diff --git a/rpm-5.4.10-cpu-os-macros-hardening.patch b/rpm-5.4.10-cpu-os-macros-hardening.patch
new file mode 100644
index 0000000..5b53063
--- /dev/null
+++ b/rpm-5.4.10-cpu-os-macros-hardening.patch
@@ -0,0 +1,36 @@
+diff -Naur cpu-os-macros.orig/i586-linux/macros cpu-os-macros/i586-linux/macros
+--- cpu-os-macros.orig/i586-linux/macros	2014-05-22 13:49:34.309259552 +0400
++++ cpu-os-macros/i586-linux/macros	2014-05-22 14:41:56.000000000 +0400
+@@ -6,7 +6,7 @@
+ %_arch			i386
+ %_os			linux
+ %_gnu			-gnu
+-%optflags		%{?__common_cflags_with_ssp:%{__common_cflags_with_ssp} -fomit-frame-pointer -mtune=generic}%{!?__common_cflags_with_ssp:-O2 -g -m32} -march=i586 -fasynchronous-unwind-tables
++%optflags		%{?__common_cflags_with_ssp:%{__common_cflags_with_ssp} -fPIE -pie -fpie -Wformat-security -fomit-frame-pointer -mtune=generic}%{!?__common_cflags_with_ssp:-O2 -g -m32} -march=i586 -fasynchronous-unwind-tables
+ 
+ #==============================================================================
+ # ---- configure macros.
+diff -Naur cpu-os-macros.orig/i686-linux/macros cpu-os-macros/i686-linux/macros
+--- cpu-os-macros.orig/i686-linux/macros	2014-05-22 13:49:34.309259552 +0400
++++ cpu-os-macros/i686-linux/macros	2014-05-22 14:41:48.000000000 +0400
+@@ -6,7 +6,7 @@
+ %_arch			i386
+ %_os			linux
+ %_gnu			-gnu
+-%optflags		%{?__common_cflags_with_ssp:%{__common_cflags_with_ssp} -fomit-frame-pointer}%{!?__common_cflags_with_ssp:-O2 -g -m32 -mtune=generic} -march=i686 -fasynchronous-unwind-tables
++%optflags		%{?__common_cflags_with_ssp:%{__common_cflags_with_ssp} -fomit-frame-pointer -fPIE -pie -fpie -Wformat-security}%{!?__common_cflags_with_ssp:-O2 -g -m32 -mtune=generic} -march=i686 -fasynchronous-unwind-tables
+ 
+ #==============================================================================
+ # ---- configure macros.
+diff -Naur cpu-os-macros.orig/x86_64-linux/macros cpu-os-macros/x86_64-linux/macros
+--- cpu-os-macros.orig/x86_64-linux/macros	2014-05-22 13:49:34.310259552 +0400
++++ cpu-os-macros/x86_64-linux/macros	2014-05-22 14:44:09.314521435 +0400
+@@ -6,7 +6,7 @@
+ %_arch			x86_64
+ %_os			linux
+ %_gnu			-gnu
+-%optflags		%{?__common_cflags_with_ssp:%{__common_cflags_with_ssp} -fPIC}%{!?__common_cflags_with_ssp:-O2 -g -m64 -mtune=generic}
++%optflags		%{?__common_cflags_with_ssp:%{__common_cflags_with_ssp} -fPIE -pie -fpie -Wformat-security -fPIC}%{!?__common_cflags_with_ssp:-O2 -g -m64 -mtune=generic}
+ 
+ #==============================================================================
+ # ---- configure macros.
diff --git a/rpm-5.4.10-hardening.patch b/rpm-5.4.10-hardening.patch
new file mode 100644
index 0000000..e1bd9c6
--- /dev/null
+++ b/rpm-5.4.10-hardening.patch
@@ -0,0 +1,12 @@
+diff -Naur rpm-5.4.10.orig/macros/mandriva.in rpm-5.4.10/macros/mandriva.in
+--- rpm-5.4.10.orig/macros/mandriva.in	2014-05-22 14:47:17.000000000 +0400
++++ rpm-5.4.10/macros/mandriva.in	2014-05-22 15:03:31.704614385 +0400
+@@ -352,7 +352,7 @@
+ 
+ %__libtoolize_configure %{?__libtoolize:(cd $CONFIGURE_TOP; [ ! -f configure.in -a ! -f configure.ac ] || %{__libtoolize} --copy --force)}
+ 
+-%ldflags %{?!_disable_ld_as_needed: -Wl,--as-needed}%{?!_disable_ld_no_undefined: -Wl,--no-undefined}%{?!_disable_ld_relro: -Wl,-z,relro}%{?!_disable_ld_O1: -Wl,-O1}%{?!_disable_ld_build_id: -Wl,--build-id}%{?!_disable_ld_enable_new_dtags: -Wl,--enable-new-dtags}%{?!_disable_hash_style_gnu: -Wl,--hash-style=gnu}%{?_hardened_flags: %_hardened_flags}
++%ldflags %{?!_disable_ld_as_needed: -Wl,--as-needed}%{?!_disable_ld_no_undefined: -Wl,--no-undefined}%{?!_disable_ld_now: -Wl,-z,now}%{?!_disable_ld_relro: -Wl,-z,relro}%{?!_disable_ld_O1: -Wl,-O1}%{?!_disable_ld_build_id: -Wl,--build-id}%{?!_disable_ld_enable_new_dtags: -Wl,--enable-new-dtags}%{?!_disable_hash_style_gnu: -Wl,--hash-style=gnu}%{?_hardened_flags: %_hardened_flags}
+ 
+ %setup_compile_flags \
+   CFLAGS="${CFLAGS:-%optflags}" ; export CFLAGS ; \
diff --git a/rpm.spec b/rpm.spec
index 5a1cf4f..8fa6a75 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -59,7 +59,7 @@ Summary:	The RPM package management system
 Name:		rpm
 Epoch:		1
 Version:	%{libver}.%{minorver}
-Release:	%{?prereldate:0.%{prereldate}.}28
+Release:	%{?prereldate:0.%{prereldate}.}29
 License:	LGPLv2.1+
 Group:		System/Configuration/Packaging
 URL:		http://rpm5.org/
@@ -476,6 +476,10 @@ Patch505:       rpm-5.4.10-turn-back-urlgetfile.patch
 # (see jbj mails in mailing lists)
 Patch506:	rpm-5.4.10-nodejs-dependency-generator.patch
 
+# Use -fPIE and other hardening flags in builds by default
+Patch507:	rpm-5.4.10-cpu-os-macros-hardening.patch
+Patch508:	rpm-5.4.10-hardening.patch
+
 BuildRequires:	autoconf >= 2.57
 BuildRequires:	bzip2-devel
 BuildRequires:	automake >= 1.8
@@ -883,6 +887,8 @@ This package contains the RPM API documentation generated in HTML format.
 %patch504 -p1 -b .postpone_errors~
 %patch505 -p1 -b .urlgetfile~
 %patch506 -p1 -b .nodejs~
+%patch508 -p1 -b .hardening~
+
 
 #required by P55, P80, P81, P94..
 ./autogen.sh
@@ -890,6 +896,7 @@ This package contains the RPM API documentation generated in HTML format.
 mkdir -p cpu-os-macros
 tar -zxf %{SOURCE3} -C cpu-os-macros
 %patch145 -p1
+%patch507 -p0 -b .hardening_cpu_os_macros~
 
 %build
 %configure2_5x	--enable-nls \