[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#696261: marked as done (mention security hardening under "what's new")

Your message dated Sat, 26 Jan 2013 14:28:44 +0100
with message-id <20130126132844.GC28924@beskar.mdcc.cx>
and subject line release-notes: mention security hardening under "what's new"
has caused the Debian Bug report #696261,
regarding mention security hardening under "what's new"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

696261: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696261
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release-notes
Tags: patch


Attached patch adds a "what's new" item on the security hardening build
flags release goal. Please consider to apply. I'm not currently aware of
other hardening improvements except the flags, but if there are, they can
of course be included in this section.

Index: en/whats-new.dbk
--- en/whats-new.dbk	(revision 9515)
+++ en/whats-new.dbk	(working copy)
@@ -450,6 +450,25 @@
+<section id="hardening">
+  <title>Hardened security</title>
+  <para>
+  Many Debian packages have now been built with <systemitem role="package">gcc</systemitem>
+  compiler hardening flags enabled. These flags enable various protections against
+  security issues such as stack smashing, predictable locations of values in memory, etc.
+  An effort has been made to ensure that as many packages as possible include these
+  flags, especially focusing on those in the 'base'-installation, network-accessible
+  daemons and packages which have had security issues in recent years. 
+  </para>
+  <para>Note that the hardened build flags are not enabled by default in
+  <systemitem role="package">gcc</systemitem>, so are not used automatically
+  when locally building software. The package
+  <systemitem role="package">hardening-wrapper</systemitem> can provide a
+  <filename>gcc</systemitem> with these flags enabled.
+  </para>
 <section id="stable-updates">
   <title>The stable-updates section</title>

--- End Message ---
--- Begin Message ---
patch applied in commit r9552.  Thanks!



--- End Message ---

Reply to: