diff --git a/redhat-rpm-config-9.1.0-hardened.patch b/redhat-rpm-config-9.1.0-hardened.patch index a334b1c..007a6c1 100644 --- a/redhat-rpm-config-9.1.0-hardened.patch +++ b/redhat-rpm-config-9.1.0-hardened.patch @@ -1,15 +1,18 @@ diff -up redhat-rpm-config-9.1.0/macros.jx redhat-rpm-config-9.1.0/macros --- redhat-rpm-config-9.1.0/macros.jx 2011-08-03 15:42:20.267064981 -0400 +++ redhat-rpm-config-9.1.0/macros 2011-08-03 15:44:46.581058603 -0400 -@@ -184,8 +184,12 @@ unset DISPLAY\ +@@ -184,8 +184,15 @@ unset DISPLAY\ %__find_provides /usr/lib/rpm/redhat/find-provides %__find_requires /usr/lib/rpm/redhat/find-requires -%__global_cflags -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -%__global_ldflags -Wl,-z,relro -+# define _hardened_build to non-zero to enable -+%_hardened_cflags %{?_hardened_build:-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1} -+%_hardened_ldflags %{?_hardened_build:-specs=/usr/lib/rpm/redhat/redhat-hardened-ld} ++%_hardening_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 ++%_hardening_ldflags -specs=/usr/lib/rpm/redhat/redhat-hardened-ld ++ ++#_hardened_build 0 ++%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}} ++%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}} + +%__global_cflags -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 %{_hardened_cflags} +%__global_ldflags -Wl,-z,relro %{_hardened_ldflags} diff --git a/redhat-rpm-config.spec b/redhat-rpm-config.spec index c2c0d55..dab6b05 100644 --- a/redhat-rpm-config.spec +++ b/redhat-rpm-config.spec @@ -1,7 +1,7 @@ Summary: Red Hat specific rpm configuration files Name: redhat-rpm-config Version: 9.1.0 -Release: 16%{?dist} +Release: 17%{?dist} # No version specified. License: GPL+ Group: Development/System @@ -69,6 +69,10 @@ rm -rf ${RPM_BUILD_ROOT} %{_sysconfdir}/rpm/* %changelog +* Fri Sep 16 2011 Adam Jackson 9.1.0-17 +- Expose %%_hardening_{c,ld}flags independently to make it easier for + packages to apply them to selected components + * Wed Aug 10 2011 Colin Walters - 9.1.0-16 - Globally disable silent rules