From 66a979e5c503ade59cb356add6510272b7fa29e0 Mon Sep 17 00:00:00 2001
From: Antonio Ospite <ao2@ao2.it>
Date: Fri, 2 Mar 2018 00:21:44 +0100
Subject: [PATCH] debian/rules: enable all hardening flags

In particular this enables the bindnow feature to fix the following
lintian notice:

I: libam7xxx0.1: hardening-no-bindnow usr/lib/libam7xxx.so.0.1.7
N:
N:    This package provides an ELF binary that lacks the "bindnow" linker
N:    flag.
N:
N:    This is needed (together with "relro") to make the "Global Offset Table"
N:    (GOT) fully read-only. The bindnow feature trades startup time for
N:    improved security. Please consider enabling this feature or consider
N:    overriding the tag (possibly with a comment about why).
N:
N:    If you use dpkg-buildflags, you may have to add hardening=+bindnow or
N:    hardening=+all to DEB_BUILD_MAINT_OPTIONS.
N:
N:    The relevant compiler flags are set in LDFLAGS.
N:
N:    Refer to https://wiki.debian.org/Hardening for details.
N:
N:    Severity: wishlist, Certainty: certain
N:
N:    Check: binaries, Type: binary, udeb
N:
---
 debian/rules | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/rules b/debian/rules
index 89ba88d..3174e6c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,6 +1,7 @@
 #!/usr/bin/make -f
 # -*- makefile -*-
 
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 export DEB_LDFLAGS_MAINT_APPEND = -Wl,-Bsymbolic-functions -Wl,--as-needed
 
 %:
-- 
2.1.4