lp:debian/stretch/hardening-wrapper

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

37. By Kees Cook on 2014-11-14

* hardening.make: drop mips restriction on building PIE.
* hardened-cc: fix comment typo, thanks to Steven Honeyman.
* hardened-cc: disable format-security when related arguments
  are already present, thanks to Steve Beattie (Closes: 767269).
* tests/Makefile.common: include tests for new format-security
  disabling abilities.

36. By Kees Cook on 2014-09-24

* Acknowledge NMU, thanks Aurelien Jarno!
* debian/rules: add clarifying comment about dpkg-buildflags.
* hardening.make, debian/README.Debian:
  - switch to -fstack-protector-strong, thanks to Romain Francoise
    (Closes: 762662).
  - enable stack protector on mips*, arm64.
* hardened-cc: use -fstack-protector-strong when old GCC not found.
* tests/
  - Makefile: add -fstack-protector-strong to logs
  - Makefile.common, ssp-buffer-type-protect.c: check for -strong behavior

35. By Aurelien Jarno on 2014-08-21

* Non-maintainer upload.
* Disable standard hardening flags for test suite, to avoid conflicting
  with hardening-wrapper's own flags which are being tested. Thanks to
  Romain Francoise for the patch (Closes: 752717).

34. By Kees Cook on 2013-12-17

* hardened-ld: detect symlink loops, like done for hardened-cc already
  (Closes: 732403).
* hardening.make: disable stack protector on arm64 (glibc support needed).
* debian/control: bump standards, no changes needed.

33. By Kees Cook on 2013-09-13

* debian/hardening-wrapper.{links,preinst,postrm}: add gcc 4.9 to
  the diversion list.
* improve "compiler not installed" message (Closes: 709582).
* Added short option aliasas and stopped using $PAGER for man page
  spewing, thanks to Jari Aalto (Closes: 709105). Left option ordering
  how I prefer: grouped by function and long options first.
* hardened-{cc,ld,cc.1}: add new DEB_BUILD_HARDENING_DEBUG_OUTPUT for
  redirecting STDERR debug output, if needed (Closes: 679773).
* debian/control: bump standards, no changes needed.

32. By Kees Cook on 2012-12-16

* debian/hardening-wrapper.{prerm,postinst,links}, debian/README.Debian:
  add gcc-4.8 to the diversion list, and sync list of compiler versions
  (Closes: 681799).
* hardening-check: fix hash size check syntax (Closes: 682451).

31. By Kees Cook on 2012-06-14

* debian/control: add missing Dep on binutils, thanks to Stéphane Graber.
* hardened-cc: use "=" as argument separator for better interoperability
  with dpkg-buildflags.
* hardening-check: reset tag list for each argument (Closes: 677530).

30. By Kees Cook on 2012-04-02

* hardening-check:
  - handle _local suffix for non-ELF i386 objects (Closes: 666895).
  - add "-h" for "--help".
  - sort and indent libc function list for easier review.
* Makefile: retain newlines when generating libc function list.

29. By Kees Cook on 2012-03-31

* hardening-check: add color, based on a patch from Simon Ruderich.
* hardening-check: fix lintian tag for non-PIE ELF to "no-pie".
* debian/rules, debian/hardening-wrapper.{prerm,postinst}: add gcc-4.7
  to the diversion list (Closes: 666520).
* debian/control:
  - fix Vcs-Browser link for loggerhead (Closes: 664495).
  - add Multiarch tag to hardening-includes (Closes: 666471).
* Makefile, debian/*: convert to dh(1).
* hardening-check: generate list of libc functions at build time.
* hardening-check, tests/Makefile.common: add support for scanning
  object archives for stack-protector and fortify (Closes: 664862).

28. By Kees Cook on 2012-01-27

hardening-check: fix function-finder to accept IFUNC too, improve
reporting slightly, improve manpage to explain false alarms.