debian/rules: enable all hardening flags

In particular this enables the bindnow feature to fix the following
lintian notice:

I: libam7xxx0.1: hardening-no-bindnow usr/lib/libam7xxx.so.0.1.7
N:
N:    This package provides an ELF binary that lacks the "bindnow" linker
N:    flag.
N:
N:    This is needed (together with "relro") to make the "Global Offset Table"
N:    (GOT) fully read-only. The bindnow feature trades startup time for
N:    improved security. Please consider enabling this feature or consider
N:    overriding the tag (possibly with a comment about why).
N:
N:    If you use dpkg-buildflags, you may have to add hardening=+bindnow or
N:    hardening=+all to DEB_BUILD_MAINT_OPTIONS.
N:
N:    The relevant compiler flags are set in LDFLAGS.
N:
N:    Refer to https://wiki.debian.org/Hardening for details.
N:
N:    Severity: wishlist, Certainty: certain
N:
N:    Check: binaries, Type: binary, udeb
N:

diff --git a/debian/rules b/debian/rules
index 89ba88d..3174e6c 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -1,6 +1,7 @@
 #!/usr/bin/make -f
 # -*- makefile -*-
 
 #!/usr/bin/make -f
 # -*- makefile -*-
 

+export DEB_BUILD_MAINT_OPTIONS = hardening=+all

 export DEB_LDFLAGS_MAINT_APPEND = -Wl,-Bsymbolic-functions -Wl,--as-needed
 
 %:
 export DEB_LDFLAGS_MAINT_APPEND = -Wl,-Bsymbolic-functions -Wl,--as-needed
 
 %: