,7 +191,7 @@ popd %set_build_flags # enable experimental support for LDAP over UDP (LDAP_CONNECTIONLESS) -export CFLAGS="${CFLAGS} ${LDFLAGS} -Wl,--as-needed -DLDAP_CONNECTIONLESS -DLDAP_USE_NON_BLOCKING_TLS -DOPENSSL_NO_MD2" +export CFLAGS="${CFLAGS} ${LDFLAGS} -Wl,--as-needed -Wl,-z,now -DLDAP_CONNECTIONLESS -DLDAP_USE_NON_BLOCKING_TLS -DOPENSSL_NO_MD2" pushd openldap-%{version} %configure \ @@ -556,6 +556,10 @@ exit 0 %{_libdir}/libldap-2.4*.so.* %changelog +* Wed Sep 22 2021 Simon Pichugin - 2.4.59-2 +- Enable BIND_NOW to prevent GOT overwrite attacks. + Related: rhbz#2002747 + * Tue Sep 14 2021 Simon Pichugin - 2.4.59-1 - Rebase openldap to 2.4.59 Related: rhbz#2002747