[pkg-golang-devel] Bug#823014: golang: Package compiled stdlib for PIE build mode

Peter Colberg peter at colberg.org
Sat Apr 30 00:18:14 UTC 2016

Package: golang
Version: 2:1.6.1-2
Severity: normal
Tags: patch

Dear Maintainer,

Please consider adding the following patch, which builds an optional
package containing the compiled standard library for PIE build mode.

This is a prerequisite for building position-independent executables
for the purpose of hardening Go binaries against memory corruption
vulnerabilities [1].

[1] https://bugs.debian.org/821454

A package maintainer who wishes to ship hardened binaries shall add
a Build-Depends: golang-std-pie, and a debian/rules stanza such as

	dh_auto_build -O--buildsystem=golang -- -buildmode=pie -ldflags -extldflags=-Wl,-z,now,-z,relro

In the future dh-golang could be extended to pass the above flags.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Package-compiled-stdlib-for-PIE-build-mode.patch
Type: text/x-diff
Size: 2434 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-golang-devel/attachments/20160429/d0afa04a/attachment.patch>

More information about the pkg-golang-devel mailing list