diff mbox

debian: Add hardening options

Message ID 1343125699-22963-1-git-send-email-kengyu@canonical.com
State Accepted
Headers show

Commit Message

Keng-Yu Lin July 24, 2012, 10:28 a.m. UTC 
Several compile-time options to help against memory corruption attacks, or
provide additional warning messages during compiles.

Please see http://wiki.debian.org/Hardening for defail.

Signed-off-by: Keng-Yu Lin <kengyu@canonical.com>
---
 debian/control |    2 +-
 debian/rules   |    2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

Comments

Keng-Yu Lin July 25, 2012, 6:59 a.m. UTC | #1 
---------- Forwarded message ----------
From: Colin Ian King <colin.king@canonical.com>
Date: Tue, Jul 24, 2012 at 7:02 PM
Subject: ACK: [PATCH] debian: Add hardening options
To: Keng-Yu Lin <kengyu@canonical.com>


On 24/07/12 11:28, Keng-Yu Lin wrote:
>
> Several compile-time options to help against memory corruption attacks, or
> provide additional warning messages during compiles.
>
> Please see http://wiki.debian.org/Hardening for defail.
>
> Signed-off-by: Keng-Yu Lin <kengyu@canonical.com>
> ---
>   debian/control |    2 +-
>   debian/rules   |    2 ++
>   2 files changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/debian/control b/debian/control
> index cd7e199..1f93c6a 100644
> --- a/debian/control
> +++ b/debian/control
> @@ -4,7 +4,7 @@ Priority: optional
>   Maintainer: Firmware Testing Team <firmware-testing-team@lists.launchpad.net>
>   Uploaders: Colin King <colin.king@ubuntu.com>, Keng-Yu Lin <kengyu@ubuntu.com>, Alex Hung <alex.hung@canonical.com>, Chris Van Hoof <vanhoof@canonical.com>, Ivan Hu <ivan.hu@canonical.com>
>   Standards-Version: 3.9.3
> -Build-Depends: debhelper (>= 7.0.50~), autoconf, automake, libtool, libpcre3-dev (>= 7.8), libjson0-dev (>= 0.9), flex, bison
> +Build-Depends: debhelper (>= 7.0.50~), autoconf, automake, libtool, libpcre3-dev (>= 7.8), libjson0-dev (>= 0.9), flex, bison, hardening-wrapper
>
>   Package: fwts
>   Architecture: any
> diff --git a/debian/rules b/debian/rules
> index 0f317e6..4af7a4f 100755
> --- a/debian/rules
> +++ b/debian/rules
> @@ -1,5 +1,7 @@
>   #!/usr/bin/make -f
>
> +export DEB_BUILD_HARDENING=1
> +
>   override_dh_auto_configure:
>         autoreconf -ivf
>         dh_auto_configure
>
This is a good idea to have included.

Acked-by: Colin Ian King <colin.king@canonical.com>
Alex Hung July 27, 2012, 7 a.m. UTC | #2 
On 07/25/2012 02:59 PM, Keng-Yu Lin wrote:
> ---------- Forwarded message ----------
> From: Colin Ian King <colin.king@canonical.com>
> Date: Tue, Jul 24, 2012 at 7:02 PM
> Subject: ACK: [PATCH] debian: Add hardening options
> To: Keng-Yu Lin <kengyu@canonical.com>
>
>
> On 24/07/12 11:28, Keng-Yu Lin wrote:
>>
>> Several compile-time options to help against memory corruption attacks, or
>> provide additional warning messages during compiles.
>>
>> Please see http://wiki.debian.org/Hardening for defail.
>>
>> Signed-off-by: Keng-Yu Lin <kengyu@canonical.com>
>> ---
>>    debian/control |    2 +-
>>    debian/rules   |    2 ++
>>    2 files changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/debian/control b/debian/control
>> index cd7e199..1f93c6a 100644
>> --- a/debian/control
>> +++ b/debian/control
>> @@ -4,7 +4,7 @@ Priority: optional
>>    Maintainer: Firmware Testing Team <firmware-testing-team@lists.launchpad.net>
>>    Uploaders: Colin King <colin.king@ubuntu.com>, Keng-Yu Lin <kengyu@ubuntu.com>, Alex Hung <alex.hung@canonical.com>, Chris Van Hoof <vanhoof@canonical.com>, Ivan Hu <ivan.hu@canonical.com>
>>    Standards-Version: 3.9.3
>> -Build-Depends: debhelper (>= 7.0.50~), autoconf, automake, libtool, libpcre3-dev (>= 7.8), libjson0-dev (>= 0.9), flex, bison
>> +Build-Depends: debhelper (>= 7.0.50~), autoconf, automake, libtool, libpcre3-dev (>= 7.8), libjson0-dev (>= 0.9), flex, bison, hardening-wrapper
>>
>>    Package: fwts
>>    Architecture: any
>> diff --git a/debian/rules b/debian/rules
>> index 0f317e6..4af7a4f 100755
>> --- a/debian/rules
>> +++ b/debian/rules
>> @@ -1,5 +1,7 @@
>>    #!/usr/bin/make -f
>>
>> +export DEB_BUILD_HARDENING=1
>> +
>>    override_dh_auto_configure:
>>          autoreconf -ivf
>>          dh_auto_configure
>>
> This is a good idea to have included.
>
> Acked-by: Colin Ian King <colin.king@canonical.com>
>
Acked-by: Alex Hung <alex.hung@canonical.com>
diff mbox

Patch

diff --git a/debian/control b/debian/control
index cd7e199..1f93c6a 100644
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,7 @@  Priority: optional
 Maintainer: Firmware Testing Team <firmware-testing-team@lists.launchpad.net>
 Uploaders: Colin King <colin.king@ubuntu.com>, Keng-Yu Lin <kengyu@ubuntu.com>, Alex Hung <alex.hung@canonical.com>, Chris Van Hoof <vanhoof@canonical.com>, Ivan Hu <ivan.hu@canonical.com>
 Standards-Version: 3.9.3
-Build-Depends: debhelper (>= 7.0.50~), autoconf, automake, libtool, libpcre3-dev (>= 7.8), libjson0-dev (>= 0.9), flex, bison
+Build-Depends: debhelper (>= 7.0.50~), autoconf, automake, libtool, libpcre3-dev (>= 7.8), libjson0-dev (>= 0.9), flex, bison, hardening-wrapper
 
 Package: fwts
 Architecture: any
diff --git a/debian/rules b/debian/rules
index 0f317e6..4af7a4f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,5 +1,7 @@ 
 #!/usr/bin/make -f
 
+export DEB_BUILD_HARDENING=1
+
 override_dh_auto_configure:
 	autoreconf -ivf
 	dh_auto_configure