[Pkg-openldap-devel] r1388 - openldap/trunk/debian
vorlon at alioth.debian.org
vorlon at alioth.debian.org
Sun Oct 9 00:59:04 UTC 2011
Author: vorlon
Date: 2011-10-09 00:59:03 +0000 (Sun, 09 Oct 2011)
New Revision: 1388
Modified:
openldap/trunk/debian/changelog
openldap/trunk/debian/rules
Log:
Also set hardening=+pie,+bindnow buildflags options for maximum
security, since this is a security-sensitive daemon dealing with
untrusted input. Ubuntu has been building with these flags for a
while via hardening-wrappers, so the change is presumed safe.
Modified: openldap/trunk/debian/changelog
===================================================================
--- openldap/trunk/debian/changelog 2011-10-08 22:50:52 UTC (rev 1387)
+++ openldap/trunk/debian/changelog 2011-10-09 00:59:03 UTC (rev 1388)
@@ -11,6 +11,10 @@
debhelper and dpkg-dev, so we can pick up dpkg-buildflags for our
policy-mandated flags - as well as our security-enhancing ones!
Closes: #644427.
+ * Also set hardening=+pie,+bindnow buildflags options for maximum
+ security, since this is a security-sensitive daemon dealing with
+ untrusted input. Ubuntu has been building with these flags for a
+ while via hardening-wrappers, so the change is presumed safe.
-- Steve Langasek <vorlon at debian.org> Sun, 21 Aug 2011 11:25:07 -0700
Modified: openldap/trunk/debian/rules
===================================================================
--- openldap/trunk/debian/rules 2011-10-08 22:50:52 UTC (rev 1387)
+++ openldap/trunk/debian/rules 2011-10-09 00:59:03 UTC (rev 1388)
@@ -5,6 +5,7 @@
#DFSG_NONFREE = 1
export DEB_CFLAGS_MAINT_APPEND := -Wall -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
+export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow
DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
More information about the Pkg-openldap-devel
mailing list