-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJS1E40AAoJEEs3sNgP+7temTQP/3SfYMzWLENj5k4MckA2R8KV
T8UII+D3m0hyPddXPyXduMgwi91hVi6ub0sF3fBkvc9WBa4ju2FV/8BfkUAW/47s
9TTq+uaM14r2gSCvkKXGc4cJOYkK/5LUkmaJegNnkxhDQpAjsTYTPV1QrwuovUu0
cOZq+d4SgI3Thoalal20eyQaynmzzi3j/wm3xsDSundb6Mpq/ztMtULQ8zAwirPF
JBT5OWRQ9dftfQTWx/chYWdQlwIKUPu4yoG4CBEgdGvwjQ3COPMnR3MVDxZv2RHl
G0hGFKzG8rjztG9PqHUR0SxnjoQhohPrDgHe33kJY4x7bphxOL39abTs9K/dKymT
pz/z8oHvfLt/pZS61j0QruQ1pPVJg531xLqdnqoE/tpFHQH2GCorc0Y+rzUuNPvS
17vvzQgXudLG9Ou7ktMVaMiUv0kSwtcuLMJNyfl7/AsJ27FT/MFbZDEIkVd2Yu8z
YPyePxyI8gy6wGxdWJryNdzNW41rWkedMKiQu6W/qlC1TlK/rTkI9xuQdjF71gW3
XQMSgQeLB70Zl9CC71FenDZvXiiE88PIOHsKxZbN+uMODTUzimz3lRmnO95gZhXA
S3QIcBO2LpDn7K44TaLpCZ+PUT39MvPu3ZfKdIjaPmQ5RGW87ktPFRHj4IGCdH19
NDRooujPMm+LOXE7wTYq
=TPs6
-----END PGP SIGNATURE-----
Greetings.
Packages currently using the _hardened_build macro that also use
libtool may have been built only with "partial" RELRO instead of full
RELRO protections.
https://fedoraproject.org/wiki/Security_Features_Matrix#Built_with_RELRO
A workaround has been added today to the redhat-rpm-config package in
rawhide to fix this issue. Maintainers are encouraged to check their
_hardened_build packages to confirm that they rebuild correctly with
full RELRO protections. Additionally since this change is in the
%configure macro used by many packages, maintainers that find
regressions due to this change should file bugs on the
redhat-rpm-macros package or note them in
https://bugzilla.redhat.com/show_bug.cgi?id=978949
You can check your package for RELRO by unpacking it and running the
hardening-check tool from the hardening-check package over it's
libraries.
Thanks,
kevin
No comments:
Post a Comment