Bug 727571 - SSSD should build with the _hardened_build RPM macro in F16+
Summary: SSSD should build with the _hardened_build RPM macro in F16+
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: sssd
Version: rawhide
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Stephen Gallagher
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-02 13:41 UTC by Stephen Gallagher
Modified: 2011-08-22 15:19 UTC (History)
4 users (show)

Fixed In Version: sssd-1.6.0-2.fc16
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-08-22 15:19:47 UTC


Attachments (Terms of Use)

Description Stephen Gallagher 2011-08-02 13:41:41 UTC
Description of problem:
In redhat-rpm-config-9.1.0-14.fc16, a new macro was added to the RPM config: %_hardened_build.

This macro results in packages being built with PIO and full RELRO support (which results in a number of enhancements to the binary layout to make it more difficult to fuzz. This hardening comes with two downsides: slower startup times for the application and an inability to run prelink on libraries. However, since SSSD is a long-running security application, it seems obvious that the benefits outweigh the startup slowdown.

Version-Release number of selected component (if applicable):
sssd-1.5.11-2.fc16

Additional info:
https://fedorahosted.org/fesco/ticket/563

Comment 1 Fedora Update System 2011-08-03 14:04:36 UTC
sssd-1.6.0-2.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/sssd-1.6.0-2.fc16

Comment 2 Fedora Update System 2011-08-03 19:14:00 UTC
Package sssd-1.6.0-2.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sssd-1.6.0-2.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/sssd-1.6.0-2.fc16
then log in and leave karma (feedback).

Comment 3 Fedora Update System 2011-08-04 21:13:03 UTC
Package sssd-1.6.0-2.fc16, libtevent-0.9.13-1.fc16, libldb-1.1.0-1.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sssd-1.6.0-2.fc16 libtevent-0.9.13-1.fc16 libldb-1.1.0-1.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/libtevent-0.9.13-1.fc16,libldb-1.1.0-1.fc16,sssd-1.6.0-2.fc16
then log in and leave karma (feedback).

Comment 4 Fedora Update System 2011-08-22 15:19:37 UTC
sssd-1.6.0-2.fc16, libtevent-0.9.13-1.fc16, libldb-1.1.0-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.