This issue tracks the release note for the following Fedora Change:
Build non-RELRO ELF binaries with .plt.got isolation owned by @fweimer
If you own this change, please add additional information here that we should communicate to Fedora users. Specifically, please consider:
Your notes to us do not need to be formally written. We will edit them and add details as needed. This is a way for you to ensure that we know what is critical about your change.
If you want to write this release note, then:
Once you're done with the above, make sure to either commit the relnote to an appropriate section of the Release Notes book, or, if you're not familiar with Git, AsciiDoc, or whatever else, just add it to this issue as a comment and let pbokoc[1] and Brian ( @bex ) know that you're done with this one and you'd like the note included. Also make sure to do this even for relnotes that haven't been checked by the change owner.
[0] You can do that by asking the change owner listed on the wiki page; alternatively you can infer it by checking the tracker bug (linked in Wiki) in Bugzilla and looking at its status; see bug comments for details. Ask someone on the mailing list or on IRC if you're not sure. [1] In #fedora-docs on FreeNode (UTC+1 timezone, online mostly during the day on weekdays), or pbokoc @redhat.com if you can't get a hold of me on IRC.
Proposed text:
On IBM POWER CPUs starting with POWER7 and select Intel server CPUs, Fedora now runs more ELF binaries with a read-only GOT. This makes it more difficult to write code execution exploits for them.
Change deferred to F30.
PR pending.
Fixed in #317
Metadata Update from @pbokoc: - Issue status updated to: Closed (was: Open)
The Change is deferred indefinitely due to upstream. Will re-open if the situation changes.
Log in to comment on this ticket.