3 files changed, 20 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
index 7eb29e136..0602c17d5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,9 @@ strongswan (4.6.4-0.1) UNRELEASED; urgency=low
     - use multiarch paths.
     - inconditionnally enable network-manager. 
     - switch to dh.
+  * debian/libstrongswan.lintian-overrides,
+    debian/libstrongswan-ikev2.lintian-overrides:
+    - override warning for hardening flags, we do use them.
 
  -- Yves-Alexis Perez <corsac@debian.org>  Thu, 28 Jun 2012 21:17:38 +0200
 
diff --git a/debian/libstrongswan.lintian-overrides b/debian/libstrongswan.lintian-overrides
index eec04b42c..caa6afe4d 100644
--- a/debian/libstrongswan.lintian-overrides
+++ b/debian/libstrongswan.lintian-overrides
@@ -1,2 +1,16 @@
 libstrongswan: package-name-doesnt-match-sonames libchecksum libfast0 libhydra0 libstrongswan0
 libstrongswan: possible-gpl-code-linked-with-openssl
+# we do pass hardening flags
+libstrongswan: hardening-no-fortify-functions usr/lib/*/ipsec/libradius.so.0.0.0
+libstrongswan: hardening-no-fortify-functions usr/lib/*/ipsec/libsimaka.so.0.0.0
+libstrongswan: hardening-no-fortify-functions usr/lib/*/ipsec/libtls.so.0.0.0
+libstrongswan: hardening-no-fortify-functions usr/lib/*/ipsec/plugins/libstrongswan-ccm.so
+libstrongswan: hardening-no-fortify-functions usr/lib/*/ipsec/plugins/libstrongswan-cmac.so
+libstrongswan: hardening-no-fortify-functions usr/lib/*/ipsec/plugins/libstrongswan-ctr.so
+libstrongswan: hardening-no-fortify-functions usr/lib/*/ipsec/plugins/libstrongswan-farp.so
+libstrongswan: hardening-no-fortify-functions usr/lib/*/ipsec/plugins/libstrongswan-gcm.so
+libstrongswan: hardening-no-fortify-functions usr/lib/*/ipsec/plugins/libstrongswan-gmp.so
+libstrongswan: hardening-no-fortify-functions usr/lib/*/ipsec/plugins/libstrongswan-hmac.so
+libstrongswan: hardening-no-fortify-functions usr/lib/*/ipsec/plugins/libstrongswan-random.so
+libstrongswan: hardening-no-fortify-functions usr/lib/*/ipsec/plugins/libstrongswan-tnc-tnccs.so
+libstrongswan: hardening-no-fortify-functions usr/lib/*/ipsec/plugins/libstrongswan-xcbc.so
diff --git a/debian/strongswan-ikev2.lintian-overrides b/debian/strongswan-ikev2.lintian-overrides
new file mode 100644
index 000000000..4ca21a72f
--- /dev/null
+++ b/debian/strongswan-ikev2.lintian-overrides
@@ -0,0 +1,3 @@
+# we do pass hardening flags
+strongswan-ikev2: hardening-no-fortify-functions usr/lib/x86_64-linux-gnu/ipsec/plugins/libstrongswan-agent.so
+strongswan-ikev2: hardening-no-fortify-functions usr/lib/x86_64-linux-gnu/ipsec/plugins/libstrongswan-socket-raw.so