In particular this enables the bindnow feature to fix the following
lintian notice:
I: libam7xxx0.1: hardening-no-bindnow usr/lib/libam7xxx.so.0.1.7
N:
N: This package provides an ELF binary that lacks the "bindnow" linker
N: flag.
N:
N: This is needed (together with "relro") to make the "Global Offset Table"
N: (GOT) fully read-only. The bindnow feature trades startup time for
N: improved security. Please consider enabling this feature or consider
N: overriding the tag (possibly with a comment about why).
N:
N: If you use dpkg-buildflags, you may have to add hardening=+bindnow or
N: hardening=+all to DEB_BUILD_MAINT_OPTIONS.
N:
N: The relevant compiler flags are set in LDFLAGS.
N:
N: Refer to https://wiki.debian.org/Hardening for details.
N:
N: Severity: wishlist, Certainty: certain
N:
N: Check: binaries, Type: binary, udeb
N:
#!/usr/bin/make -f
# -*- makefile -*-
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
export DEB_LDFLAGS_MAINT_APPEND = -Wl,-Bsymbolic-functions -Wl,--as-needed
%: