diff --git a/curl.changes b/curl.changes
index c528f35..e993667 100644
--- a/curl.changes
+++ b/curl.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Mar  4 17:46:40 UTC 2021 - Cristian Rodríguez <crrodriguez@opensuse.org>
+
+- Harden build, enable full RELRO
+- Never allow undefined symbols anywhere.
+
 -------------------------------------------------------------------
 Thu Feb  4 11:20:22 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 
diff --git a/curl.spec b/curl.spec
index 8c43ac5..6952c35 100644
--- a/curl.spec
+++ b/curl.spec
@@ -102,7 +102,7 @@ CPPFLAGS="-D_FORTIFY_SOURCE=2"
 CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//')
 export CPPFLAGS
 export CFLAGS="$CFLAGS -fPIE"
-export LDFLAGS="$LDFLAGS -pie"
+export LDFLAGS="$LDFLAGS -Wl,-z,defs,-z,now,-z,relro -pie"
 autoreconf -fiv
 # local hack to make curl-config --libs stop printing libraries it depends on
 # (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere,