Bug#696261: mention security hardening under "what's new"
Package: release-notes
Tags: patch
Hi,
Attached patch adds a "what's new" item on the security hardening build
flags release goal. Please consider to apply. I'm not currently aware of
other hardening improvements except the flags, but if there are, they can
of course be included in this section.
Cheers,
Thijs
Index: en/whats-new.dbk
===================================================================
--- en/whats-new.dbk (revision 9515)
+++ en/whats-new.dbk (working copy)
@@ -450,6 +450,25 @@
</section>
+<section id="hardening">
+ <title>Hardened security</title>
+ <para>
+ Many Debian packages have now been built with <systemitem role="package">gcc</systemitem>
+ compiler hardening flags enabled. These flags enable various protections against
+ security issues such as stack smashing, predictable locations of values in memory, etc.
+ An effort has been made to ensure that as many packages as possible include these
+ flags, especially focusing on those in the 'base'-installation, network-accessible
+ daemons and packages which have had security issues in recent years.
+ </para>
+
+ <para>Note that the hardened build flags are not enabled by default in
+ <systemitem role="package">gcc</systemitem>, so are not used automatically
+ when locally building software. The package
+ <systemitem role="package">hardening-wrapper</systemitem> can provide a
+ <filename>gcc</systemitem> with these flags enabled.
+ </para>
+</section>
+
<section id="stable-updates">
<title>The stable-updates section</title>
<para>
Reply to: