From: Florian Weimer <[email protected]>
Partial RELRO means that the object is GNU_RELRO but not BIND_NOW. This
reduces the effectiveness of RELRO. bluez triggers this because it
enables PIE during the build, and rpmdiff takes this as an indicator
that the best possible hardening is desired.
https://bugzilla.redhat.com/show_bug.cgi?id=983161
---
acinclude.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/acinclude.m4 b/acinclude.m4
index bc39c6d73..efce2f3cb 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -50,7 +50,7 @@ AC_DEFUN([MISC_FLAGS], [
if (test "${enableval}" = "yes" &&
test "${ac_cv_prog_cc_pie}" = "yes"); then
misc_cflags="$misc_cflags -fPIC"
- misc_ldflags="$misc_ldflags -pie"
+ misc_ldflags="$misc_ldflags -pie -Wl,-z,now"
fi
])
if (test "$enable_coverage" = "yes"); then
--
2.13.5
On Thu, 2017-08-24 at 20:28 +0200, Bastien Nocera wrote:
> From: Florian Weimer <[email protected]>
>
> Partial RELRO means that the object is GNU_RELRO but not
> BIND_NOW. This
> reduces the effectiveness of RELRO. bluez triggers this because it
> enables PIE during the build, and rpmdiff takes this as an indicator
> that the best possible hardening is desired.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=983161
Florian made the comments, I made the patch and sent it. Feel free to
remove the internal Bugzilla reference before pushing.
Cheers
Add 3 optional features that are currently used and distributed in
the Fedora packages to the default build configuration.
The additional build time is minimal, and it ensures that the build
gets maximum coverage.
---
bootstrap-configure | 3 +++
1 file changed, 3 insertions(+)
diff --git a/bootstrap-configure b/bootstrap-configure
index 658eef296..cb19b56bd 100755
--- a/bootstrap-configure
+++ b/bootstrap-configure
@@ -24,4 +24,7 @@ fi
--enable-sixaxis \
--enable-midi \
--enable-mesh \
+ --enable-pie \
+ --enable-cups \
+ --enable-library \
--disable-datafiles $*
--
2.13.5
In file included from obexd/plugins/mas.c:41:0:
./obexd/src/obex.h:37:1: error: unknown type name ‘ssize_t’; did you mean ‘size_t’?
ssize_t obex_get_size(struct obex_session *os);
^~~~~~~
---
obexd/src/obex.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/obexd/src/obex.h b/obexd/src/obex.h
index fc1674755..67593f11b 100644
--- a/obexd/src/obex.h
+++ b/obexd/src/obex.h
@@ -22,6 +22,8 @@
*
*/
+#include <unistd.h>
+
#define OBJECT_SIZE_UNKNOWN -1
#define OBJECT_SIZE_DELETE -2
--
2.13.5
On 08/24/2017 08:30 PM, Bastien Nocera wrote:
> On Thu, 2017-08-24 at 20:28 +0200, Bastien Nocera wrote:
>> From: Florian Weimer <[email protected]>
>>
>> Partial RELRO means that the object is GNU_RELRO but not
>> BIND_NOW. This
>> reduces the effectiveness of RELRO. bluez triggers this because it
>> enables PIE during the build, and rpmdiff takes this as an indicator
>> that the best possible hardening is desired.
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=983161
>
> Florian made the comments, I made the patch and sent it. Feel free to
> remove the internal Bugzilla reference before pushing.
It might be simpler to just pass through any CC/CFLAGS/LDFLAGS settings
the build environment is using, without trying to second-guess what the
user is doing.
Thanks,
Florian
On Thu, 2017-08-24 at 20:28 +0200, Bastien Nocera wrote:
> Add 3 optional features that are currently used and distributed in
> the Fedora packages to the default build configuration.
>
> The additional build time is minimal, and it ensures that the build
> gets maximum coverage.
This still applies as well.