Build the colord binary with full RELRO

Force the linker to resolve all library symbols at startup, instead of on-demand. This allows it to then make the global offset table (GOT) read-only, which makes some security attacks harder.
author: Richard Hughes <richard@hughsie.com> 2013-05-07 11:10:12 +0100
committer: Richard Hughes <richard@hughsie.com> 2013-05-07 11:10:52 +0100
commit: 2377884d8a97d968e5600be95fcb2dc7576752c9 (patch)
tree: 66541bc88a6f6c0dd2fedb582b38983378ff3246 /contrib
parent: 8020696cd5ddcb9a07c419356d96d2aabd9dd3ba (diff)
download: colord-2377884d8a97d968e5600be95fcb2dc7576752c9.tar.gz
1 files changed, 0 insertions, 5 deletions
diff --git a/contrib/colord.spec.in b/contrib/colord.spec.in
index 3a167a3..942c43c 100644
--- a/contrib/colord.spec.in
+++ b/contrib/colord.spec.in
@@ -109,11 +109,6 @@ This may be useful for CMYK soft-proofing or for extra device support.
 %setup -q
 
 %build
-# we can't use _hardened_build here, see
-# https://bugzilla.redhat.com/show_bug.cgi?id=892837
-export CFLAGS='-fPIC -fPIE -DPIE %optflags'
-export LDFLAGS='-pie -Wl,-z,now -Wl,-z,relro -Wl,-z,bind_now'
-
 # Set ~2 GiB limit so that colprof is forced to work in chunks when
 # generating the print profile rather than trying to allocate a 3.1 GiB
 # chunk of RAM to put the entire B-to-A tables in.
author	Richard Hughes <richard@hughsie.com>	2013-05-07 11:10:12 +0100
committer	Richard Hughes <richard@hughsie.com>	2013-05-07 11:10:52 +0100
commit	2377884d8a97d968e5600be95fcb2dc7576752c9 (patch)
tree	66541bc88a6f6c0dd2fedb582b38983378ff3246 /contrib
parent	8020696cd5ddcb9a07c419356d96d2aabd9dd3ba (diff)
download	colord-2377884d8a97d968e5600be95fcb2dc7576752c9.tar.gz