Bug 727571 - SSSD should build with the _hardened_build RPM macro in F16+
SSSD should build with the _hardened_build RPM macro in F16+
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: sssd (Show other bugs)
rawhide
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Stephen Gallagher
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-08-02 09:41 EDT by Stephen Gallagher
Modified: 2011-08-22 11:19 EDT (History)
4 users (show)

See Also:
Fixed In Version: sssd-1.6.0-2.fc16
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-08-22 11:19:47 EDT
Type: Enhancement
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stephen Gallagher 2011-08-02 09:41:41 EDT
Description of problem:
In redhat-rpm-config-9.1.0-14.fc16, a new macro was added to the RPM config: %_hardened_build.

This macro results in packages being built with PIO and full RELRO support (which results in a number of enhancements to the binary layout to make it more difficult to fuzz. This hardening comes with two downsides: slower startup times for the application and an inability to run prelink on libraries. However, since SSSD is a long-running security application, it seems obvious that the benefits outweigh the startup slowdown.

Version-Release number of selected component (if applicable):
sssd-1.5.11-2.fc16

Additional info:
https://fedorahosted.org/fesco/ticket/563
Comment 1 Fedora Update System 2011-08-03 10:04:36 EDT
sssd-1.6.0-2.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/sssd-1.6.0-2.fc16
Comment 2 Fedora Update System 2011-08-03 15:14:00 EDT
Package sssd-1.6.0-2.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sssd-1.6.0-2.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/sssd-1.6.0-2.fc16
then log in and leave karma (feedback).
Comment 3 Fedora Update System 2011-08-04 17:13:03 EDT
Package sssd-1.6.0-2.fc16, libtevent-0.9.13-1.fc16, libldb-1.1.0-1.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sssd-1.6.0-2.fc16 libtevent-0.9.13-1.fc16 libldb-1.1.0-1.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/libtevent-0.9.13-1.fc16,libldb-1.1.0-1.fc16,sssd-1.6.0-2.fc16
then log in and leave karma (feedback).
Comment 4 Fedora Update System 2011-08-22 11:19:37 EDT
sssd-1.6.0-2.fc16, libtevent-0.9.13-1.fc16, libldb-1.1.0-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.