Accepted hardening-wrapper 1.29~bpo50+1 (source all amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 12 Jul 2010 11:38:11 -0300
Source: hardening-wrapper
Binary: hardening-wrapper hardening-includes
Architecture: source all amd64
Version: 1.29~bpo50+1
Distribution: lenny-backports
Urgency: low
Maintainer: Package Hardening <hardening-discuss@lists.alioth.debian.org>
Changed-By: Ulises Vitulli <dererk@debian.org>
Description:
hardening-includes - Makefile for enabling compiler flags for security hardening
hardening-wrapper - Compiler wrapper to enable security hardening flags
Closes: 462682 465827 472324 475764 506066 535037 548250 564596 564840 567707 568622 574716 578488 579409 586215
Changes:
hardening-wrapper (1.29~bpo50+1) lenny-backports; urgency=low
.
* Non-maintaner upload for backports.org
* Backport for Lenny Archive.
.
hardening-wrapper (1.29) unstable; urgency=low
.
* debian/control: add Conflicts for binutils-multiarch (Closes: 579409,
LP: #596136).
* debian/hardening-wrapper.postrm: remove attempted diversions on
installation failure.
.
hardening-wrapper (1.28) unstable; urgency=low
.
* hardening.make: enable PIE on hurd (Closes: 586215), thanks to
Samuel Thibault.
.
hardening-wrapper (1.27) unstable; urgency=low
.
* hardening.make:
- disable RELRO on avr32.
- clarify use of CXXFLAGS.
* hardening-check: fix regex to correctly call sed (Closes: 578488).
.
hardening-wrapper (1.26) unstable; urgency=low
.
* hardening.make: disable PIE on avr32 (Closes: 574716).
.
hardening-wrapper (1.25) unstable; urgency=low
.
* debian/control:
- bump standards version: no changes needed.
- should not be considered "experimental".
* hardening-check: use readelf's "-s" instead of "-r" to avoid issues
with archs that lack sane relocations.
* tests/Makefile.common:
- adjust tests to include -s output.
- weaken nm symbol matching.
.
hardening-wrapper (1.24) unstable; urgency=low
.
* hardening-check: handle alternate names for relocation jump slots
(Closes: 568622)
* tests/Makefile.common: show relocations as well for future debugging.
.
hardening-wrapper (1.23) unstable; urgency=low
.
* hardening.make: correctly document how to disable PIE on a per-target
basis (Closes: 567707).
* tests/Makefile.{common,includes}: add HARDENING_DISABLE_* flags tests.
.
hardening-wrapper (1.22) unstable; urgency=low
.
* debian/hardening-wrapper.postrm: fix typo in diversion name
(Closes: 564840).
.
hardening-wrapper (1.21) unstable; urgency=low
.
* debian/control: add ${misc:Depends} to control file entries to
keep lintian happy.
* hardening-check: add -q option to only report failures.
* really handle gcc 4.5 diversion (Closes: 564596).
* handle ld diversion when binutils-gold installed (Closes: 535037).
.
hardening-wrapper (1.20) unstable; urgency=low
.
* hardening.make:
- switch to "filter" for easier to read logic.
- allow PIE for arm/armel, since it's only the kernel that lacks ASLR.
* tests/Makefile: perform test builds with -fstack-protector and -fPIE -pie
on all architectures just to have a record of the success/failure
in the build logs, even if we are manually selecting the defaults.
.
hardening-wrapper (1.19) unstable; urgency=low
.
* debian/rules: fix up arch/arch-indep rules to avoid rebuilding
arch-indep bits repeatedly.
* hardening-check, debian/{rules,hardening-includes.manpages},
tests/Makefile.common: add helper utility to allow users of
hardening-includes to evaluate the state of a given binary's
resulting hardening features.
* debian/rules: add gcc-4.5 to the diversion list.
.
hardening-wrapper (1.18) unstable; urgency=low
.
* debian/{control,rules}: add "hardening-includes" for use in other
Debian rules files.
* debian/rules, hardening.make: relocate/enhance architecture logic
to common makefile include file.
* tests/*: update to test both wrapper and include style.
.
hardening-wrapper (1.17) unstable; urgency=low
.
* Add Conflicts on binutils-gold, which also uses diversions against
gcc and friends (Closes: 535037, LP: #442636).
.
hardening-wrapper (1.16) unstable; urgency=low
.
* tests/Makefile: exclude relro test on hppa.
.
hardening-wrapper (1.15) unstable; urgency=low
.
* tests/Makefile: exclude tests based on architecture (ia64 w/o relro).
* debian/rules: disable PIE on mips/mipsel until bug 532821 is solved
(Closes: #548250).
.
hardening-wrapper (1.14) unstable; urgency=low
.
* hardened-ld: add ...BINDNOW for -Wl,-z,now ELF markings.
* debian/control: moved to standards version 3.8.2, no changes needed.
* tests/Makefile: add tests for RELRO and BIND_NOW.
* hardening-{cc,ld}.1: document BINDNOW and RELRO, add on to See Also.
.
hardening-wrapper (1.13) unstable; urgency=low
.
* hardened-cc: add ...DEBUG_SYMLINKS to visualize symlink resolution.
* hardened-cc: detect uninstalled targets and abort (Closes: #506066).
* debian/{rules,postinst,postrm}: add links for gcc-4.4.
* debian/control: moved to standards version 3.8.0, no changes needed.
.
hardening-wrapper (1.12) unstable; urgency=low
.
* hardened-cc: add -nostdlib test missing from older gcc (gcc-4.0, gcc-4.1).
* hardened-{cc,ld}: load system defaults from /etc/hardening-wrapper.conf
* hardened-{cc,ld}.1: updated man pages to mention system-wide config.
* hardened-{cc,ld}: handle relative symlinks correctly to address issues
pointed out by Sedat Dilek.
.
hardening-wrapper (1.11) unstable; urgency=low
.
* hardened-ld: disable PIE logic -- gcc should be the only part of the
toolchain requesting PIE.
* tests/Makefile: use -B instead of GCC_EXEC_PREFIX, which does not
do the right thing on all architectures.
.
hardening-wrapper (1.10) unstable; urgency=low
.
* hardened-cc, hardened-ld: re-arranged logic for "-pie". Old logic
was resulting in failed compiles under cmake.
* tests/Makefile: moved debian/rules tests into separate directory,
added -fPIC test cases, based on issues uncovered by cmake.
* debian/rules: disabled stack protector on mips, hppa -- not supported.
.
hardening-wrapper (1.9) unstable; urgency=low
.
* debian/rules:
- disable stack protector on arm, armel.
- disable PIE on arm, armel (thanks to Riku Voipio, Closes: 475764).
- show readelf output on test builds.
- fully link by tricking gcc into running the ld test wrapper.
* hello.c: re-arranged to exercise stack protector, report PIE.
* hardened-ld: add env var way to force use of /usr/bin/ld during tests.
.
hardening-wrapper (1.8) unstable; urgency=low
.
* debian/rules: disable stack protector on ia64 and alpha.
.
hardening-wrapper (1.7) unstable; urgency=low
.
* debian/rules: corrected binary-arch target (Closes: 472324).
.
hardening-wrapper (1.6) unstable; urgency=low
.
* debian/rules: build hardened-c++ from hardened-cc.
* debian/{rules,control}, hardened-cc: disable PIE by default on m68k,
hppa (Closes: #465827).
* hello.c: added test program to catch architecture-specific failures.
.
hardening-wrapper (1.5) unstable; urgency=low
.
* Fix typo in hardened-c++ self-check regex (Closes: #462682).
.
hardening-wrapper (1.4) unstable; urgency=low
.
* hardened-ld: fix relro argument passing (ld silently takes any -z arg).
.
hardening-wrapper (1.3) unstable; urgency=low
.
* hardened-{cc,c++}: fix -Wformat-security typo.
* debian/postinst: only clean up old diversions on a versioned upgrade.
* debian/postrm: do not require known arguments.
.
hardening-wrapper (1.2) unstable; urgency=low
.
* Move away from generic "builder" prefix to "hardened".
* Provide links for gcc 4.1, 4.2, and 4.3 instead of top-level links.
* Provide manpage link for package name.
* Clean up previous diversions.
* Move to "all" arch since arch-dep symlinks are no longer used.
.
hardening-wrapper (1.1) unstable; urgency=low
.
* Initial release.
Checksums-Sha1:
d3d1ee18968320f4812b965d8d406a0189bad3ee 1709 hardening-wrapper_1.29~bpo50+1.dsc
0641b20b48d265dd419a4d7fcd4a83dafbc8021b 15035 hardening-wrapper_1.29~bpo50+1.tar.gz
1963f36762a79e61743b5d33e4070a465ee0e320 12498 hardening-includes_1.29~bpo50+1_all.deb
a4d9bbd6c1d185300d425e95c2294fdbfe926f3b 12062 hardening-wrapper_1.29~bpo50+1_amd64.deb
Checksums-Sha256:
fec9f73b4ad8c8f75c2be12cf9d4c06984b2124e1533f85c342a20aad9206d1b 1709 hardening-wrapper_1.29~bpo50+1.dsc
037cd4751407e35ae651e26535627c2203ed3b312b562d133043d99268a4b31f 15035 hardening-wrapper_1.29~bpo50+1.tar.gz
b7a8817f32d5663d96822908c841bd379efeff03e8f2022f51c540bfb793402b 12498 hardening-includes_1.29~bpo50+1_all.deb
b03b99d8612e042f4679aee061940d3337cb8927c74bb6947990e463ec05596b 12062 hardening-wrapper_1.29~bpo50+1_amd64.deb
Files:
5be7a7878c444ec7cdcaed80a2248f68 1709 devel extra hardening-wrapper_1.29~bpo50+1.dsc
7b638161a639629c0689c8581c55eec8 15035 devel extra hardening-wrapper_1.29~bpo50+1.tar.gz
e071a4fb49c46d4ed63ee33e47c81f03 12498 devel extra hardening-includes_1.29~bpo50+1_all.deb
23603fe7263f1ba60bb516ae57609d6f 12062 devel extra hardening-wrapper_1.29~bpo50+1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJMOyoOAAoJEAsA+2zr4tACSscQAJ9MUK1WzG7H8qYnPTqeWFdo
49nKOHCPGEtB+/f6lS2B1IzjDeoIF03K3adlRgUrqFvKuBkZpyNlcqwiOeKMYPNd
faai8t6WH53mBa8/bQ4R//8B8kyhjPB69NGg8zWI7BEbi+ZWPcAej3x27rTI1cxV
Uaz28mdw+ZkbGkgqBb2m8dtbz0A9PmLpAaawLirD19EaQp+qLY1SGjzAhfJ3rwkB
0p3aQ8jNLRgjjValPRhlB/muqDZc1RuKyOXjcgqga1N+MXiO6SQuTuxrT13D9dMR
JX3h25tF7h2dpFAjDKL5nmjYacrxcLr/1JNJFxHcMMr2gk9vf4mxzMkuxK6eYUku
H4NO+SPEqnBya8oFPdnOG1ytv2Xx2lHNGXgo2Wp4Y4UkBikORZOM26BwFEyTQpxA
woJysYub9P030M2wCN0Lasnmg+oSa/sAG3V7r1EzcVHLIqHMmquVpDYQ1YMEOuxM
9NJ7PfcomechfvhjOTx9GqbNTS55KOWu7R4vSGE+fos6bn9hK3L6ACvgf6wZgaFZ
nOtANWsZgd7xxKlgko21So71nXrS0RBgfpVXGytE16tHuFSFW52KaARK2c6II3Ve
lJ7HyQ7YViQwyCbmZCVVPs6lfk8EsSX+dbMXri5TPfJte4LCRCuu5lXA7njgwvX6
O6auZSxyrixzNw5lgLln
=xqJu
-----END PGP SIGNATURE-----
Accepted:
hardening-includes_1.29~bpo50+1_all.deb
to pool/main/h/hardening-wrapper/hardening-includes_1.29~bpo50+1_all.deb
hardening-wrapper_1.29~bpo50+1.dsc
to pool/main/h/hardening-wrapper/hardening-wrapper_1.29~bpo50+1.dsc
hardening-wrapper_1.29~bpo50+1.tar.gz
to pool/main/h/hardening-wrapper/hardening-wrapper_1.29~bpo50+1.tar.gz
hardening-wrapper_1.29~bpo50+1_amd64.deb
to pool/main/h/hardening-wrapper/hardening-wrapper_1.29~bpo50+1_amd64.deb
Reply to: