[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted hardening-wrapper 1.29~bpo50+1 (source all amd64)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 12 Jul 2010 11:38:11 -0300
Source: hardening-wrapper
Binary: hardening-wrapper hardening-includes
Architecture: source all amd64
Version: 1.29~bpo50+1
Distribution: lenny-backports
Urgency: low
Maintainer: Package Hardening <hardening-discuss@lists.alioth.debian.org>
Changed-By: Ulises Vitulli <dererk@debian.org>
Description: 
 hardening-includes - Makefile for enabling compiler flags for security hardening
 hardening-wrapper - Compiler wrapper to enable security hardening flags
Closes: 462682 465827 472324 475764 506066 535037 548250 564596 564840 567707 568622 574716 578488 579409 586215
Changes: 
 hardening-wrapper (1.29~bpo50+1) lenny-backports; urgency=low
 .
   * Non-maintaner upload for backports.org
   * Backport for Lenny Archive.
 .
 hardening-wrapper (1.29) unstable; urgency=low
 .
   * debian/control: add Conflicts for binutils-multiarch (Closes: 579409,
     LP: #596136).
   * debian/hardening-wrapper.postrm: remove attempted diversions on
     installation failure.
 .
 hardening-wrapper (1.28) unstable; urgency=low
 .
   * hardening.make: enable PIE on hurd (Closes: 586215), thanks to
     Samuel Thibault.
 .
 hardening-wrapper (1.27) unstable; urgency=low
 .
   * hardening.make:
     - disable RELRO on avr32.
     - clarify use of CXXFLAGS.
   * hardening-check: fix regex to correctly call sed (Closes: 578488).
 .
 hardening-wrapper (1.26) unstable; urgency=low
 .
   * hardening.make: disable PIE on avr32 (Closes: 574716).
 .
 hardening-wrapper (1.25) unstable; urgency=low
 .
   * debian/control:
     - bump standards version: no changes needed.
     - should not be considered "experimental".
   * hardening-check: use readelf's "-s" instead of "-r" to avoid issues
     with archs that lack sane relocations.
   * tests/Makefile.common:
     - adjust tests to include -s output.
     - weaken nm symbol matching.
 .
 hardening-wrapper (1.24) unstable; urgency=low
 .
   * hardening-check: handle alternate names for relocation jump slots
     (Closes: 568622)
   * tests/Makefile.common: show relocations as well for future debugging.
 .
 hardening-wrapper (1.23) unstable; urgency=low
 .
   * hardening.make: correctly document how to disable PIE on a per-target
     basis (Closes: 567707).
   * tests/Makefile.{common,includes}: add HARDENING_DISABLE_* flags tests.
 .
 hardening-wrapper (1.22) unstable; urgency=low
 .
   * debian/hardening-wrapper.postrm: fix typo in diversion name
     (Closes: 564840).
 .
 hardening-wrapper (1.21) unstable; urgency=low
 .
   * debian/control: add ${misc:Depends} to control file entries to
     keep lintian happy.
   * hardening-check: add -q option to only report failures.
   * really handle gcc 4.5 diversion (Closes: 564596).
   * handle ld diversion when binutils-gold installed (Closes: 535037).
 .
 hardening-wrapper (1.20) unstable; urgency=low
 .
   * hardening.make:
     - switch to "filter" for easier to read logic.
     - allow PIE for arm/armel, since it's only the kernel that lacks ASLR.
   * tests/Makefile: perform test builds with -fstack-protector and -fPIE -pie
     on all architectures just to have a record of the success/failure
     in the build logs, even if we are manually selecting the defaults.
 .
 hardening-wrapper (1.19) unstable; urgency=low
 .
   * debian/rules: fix up arch/arch-indep rules to avoid rebuilding
     arch-indep bits repeatedly.
   * hardening-check, debian/{rules,hardening-includes.manpages},
     tests/Makefile.common: add helper utility to allow users of
     hardening-includes to evaluate the state of a given binary's
     resulting hardening features.
   * debian/rules: add gcc-4.5 to the diversion list.
 .
 hardening-wrapper (1.18) unstable; urgency=low
 .
   * debian/{control,rules}: add "hardening-includes" for use in other
     Debian rules files.
   * debian/rules, hardening.make: relocate/enhance architecture logic
     to common makefile include file.
   * tests/*: update to test both wrapper and include style.
 .
 hardening-wrapper (1.17) unstable; urgency=low
 .
   * Add Conflicts on binutils-gold, which also uses diversions against
     gcc and friends (Closes: 535037, LP: #442636).
 .
 hardening-wrapper (1.16) unstable; urgency=low
 .
   * tests/Makefile: exclude relro test on hppa.
 .
 hardening-wrapper (1.15) unstable; urgency=low
 .
   * tests/Makefile: exclude tests based on architecture (ia64 w/o relro).
   * debian/rules: disable PIE on mips/mipsel until bug 532821 is solved
     (Closes: #548250).
 .
 hardening-wrapper (1.14) unstable; urgency=low
 .
   * hardened-ld: add ...BINDNOW for -Wl,-z,now ELF markings.
   * debian/control: moved to standards version 3.8.2, no changes needed.
   * tests/Makefile: add tests for RELRO and BIND_NOW.
   * hardening-{cc,ld}.1: document BINDNOW and RELRO, add on to See Also.
 .
 hardening-wrapper (1.13) unstable; urgency=low
 .
   * hardened-cc: add ...DEBUG_SYMLINKS to visualize symlink resolution.
   * hardened-cc: detect uninstalled targets and abort (Closes: #506066).
   * debian/{rules,postinst,postrm}: add links for gcc-4.4.
   * debian/control: moved to standards version 3.8.0, no changes needed.
 .
 hardening-wrapper (1.12) unstable; urgency=low
 .
   * hardened-cc: add -nostdlib test missing from older gcc (gcc-4.0, gcc-4.1).
   * hardened-{cc,ld}: load system defaults from /etc/hardening-wrapper.conf
   * hardened-{cc,ld}.1: updated man pages to mention system-wide config.
   * hardened-{cc,ld}: handle relative symlinks correctly to address issues
     pointed out by Sedat Dilek.
 .
 hardening-wrapper (1.11) unstable; urgency=low
 .
   * hardened-ld: disable PIE logic -- gcc should be the only part of the
     toolchain requesting PIE.
   * tests/Makefile: use -B instead of GCC_EXEC_PREFIX, which does not
     do the right thing on all architectures.
 .
 hardening-wrapper (1.10) unstable; urgency=low
 .
   * hardened-cc, hardened-ld: re-arranged logic for "-pie".  Old logic
     was resulting in failed compiles under cmake.
   * tests/Makefile: moved debian/rules tests into separate directory,
     added -fPIC test cases, based on issues uncovered by cmake.
   * debian/rules: disabled stack protector on mips, hppa -- not supported.
 .
 hardening-wrapper (1.9) unstable; urgency=low
 .
   * debian/rules:
     - disable stack protector on arm, armel.
     - disable PIE on arm, armel (thanks to Riku Voipio, Closes: 475764).
     - show readelf output on test builds.
     - fully link by tricking gcc into running the ld test wrapper.
   * hello.c: re-arranged to exercise stack protector, report PIE.
   * hardened-ld: add env var way to force use of /usr/bin/ld during tests.
 .
 hardening-wrapper (1.8) unstable; urgency=low
 .
   * debian/rules: disable stack protector on ia64 and alpha.
 .
 hardening-wrapper (1.7) unstable; urgency=low
 .
   * debian/rules: corrected binary-arch target (Closes: 472324).
 .
 hardening-wrapper (1.6) unstable; urgency=low
 .
   * debian/rules: build hardened-c++ from hardened-cc.
   * debian/{rules,control}, hardened-cc: disable PIE by default on m68k,
     hppa (Closes: #465827).
   * hello.c: added test program to catch architecture-specific failures.
 .
 hardening-wrapper (1.5) unstable; urgency=low
 .
   * Fix typo in hardened-c++ self-check regex (Closes: #462682).
 .
 hardening-wrapper (1.4) unstable; urgency=low
 .
   * hardened-ld: fix relro argument passing (ld silently takes any -z arg).
 .
 hardening-wrapper (1.3) unstable; urgency=low
 .
   * hardened-{cc,c++}: fix -Wformat-security typo.
   * debian/postinst: only clean up old diversions on a versioned upgrade.
   * debian/postrm: do not require known arguments.
 .
 hardening-wrapper (1.2) unstable; urgency=low
 .
   * Move away from generic "builder" prefix to "hardened".
   * Provide links for gcc 4.1, 4.2, and 4.3 instead of top-level links.
   * Provide manpage link for package name.
   * Clean up previous diversions.
   * Move to "all" arch since arch-dep symlinks are no longer used.
 .
 hardening-wrapper (1.1) unstable; urgency=low
 .
   * Initial release.
Checksums-Sha1: 
 d3d1ee18968320f4812b965d8d406a0189bad3ee 1709 hardening-wrapper_1.29~bpo50+1.dsc
 0641b20b48d265dd419a4d7fcd4a83dafbc8021b 15035 hardening-wrapper_1.29~bpo50+1.tar.gz
 1963f36762a79e61743b5d33e4070a465ee0e320 12498 hardening-includes_1.29~bpo50+1_all.deb
 a4d9bbd6c1d185300d425e95c2294fdbfe926f3b 12062 hardening-wrapper_1.29~bpo50+1_amd64.deb
Checksums-Sha256: 
 fec9f73b4ad8c8f75c2be12cf9d4c06984b2124e1533f85c342a20aad9206d1b 1709 hardening-wrapper_1.29~bpo50+1.dsc
 037cd4751407e35ae651e26535627c2203ed3b312b562d133043d99268a4b31f 15035 hardening-wrapper_1.29~bpo50+1.tar.gz
 b7a8817f32d5663d96822908c841bd379efeff03e8f2022f51c540bfb793402b 12498 hardening-includes_1.29~bpo50+1_all.deb
 b03b99d8612e042f4679aee061940d3337cb8927c74bb6947990e463ec05596b 12062 hardening-wrapper_1.29~bpo50+1_amd64.deb
Files: 
 5be7a7878c444ec7cdcaed80a2248f68 1709 devel extra hardening-wrapper_1.29~bpo50+1.dsc
 7b638161a639629c0689c8581c55eec8 15035 devel extra hardening-wrapper_1.29~bpo50+1.tar.gz
 e071a4fb49c46d4ed63ee33e47c81f03 12498 devel extra hardening-includes_1.29~bpo50+1_all.deb
 23603fe7263f1ba60bb516ae57609d6f 12062 devel extra hardening-wrapper_1.29~bpo50+1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJMOyoOAAoJEAsA+2zr4tACSscQAJ9MUK1WzG7H8qYnPTqeWFdo
49nKOHCPGEtB+/f6lS2B1IzjDeoIF03K3adlRgUrqFvKuBkZpyNlcqwiOeKMYPNd
faai8t6WH53mBa8/bQ4R//8B8kyhjPB69NGg8zWI7BEbi+ZWPcAej3x27rTI1cxV
Uaz28mdw+ZkbGkgqBb2m8dtbz0A9PmLpAaawLirD19EaQp+qLY1SGjzAhfJ3rwkB
0p3aQ8jNLRgjjValPRhlB/muqDZc1RuKyOXjcgqga1N+MXiO6SQuTuxrT13D9dMR
JX3h25tF7h2dpFAjDKL5nmjYacrxcLr/1JNJFxHcMMr2gk9vf4mxzMkuxK6eYUku
H4NO+SPEqnBya8oFPdnOG1ytv2Xx2lHNGXgo2Wp4Y4UkBikORZOM26BwFEyTQpxA
woJysYub9P030M2wCN0Lasnmg+oSa/sAG3V7r1EzcVHLIqHMmquVpDYQ1YMEOuxM
9NJ7PfcomechfvhjOTx9GqbNTS55KOWu7R4vSGE+fos6bn9hK3L6ACvgf6wZgaFZ
nOtANWsZgd7xxKlgko21So71nXrS0RBgfpVXGytE16tHuFSFW52KaARK2c6II3Ve
lJ7HyQ7YViQwyCbmZCVVPs6lfk8EsSX+dbMXri5TPfJte4LCRCuu5lXA7njgwvX6
O6auZSxyrixzNw5lgLln
=xqJu
-----END PGP SIGNATURE-----


Accepted:
hardening-includes_1.29~bpo50+1_all.deb
  to pool/main/h/hardening-wrapper/hardening-includes_1.29~bpo50+1_all.deb
hardening-wrapper_1.29~bpo50+1.dsc
  to pool/main/h/hardening-wrapper/hardening-wrapper_1.29~bpo50+1.dsc
hardening-wrapper_1.29~bpo50+1.tar.gz
  to pool/main/h/hardening-wrapper/hardening-wrapper_1.29~bpo50+1.tar.gz
hardening-wrapper_1.29~bpo50+1_amd64.deb
  to pool/main/h/hardening-wrapper/hardening-wrapper_1.29~bpo50+1_amd64.deb


Reply to: