From d9a1f10a2a857dccf70a98d0d5af9e3db6f4033c Mon Sep 17 00:00:00 2001 From: Martin Stransky Date: Tue, 25 Aug 2015 08:58:24 +0200 Subject: Enabled hardened builds for Fedora 22 --- firefox.spec | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/firefox.spec b/firefox.spec index ab72923..8f9521d 100644 --- a/firefox.spec +++ b/firefox.spec @@ -25,6 +25,13 @@ %define system_cairo 1 %endif +# Hardened build? +%if 0%{?fedora} > 21 +%define hardened_build 1 +%else +%define hardened_build 0 +%endif + %define system_jpeg 1 %define enable_gstreamer 1 @@ -84,7 +91,7 @@ Summary: Mozilla Firefox Web browser Name: firefox Version: 40.0 -Release: 7%{?pre_tag}%{?dist} +Release: 8%{?pre_tag}%{?dist} URL: http://www.mozilla.org/projects/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ Group: Applications/Internet @@ -421,7 +428,7 @@ MOZ_OPT_FLAGS=$(echo "$RPM_OPT_FLAGS" | %{__sed} -e 's/-Wall//') # See also https://fedoraproject.org/wiki/Changes/Harden_All_Packages MOZ_OPT_FLAGS="$MOZ_OPT_FLAGS -Wformat-security -Wformat -Werror=format-security" # Use hardened build? -%if 0%{?fedora} > 22 +%if %{?hardened_build} MOZ_OPT_FLAGS="$MOZ_OPT_FLAGS -fPIC -Wl,-z,relro -Wl,-z,now" %endif %if %{?debug_build} @@ -770,6 +777,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #--------------------------------------------------------------------- %changelog +* Thu Aug 25 2015 Martin Stransky - 40.0-8 +- Enabled hardened builds for Fedora 22 + * Thu Aug 20 2015 Martin Stransky - 40.0-7 - Enabled pie - rhbz#1246287 -- cgit