From: Antonio Ospite Date: Thu, 1 Mar 2018 23:21:44 +0000 (+0100) Subject: debian/rules: enable all hardening flags X-Git-Tag: debian/0.1.7-1~17 X-Git-Url: https://git.ao2.it/libam7xxx.git/commitdiff_plain/66a979e5c503ade59cb356add6510272b7fa29e0 debian/rules: enable all hardening flags In particular this enables the bindnow feature to fix the following lintian notice: I: libam7xxx0.1: hardening-no-bindnow usr/lib/libam7xxx.so.0.1.7 N: N: This package provides an ELF binary that lacks the "bindnow" linker N: flag. N: N: This is needed (together with "relro") to make the "Global Offset Table" N: (GOT) fully read-only. The bindnow feature trades startup time for N: improved security. Please consider enabling this feature or consider N: overriding the tag (possibly with a comment about why). N: N: If you use dpkg-buildflags, you may have to add hardening=+bindnow or N: hardening=+all to DEB_BUILD_MAINT_OPTIONS. N: N: The relevant compiler flags are set in LDFLAGS. N: N: Refer to https://wiki.debian.org/Hardening for details. N: N: Severity: wishlist, Certainty: certain N: N: Check: binaries, Type: binary, udeb N: --- diff --git a/debian/rules b/debian/rules index 89ba88d..3174e6c 100755 --- a/debian/rules +++ b/debian/rules @@ -1,6 +1,7 @@ #!/usr/bin/make -f # -*- makefile -*- +export DEB_BUILD_MAINT_OPTIONS = hardening=+all export DEB_LDFLAGS_MAINT_APPEND = -Wl,-Bsymbolic-functions -Wl,--as-needed %: