Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/precise/hardening-wrapper
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

29. By Colin Watson

Make bash-completion Multi-Arch: foreign, so that it can satisfy

28. By Kees Cook

hardening-check: fix function-finder to accept IFUNC too, improve
reporting slightly, improve manpage to explain false alarms.

27. By Kees Cook

* debian/control: switch to "optional" priority so lintian can depend
  on hardening-includes.
* hardening-check: rewrite in Perl, add "--lintian" mode, to support
  fixing bug 650536.

26. By Kees Cook

* debian/control: update VCS tags for bzr.
* hardening{-check,.make}: correct documentation from -O2 to -O1.
* hardened-{cc,ld}, hardening.make, debian/rules: use DEB_HOST_ARCH instead
  of of DEB_HOST_ARCH_CPU for behavioral defaults (Closes: 635642).

25. By Kees Cook

* debian/control:
  - bump to standards 3.9.2; no changes needed
  - hardening-wrapper: mark as Multi-Arch: foreign for build sanity.
* debian/source/format: mark as 3.0 native.

24. By Kees Cook

* debian/rules, debian/hardening-wrapper.{prerm,preinst,postinst}:
  remove gcc-4.1 diversions since it has been removed from unstable.
* hardened-cc, hardening.make: add "-Werror=format-security" by default
  (Closes: #587358).
* tests/Makefile.common, tests/format.c: add test for newly added
  "-Werror=format-security" default option.
* hardened-cc, hardening.make: add "--param ssp-buffer-size=4" by
  default to catch smaller character arrays.
* tests/Makefile.common, tests/ssp-buffer-size-{protect,skip}.c:
  add tests for newly added "--param ssp-buffer-size=4" default.
* debian/README.Debian: updated to include newly added options.
* hardened-cc: disable -fstack-protector when -ffreestanding used.
* hardening.make: provide examples for working around build-time
  collisions between "-fPIE" and "-fPIC" (Closes: #596150).

23. By Kees Cook

* tests/Makefile.common: do not require @@GLIBC suffix for nm tests.
* tests/Makefile.wrapper: include symlink for ld.gold testing.
* hardening-check: improve hardening-check to parse BIND_NOW also from
  the FLAGS dynamic section.

22. By Kees Cook

* debian/README.Debian: update for gcc versions, include minimal
  notes on hardening-includes (Closes: 592847, 592846).
* debian/rules, debian/hardening-wrapper.{prerm,postinst}: add gcc-4.6
  to the diversion list.
* debian/control: remove binutils-multiarch conflict now that ld.bfd
  is no longer diverted.

21. By Kees Cook

* debian/control: add Conflicts for binutils-multiarch (Closes: 579409,
  LP: #596136).
* debian/hardening-wrapper.postrm: remove attempted diversions on
  installation failure.

20. By Kees Cook

hardening.make: enable PIE on hurd (Closes: 586215), thanks to
Samuel Thibault.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.