Bug 724004

Summary: Library needs partial RELRO support added
Product: Red Hat Enterprise Linux 6 Reporter: Steve Grubb <sgrubb>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED ERRATA QA Contact: Aleš Mareček <amarecek>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1CC: amarecek, rrelyea, sgrubb, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nss-3.12.10-11.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 805723 (view as bug list) Environment:
Last Closed: 2011-12-06 12:11:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 743047, 805723    

Description Steve Grubb 2011-07-21 17:29:53 UTC 
Description of problem:
The openssl package contains libraries. We would like them to be built with
partial RELRO support as a security enhancement.

Additional info:
Partial RELRO requires these passed at link:
-Wl,-z,relro
Comment 1 Elio Maldonado Batiz 2011-07-21 18:26:46 UTC 
(In reply to comment #0)
> Description of problem:
> The openssl package contains libraries. We would like them to be built with
> partial RELRO support as a security enhancement.
> 
I think you meant to write nss. That would be all nss-related packages which are nss, nss-softokn, nss-util, and nspr.  I see that it's added for nss and nss-util. I now have to add it for nss-softokn and nspr.
Comment 2 Elio Maldonado Batiz 2011-07-21 18:34:01 UTC 
Steve, (or someone with the required access) Could you add to Component(s) nss, nspr, and nss-softokn? Thanks.
Comment 3 Steve Grubb 2011-07-21 18:39:35 UTC 
Yes, I made a copy and paste error. I opened 4 bugs, one on each component. I will also make a test script available that checks the whole rpm.
Comment 6 Elio Maldonado Batiz 2011-09-08 16:32:09 UTC 
[emaldona@emaldonadesktop RHEL-6]$ make unused-patches
add-relro-linker-option.patch <--- this one is the one intended for this
nss-671266.patch  <- this one is obsolete
So the patch wasn't never applied in the spec file version I checked in and used for this build. I need to respin.
Comment 8 Elio Maldonado Batiz 2011-09-19 16:03:14 UTC 
Changing status to assigned as the patch though checked wasn't never appplied in the spec file. New build coming soon.
Comment 16 errata-xmlrpc 2011-12-06 12:11:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1584.html