Accepted hardening-wrapper 1.28~bpo50+1 (source all amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 28 Jun 2010 17:23:11 -0300
Source: hardening-wrapper
Binary: hardening-wrapper hardening-includes
Architecture: source all amd64
Version: 1.28~bpo50+1
Distribution: lenny-backports
Urgency: low
Maintainer: Package Hardening <hardening-discuss@lists.alioth.debian.org>
Changed-By: Ulises Vitulli <dererk@debian.org>
Description:
hardening-includes - Makefile for enabling compiler flags for security hardening
hardening-wrapper - Compiler wrapper to enable security hardening flags
Closes: 462682 465827 472324 475764 506066 535037 548250 564596 564840 567707 568622 574716 578488 586215
Changes:
hardening-wrapper (1.28~bpo50+1) lenny-backports; urgency=low
.
* Non-maintaner upload for backports.org
* Backport for Lenny Archive.
.
hardening-wrapper (1.28) unstable; urgency=low
.
* hardening.make: enable PIE on hurd (Closes: 586215), thanks to
Samuel Thibault.
.
hardening-wrapper (1.27) unstable; urgency=low
.
* hardening.make:
- disable RELRO on avr32.
- clarify use of CXXFLAGS.
* hardening-check: fix regex to correctly call sed (Closes: 578488).
.
hardening-wrapper (1.26) unstable; urgency=low
.
* hardening.make: disable PIE on avr32 (Closes: 574716).
.
hardening-wrapper (1.25) unstable; urgency=low
.
* debian/control:
- bump standards version: no changes needed.
- should not be considered "experimental".
* hardening-check: use readelf's "-s" instead of "-r" to avoid issues
with archs that lack sane relocations.
* tests/Makefile.common:
- adjust tests to include -s output.
- weaken nm symbol matching.
.
hardening-wrapper (1.24) unstable; urgency=low
.
* hardening-check: handle alternate names for relocation jump slots
(Closes: 568622)
* tests/Makefile.common: show relocations as well for future debugging.
.
hardening-wrapper (1.23) unstable; urgency=low
.
* hardening.make: correctly document how to disable PIE on a per-target
basis (Closes: 567707).
* tests/Makefile.{common,includes}: add HARDENING_DISABLE_* flags tests.
.
hardening-wrapper (1.22) unstable; urgency=low
.
* debian/hardening-wrapper.postrm: fix typo in diversion name
(Closes: 564840).
.
hardening-wrapper (1.21) unstable; urgency=low
.
* debian/control: add ${misc:Depends} to control file entries to
keep lintian happy.
* hardening-check: add -q option to only report failures.
* really handle gcc 4.5 diversion (Closes: 564596).
* handle ld diversion when binutils-gold installed (Closes: 535037).
.
hardening-wrapper (1.20) unstable; urgency=low
.
* hardening.make:
- switch to "filter" for easier to read logic.
- allow PIE for arm/armel, since it's only the kernel that lacks ASLR.
* tests/Makefile: perform test builds with -fstack-protector and -fPIE -pie
on all architectures just to have a record of the success/failure
in the build logs, even if we are manually selecting the defaults.
.
hardening-wrapper (1.19) unstable; urgency=low
.
* debian/rules: fix up arch/arch-indep rules to avoid rebuilding
arch-indep bits repeatedly.
* hardening-check, debian/{rules,hardening-includes.manpages},
tests/Makefile.common: add helper utility to allow users of
hardening-includes to evaluate the state of a given binary's
resulting hardening features.
* debian/rules: add gcc-4.5 to the diversion list.
.
hardening-wrapper (1.18) unstable; urgency=low
.
* debian/{control,rules}: add "hardening-includes" for use in other
Debian rules files.
* debian/rules, hardening.make: relocate/enhance architecture logic
to common makefile include file.
* tests/*: update to test both wrapper and include style.
.
hardening-wrapper (1.17) unstable; urgency=low
.
* Add Conflicts on binutils-gold, which also uses diversions against
gcc and friends (Closes: 535037, LP: #442636).
.
hardening-wrapper (1.16) unstable; urgency=low
.
* tests/Makefile: exclude relro test on hppa.
.
hardening-wrapper (1.15) unstable; urgency=low
.
* tests/Makefile: exclude tests based on architecture (ia64 w/o relro).
* debian/rules: disable PIE on mips/mipsel until bug 532821 is solved
(Closes: #548250).
.
hardening-wrapper (1.14) unstable; urgency=low
.
* hardened-ld: add ...BINDNOW for -Wl,-z,now ELF markings.
* debian/control: moved to standards version 3.8.2, no changes needed.
* tests/Makefile: add tests for RELRO and BIND_NOW.
* hardening-{cc,ld}.1: document BINDNOW and RELRO, add on to See Also.
.
hardening-wrapper (1.13) unstable; urgency=low
.
* hardened-cc: add ...DEBUG_SYMLINKS to visualize symlink resolution.
* hardened-cc: detect uninstalled targets and abort (Closes: #506066).
* debian/{rules,postinst,postrm}: add links for gcc-4.4.
* debian/control: moved to standards version 3.8.0, no changes needed.
.
hardening-wrapper (1.12) unstable; urgency=low
.
* hardened-cc: add -nostdlib test missing from older gcc (gcc-4.0, gcc-4.1).
* hardened-{cc,ld}: load system defaults from /etc/hardening-wrapper.conf
* hardened-{cc,ld}.1: updated man pages to mention system-wide config.
* hardened-{cc,ld}: handle relative symlinks correctly to address issues
pointed out by Sedat Dilek.
.
hardening-wrapper (1.11) unstable; urgency=low
.
* hardened-ld: disable PIE logic -- gcc should be the only part of the
toolchain requesting PIE.
* tests/Makefile: use -B instead of GCC_EXEC_PREFIX, which does not
do the right thing on all architectures.
.
hardening-wrapper (1.10) unstable; urgency=low
.
* hardened-cc, hardened-ld: re-arranged logic for "-pie". Old logic
was resulting in failed compiles under cmake.
* tests/Makefile: moved debian/rules tests into separate directory,
added -fPIC test cases, based on issues uncovered by cmake.
* debian/rules: disabled stack protector on mips, hppa -- not supported.
.
hardening-wrapper (1.9) unstable; urgency=low
.
* debian/rules:
- disable stack protector on arm, armel.
- disable PIE on arm, armel (thanks to Riku Voipio, Closes: 475764).
- show readelf output on test builds.
- fully link by tricking gcc into running the ld test wrapper.
* hello.c: re-arranged to exercise stack protector, report PIE.
* hardened-ld: add env var way to force use of /usr/bin/ld during tests.
.
hardening-wrapper (1.8) unstable; urgency=low
.
* debian/rules: disable stack protector on ia64 and alpha.
.
hardening-wrapper (1.7) unstable; urgency=low
.
* debian/rules: corrected binary-arch target (Closes: 472324).
.
hardening-wrapper (1.6) unstable; urgency=low
.
* debian/rules: build hardened-c++ from hardened-cc.
* debian/{rules,control}, hardened-cc: disable PIE by default on m68k,
hppa (Closes: #465827).
* hello.c: added test program to catch architecture-specific failures.
.
hardening-wrapper (1.5) unstable; urgency=low
.
* Fix typo in hardened-c++ self-check regex (Closes: #462682).
.
hardening-wrapper (1.4) unstable; urgency=low
.
* hardened-ld: fix relro argument passing (ld silently takes any -z arg).
.
hardening-wrapper (1.3) unstable; urgency=low
.
* hardened-{cc,c++}: fix -Wformat-security typo.
* debian/postinst: only clean up old diversions on a versioned upgrade.
* debian/postrm: do not require known arguments.
.
hardening-wrapper (1.2) unstable; urgency=low
.
* Move away from generic "builder" prefix to "hardened".
* Provide links for gcc 4.1, 4.2, and 4.3 instead of top-level links.
* Provide manpage link for package name.
* Clean up previous diversions.
* Move to "all" arch since arch-dep symlinks are no longer used.
Checksums-Sha1:
ee8fa9799a29e3923a37332344596e4bec82f898 1709 hardening-wrapper_1.28~bpo50+1.dsc
218d0f2e749e81a920989407f728d884f15e5557 14931 hardening-wrapper_1.28~bpo50+1.tar.gz
7cb8e0c62f7ca5830af05ddd19fc97bf0a0e8119 12410 hardening-includes_1.28~bpo50+1_all.deb
55797c288c3c1beb5043c819e3a27c0c5d17b087 11928 hardening-wrapper_1.28~bpo50+1_amd64.deb
Checksums-Sha256:
904db1864f92ff687b5e467f2ba4085e62282dd56e2e41e0ad7c6bad62f052ac 1709 hardening-wrapper_1.28~bpo50+1.dsc
22fc9a11896a6561e8821f449e79eabae99abf459033331d550bd5dde5d08453 14931 hardening-wrapper_1.28~bpo50+1.tar.gz
4c69ac119547bc3ba58e00e4413d6ecadb9403ae298ba89a31446d2f6ec4d8cf 12410 hardening-includes_1.28~bpo50+1_all.deb
2724933ccb62fa4764d1070c6618c734403f89b5166107b2f58ed11a81bdf9d3 11928 hardening-wrapper_1.28~bpo50+1_amd64.deb
Files:
0bc4998b0e9b5bab2634eb83ceb3ff2c 1709 devel extra hardening-wrapper_1.28~bpo50+1.dsc
39cc3760f912ac582686fcc16450376c 14931 devel extra hardening-wrapper_1.28~bpo50+1.tar.gz
197479b3f9fbcb7e6710f7eafb914806 12410 devel extra hardening-includes_1.28~bpo50+1_all.deb
e074ba7e89a0132a10990c12e5d735a8 11928 devel extra hardening-wrapper_1.28~bpo50+1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJMNrU9AAoJEAsA+2zr4tACUE4P/isf/VJho7mzT8T8igKNjO06
ZRyDJ8Pb/uMBECCoht9Tqz1BkPNVyxzTock9kaa6WqzV5ZArOb364mBhfLLOMzXX
zNShHpB/mtaJTIRHRMzDf2Q9/FOeyI5qbn5uQJBoZmcvJ5dtH3jsD8Ivtt+mOCkM
gfUkNCjsn+AgFkFisgcUx9+Z6wKFcsjBZ38K21IJCuu8k+m8sQSxyqyyoXl5N4De
QfFeWUO4NxlnH4YYEGx0Ec/nwF0tNRTfRMjWggCmcoQIwryPNUVlraFb5CcfCCeb
xS0OocZWJZTBqI9UV0Cdl6OD24ssSiOao7m/WhV2hIL4CEUSn+WFNRDWKAtlUlX9
BlxCfyYjEua5IJUV92ueYvSfc2lJZHtGL1Vr1taNSB0hRpjgaQ1X/duQzc8ZrBlb
InVDusWgURPpcLzj3cdFHFSTUOlpi4oeFcc/GdVPilEdKovTOFyXBXB+LQLy1r6W
Ma/oWyZ/V4YTbeG6x4mmGHKc7RoBNb7r0V67pGd4BRDJm42Xp1/dzKaNIqmgZfAs
FGvogQfcZ4Dbppjuq6DC03E6FTeOjXVWHuuIPvI+ZCY0PqBV+yJZcVx9VSCGRBcQ
VLhSE1qXsqKfXH5Y7EnA+V3pZFLot+8rEvFS7dOAzlTXOr0lOxjun6diHIxp6Up/
nGa5uBzs0LIXvwiCrUJk
=pS4j
-----END PGP SIGNATURE-----
Accepted:
hardening-includes_1.28~bpo50+1_all.deb
to pool/main/h/hardening-wrapper/hardening-includes_1.28~bpo50+1_all.deb
hardening-wrapper_1.28~bpo50+1.dsc
to pool/main/h/hardening-wrapper/hardening-wrapper_1.28~bpo50+1.dsc
hardening-wrapper_1.28~bpo50+1.tar.gz
to pool/main/h/hardening-wrapper/hardening-wrapper_1.28~bpo50+1.tar.gz
hardening-wrapper_1.28~bpo50+1_amd64.deb
to pool/main/h/hardening-wrapper/hardening-wrapper_1.28~bpo50+1_amd64.deb
Reply to: