From 4ed0af7c73cb597e734223f95846651bfe9c237c Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Fri, 1 Mar 2019 09:46:11 +0100
Subject: Fix RELRO flag

RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
Message-id: <1551433571-31547-1-git-send-email-mrezanin@redhat.com>
Patchwork-id: 84750
O-Subject: [RHEL-7.7 open-vm-tools PATCH] Fix RELRO flag
Bugzilla: 1678576
RH-Acked-by: Cathy Avery <cavery@redhat.com>
RH-Acked-by: Richard Jones <rjones@redhat.com>

From: Miroslav Rezanina <mrezanin@redhat.com>

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1678576
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=20410856
Upstream: n/a

rpmdiff for 10.3.0 based open-vm-tools reports partial RELRO on several binaries.
This patch ensure proper hardening is used and files have full RELRO flag.

Signed-off-by: Miroslav Rezanina <mreznanin@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 open-vm-tools/configure.ac             | 2 +-
 open-vm-tools/libDeployPkg/Makefile.am | 2 +-
 open-vm-tools/libguestlib/Makefile.am  | 2 +-
 open-vm-tools/libhgfs/Makefile.am      | 2 +-
 open-vm-tools/libvmtools/Makefile.am   | 2 +-
 open-vm-tools/vgauth/lib/Makefile.am   | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/open-vm-tools/configure.ac b/open-vm-tools/configure.ac
index 9aa95ab..f1cc721 100644
--- a/open-vm-tools/configure.ac
+++ b/open-vm-tools/configure.ac
@@ -1459,7 +1459,7 @@ VMTOOLS_LIBS="$BUILDDIR/libvmtools/libvmtools.la $GLIB2_LIBS"
 VMTOOLS_CPPFLAGS="-DVMTOOLS_USE_GLIB $GLIB2_CPPFLAGS"
 
 PLUGIN_CPPFLAGS="$VMTOOLS_CPPFLAGS $PLUGIN_CPPFLAGS"
-PLUGIN_LDFLAGS="-Wl,-z,defs -Wl,-lc -Wl,--as-needed -shared -module -avoid-version"
+PLUGIN_LDFLAGS="-Wl,-z,defs -Wl,-lc -Wl,--as-needed -shared -module -avoid-version -Wl,-z,relro,-z,now"
 
 # Installation directories for core services plugins.
 TEST_PLUGIN_INSTALLDIR=$datadir/open-vm-tools/tests
diff --git a/open-vm-tools/libDeployPkg/Makefile.am b/open-vm-tools/libDeployPkg/Makefile.am
index a3bcb5e..31ff270 100644
--- a/open-vm-tools/libDeployPkg/Makefile.am
+++ b/open-vm-tools/libDeployPkg/Makefile.am
@@ -39,7 +39,7 @@ libDeployPkg_la_SOURCES += linuxDeploymentUtilities.h
 libDeployPkg_la_LDFLAGS =
 # We require GCC, so we're fine passing compiler-specific flags.
 # Needed for OS's that don't link shared libraries against libc by default, e.g. FreeBSD
-libDeployPkg_la_LDFLAGS += -Wl,-lc
+libDeployPkg_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now
 
 libDeployPkg_includedir = $(includedir)/libDeployPkg
 
diff --git a/open-vm-tools/libguestlib/Makefile.am b/open-vm-tools/libguestlib/Makefile.am
index 5181409..a21a3ff 100644
--- a/open-vm-tools/libguestlib/Makefile.am
+++ b/open-vm-tools/libguestlib/Makefile.am
@@ -32,7 +32,7 @@ libguestlib_la_SOURCES += vmGuestLib.c
 libguestlib_la_LDFLAGS =
 # We require GCC, so we're fine passing compiler-specific flags.
 # Needed for OS's that don't link shared libraries against libc by default, e.g. FreeBSD
-libguestlib_la_LDFLAGS += -Wl,-lc
+libguestlib_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now
 
 libguestlib_includedir = $(includedir)/vmGuestLib
 
diff --git a/open-vm-tools/libhgfs/Makefile.am b/open-vm-tools/libhgfs/Makefile.am
index 7609145..50573ee 100644
--- a/open-vm-tools/libhgfs/Makefile.am
+++ b/open-vm-tools/libhgfs/Makefile.am
@@ -41,5 +41,5 @@ libhgfs_la_LDFLAGS =
 libhgfs_la_LDFLAGS += -Wl,-z,defs
 # Needed for OS's that don't link shared libraries against libc by
 #default, e.g. FreeBSD
-libhgfs_la_LDFLAGS += -Wl,-lc
+libhgfs_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now
 
diff --git a/open-vm-tools/libvmtools/Makefile.am b/open-vm-tools/libvmtools/Makefile.am
index 347b8c7..d58c6e6 100644
--- a/open-vm-tools/libvmtools/Makefile.am
+++ b/open-vm-tools/libvmtools/Makefile.am
@@ -86,5 +86,5 @@ libvmtools_la_LDFLAGS =
 libvmtools_la_LDFLAGS += -Wl,-z,defs
 # Needed for OS's that don't link shared libraries against libc by
 #default, e.g. FreeBSD
-libvmtools_la_LDFLAGS += -Wl,-lc
+libvmtools_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now
 
diff --git a/open-vm-tools/vgauth/lib/Makefile.am b/open-vm-tools/vgauth/lib/Makefile.am
index bce97aa..6c0c265 100644
--- a/open-vm-tools/vgauth/lib/Makefile.am
+++ b/open-vm-tools/vgauth/lib/Makefile.am
@@ -59,7 +59,7 @@ libvgauth_la_LDFLAGS =
 libvgauth_la_LDFLAGS += -Wl,-z,defs
 # Needed for OS's that don't link shared libraries against libc by
 #default, e.g. FreeBSD
-libvgauth_la_LDFLAGS += -Wl,-lc
+libvgauth_la_LDFLAGS += -Wl,-lc -Wl,-z,relro,-z,now
 
 # Message catalogs.
 install-data-hook:
-- 
1.8.3.1