Bug ID 980384
Summary Enable PIE and full relro build for firefox
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Firefox
Assignee bnc-team-mozilla@forge.provo.novell.com
Reporter dsterba@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Created attachment 677257 [details]
enable firefox PIE and full relro on x86_64

PIE (position independent code) and full relro are features that have security
implications on built binaries. The firefox browser does not have enabled them
but as it's it an exposed tool, the improvements are desirable.

Upstream builds do not enable PIE for very unconvincing reasons (because some
graphical file manager does not recigonize the binary with PIE as executable).

Firefox upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1076892
References: http://bugs.gw.com/view.php?id=404

I've tested build on Factory (currently 46.0), passes, binary (firefox-bin)
verified to have the mentioned features.

Attached patch enables them on x86_64. More arches can be added later.

You are receiving this mail because: