Blame SOURCES/0002-Fix-RELRO-flag.patch

fde308
From 4ed0af7c73cb597e734223f95846651bfe9c237c Mon Sep 17 00:00:00 2001
def235
From: Miroslav Rezanina <mrezanin@redhat.com>
def235
Date: Fri, 1 Mar 2019 09:46:11 +0100
378f6c
Subject: Fix RELRO flag
def235
def235
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
def235
Message-id: <1551433571-31547-1-git-send-email-mrezanin@redhat.com>
def235
Patchwork-id: 84750
def235
O-Subject: [RHEL-7.7 open-vm-tools PATCH] Fix RELRO flag
def235
Bugzilla: 1678576
def235
RH-Acked-by: Cathy Avery <cavery@redhat.com>
def235
RH-Acked-by: Richard Jones <rjones@redhat.com>
def235
def235
From: Miroslav Rezanina <mrezanin@redhat.com>
def235
def235
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1678576
def235
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=20410856
def235
Upstream: n/a
def235
def235
rpmdiff for 10.3.0 based open-vm-tools reports partial RELRO on several binaries.
def235
This patch ensure proper hardening is used and files have full RELRO flag.
def235
def235
Signed-off-by: Miroslav Rezanina <mreznanin@redhat.com>
def235
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
def235
---
378f6c
 open-vm-tools/configure.ac             | 2 +-
378f6c
 open-vm-tools/libDeployPkg/Makefile.am | 2 +-
378f6c
 open-vm-tools/libguestlib/Makefile.am  | 2 +-
378f6c
 open-vm-tools/libhgfs/Makefile.am      | 2 +-
378f6c
 open-vm-tools/libvmtools/Makefile.am   | 2 +-
378f6c
 open-vm-tools/vgauth/lib/Makefile.am   | 2 +-
def235
 6 files changed, 6 insertions(+), 6 deletions(-)
def235
fde308
diff --git a/open-vm-tools/configure.ac b/open-vm-tools/configure.ac
fde308
index 9aa95ab..f1cc721 100644
fde308
--- a/open-vm-tools/configure.ac
fde308
+++ b/open-vm-tools/configure.ac
fde308
@@ -1459,7 +1459,7 @@ VMTOOLS_LIBS="$BUILDDIR/libvmtools/libvmtools.la $GLIB2_LIBS"
def235
 VMTOOLS_CPPFLAGS="-DVMTOOLS_USE_GLIB $GLIB2_CPPFLAGS"
def235
 
def235
 PLUGIN_CPPFLAGS="$VMTOOLS_CPPFLAGS $PLUGIN_CPPFLAGS"
def235
-PLUGIN_LDFLAGS="-Wl,-z,defs -Wl,-lc -Wl,--as-needed -shared -module -avoid-version"
def235
+PLUGIN_LDFLAGS="-Wl,-z,defs -Wl,-lc -Wl,--as-needed -shared -module -avoid-version -Wl,-z,relro,-z,now"
def235
 
def235
 # Installation directories for core services plugins.
def235
 TEST_PLUGIN_INSTALLDIR=$datadir/open-vm-tools/tests
fde308
diff --git a/open-vm-tools/libDeployPkg/Makefile.am b/open-vm-tools/libDeployPkg/Makefile.am
fde308
index a3bcb5e..31ff270 100644
fde308
--- a/open-vm-tools/libDeployPkg/Makefile.am
fde308
+++ b/open-vm-tools/libDeployPkg/Makefile.am
def235
@@ -39,7 +39,7 @@ libDeployPkg_la_SOURCES += linuxDeploymentUtilities.h
def235
 libDeployPkg_la_LDFLAGS =
def235
 # We require GCC, so we're fine passing compiler-specific flags.
def235
 # Needed for OS's that don't link shared libraries against libc by default, e.g. FreeBSD
def235
-libDeployPkg_la_LDFLAGS += -Wl,-lc
def235
+libDeployPkg_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now
def235
 
def235
 libDeployPkg_includedir = $(includedir)/libDeployPkg
def235
 
fde308
diff --git a/open-vm-tools/libguestlib/Makefile.am b/open-vm-tools/libguestlib/Makefile.am
def235
index 5181409..a21a3ff 100644
fde308
--- a/open-vm-tools/libguestlib/Makefile.am
fde308
+++ b/open-vm-tools/libguestlib/Makefile.am
def235
@@ -32,7 +32,7 @@ libguestlib_la_SOURCES += vmGuestLib.c
def235
 libguestlib_la_LDFLAGS =
def235
 # We require GCC, so we're fine passing compiler-specific flags.
def235
 # Needed for OS's that don't link shared libraries against libc by default, e.g. FreeBSD
def235
-libguestlib_la_LDFLAGS += -Wl,-lc
def235
+libguestlib_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now
def235
 
def235
 libguestlib_includedir = $(includedir)/vmGuestLib
def235
 
fde308
diff --git a/open-vm-tools/libhgfs/Makefile.am b/open-vm-tools/libhgfs/Makefile.am
def235
index 7609145..50573ee 100644
fde308
--- a/open-vm-tools/libhgfs/Makefile.am
fde308
+++ b/open-vm-tools/libhgfs/Makefile.am
def235
@@ -41,5 +41,5 @@ libhgfs_la_LDFLAGS =
def235
 libhgfs_la_LDFLAGS += -Wl,-z,defs
def235
 # Needed for OS's that don't link shared libraries against libc by
def235
 #default, e.g. FreeBSD
def235
-libhgfs_la_LDFLAGS += -Wl,-lc
def235
+libhgfs_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now
def235
 
fde308
diff --git a/open-vm-tools/libvmtools/Makefile.am b/open-vm-tools/libvmtools/Makefile.am
fde308
index 347b8c7..d58c6e6 100644
fde308
--- a/open-vm-tools/libvmtools/Makefile.am
fde308
+++ b/open-vm-tools/libvmtools/Makefile.am
fde308
@@ -86,5 +86,5 @@ libvmtools_la_LDFLAGS =
def235
 libvmtools_la_LDFLAGS += -Wl,-z,defs
def235
 # Needed for OS's that don't link shared libraries against libc by
def235
 #default, e.g. FreeBSD
def235
-libvmtools_la_LDFLAGS += -Wl,-lc
def235
+libvmtools_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now
def235
 
fde308
diff --git a/open-vm-tools/vgauth/lib/Makefile.am b/open-vm-tools/vgauth/lib/Makefile.am
def235
index bce97aa..6c0c265 100644
fde308
--- a/open-vm-tools/vgauth/lib/Makefile.am
fde308
+++ b/open-vm-tools/vgauth/lib/Makefile.am
def235
@@ -59,7 +59,7 @@ libvgauth_la_LDFLAGS =
def235
 libvgauth_la_LDFLAGS += -Wl,-z,defs
def235
 # Needed for OS's that don't link shared libraries against libc by
def235
 #default, e.g. FreeBSD
def235
-libvgauth_la_LDFLAGS += -Wl,-lc
def235
+libvgauth_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now
def235
 
def235
 # Message catalogs.
def235
 install-data-hook:
def235
-- 
def235
1.8.3.1
def235