Ubuntu
hardening-wrapper package

lp:ubuntu/lucid/hardening-wrapper

Lucid (10.04)
lucid

Created by James Westby on 2009-12-05 and last modified on 2010-03-01

Get this branch:: bzr branch lp:ubuntu/lucid/hardening-wrapper

Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Development

Recent revisions

18. By Kees Cook on 2010-03-01: * debian/control:
  - bump standards version: no changes needed.
  - should not be considered "experimental".
* hardening-check: use readelf's "-s" instead of "-r" to avoid issues
  with archs that lack sane relocations.
* tests/Makefile.common:
  - adjust tests to include -s output.
  - weaken nm symbol matching.
17. By Kees Cook on 2010-02-09: * hardening-check: handle alternate names for relocation jump slots
(Closes: 568622)
* tests/Makefile.common: show relocations as well for future debugging.
16. By Kees Cook on 2010-01-30: * hardening.make: correctly document how to disable PIE on a per-target
basis (Closes: 567707).
* tests/Makefile.{common,includes}: add HARDENING_DISABLE_* flags tests.
15. By Kees Cook on 2010-01-12: debian/hardening-wrapper.postrm: fix typo in diversion name
(Closes: 564840).
14. By Kees Cook on 2010-01-10: * debian/control: add ${misc:Depends} to control file entries to
keep lintian happy.
* hardening-check: add -q option to only report failures.
* really handle gcc 4.5 diversion (Closes: 564596).
* handle ld diversion when binutils-gold installed (Closes: 535037).
13. By Kees Cook on 2009-12-25: * hardening.make:
  - switch to "filter" for easier to read logic.
  - allow PIE for arm/armel, since it's only the kernel that lacks ASLR.
* tests/Makefile: perform test builds with -fstack-protector and -fPIE -pie
  on all architectures just to have a record of the success/failure
  in the build logs, even if we are manually selecting the defaults.
12. By Kees Cook on 2009-11-25: Add Conflicts on binutils-gold, which also uses diversions against
gcc and friends (Closes: 535037, LP: #442636).
11. By Kees Cook on 2009-10-29: tests/Makefile: exclude relro test on hppa.
10. By Kees Cook on 2009-07-22: * hardened-ld: add ...BINDNOW for -Wl,-z,now ELF markings.
* debian/control: moved to standards version 3.8.2, no changes needed.
* tests/Makefile: add tests for RELRO and BIND_NOW.
* hardening-{cc,ld}.1: document BINDNOW and RELRO, add on to See Also.
9. By Kees Cook on 2008-11-20: * hardened-cc: add ...DEBUG_SYMLINKS to visualize symlink resolution.
* hardened-cc: detect uninstalled targets and abort (Closes: #506066).
* debian/{rules,postinst,postrm}: add links for gcc-4.4.
* debian/control: moved to standards version 3.8.0, no changes needed.

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/maverick/hardening-wrapper

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntuhardening-wrapper package