From 61c73fef76f2fb057e3dde2fc4d32e933f22bc74 Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Thu, 7 Feb 2008 13:17:41 +0000 Subject: - Finally, there's an easy way to harden C code. Use it. --- debian/changelog | 10 +++++++++- debian/control | 2 +- debian/rules | 3 +++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 077708211..efd7e179c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,14 @@ +strongswan (4.1.8-3) unstable; urgency=low + + * Force use of hardening-wrapper when building the package by setting + a Build-Dep to it and setting export DEB_BUILD_HARDENING=1 in + debian/rules. + + -- Rene Mayrhofer Thu, 07 Feb 2008 14:14:48 +0100 + strongswan (4.1.8-2) unstable; urgency=medium - * Ship our own init script, since upstream no longer doesn't. This is still + * Ship our own init script, since upstream no longer does. This is still installed as /etc/init.d/ipsec (and not /etc/init.d/strongswan) to be backwards compatible. Really closes: #442880: strongswan: postinst failure (missing diff --git a/debian/control b/debian/control index 4c4e6a0a4..65fc5fceb 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: net Priority: optional Maintainer: Rene Mayrhofer Standards-Version: 3.7.2.1 -Build-Depends: debhelper (>= 4.1.16), libgmp3-dev, libssl-dev (>= 0.9.8-1), libcurl3-dev | libcurl2-dev, libopensc2-dev | libopensc1-dev | libopensc0-dev, libldap2-dev, libpam0g-dev, libkrb5-dev, bison, flex, dpatch, bzip2, po-debconf +Build-Depends: debhelper (>= 4.1.16), libgmp3-dev, libssl-dev (>= 0.9.8-1), libcurl3-dev | libcurl2-dev, libopensc2-dev | libopensc1-dev | libopensc0-dev, libldap2-dev, libpam0g-dev, libkrb5-dev, bison, flex, dpatch, bzip2, po-debconf, hardening-wrapper Package: strongswan Architecture: any diff --git a/debian/rules b/debian/rules index 503a2a9ec..2827eb3c9 100755 --- a/debian/rules +++ b/debian/rules @@ -7,6 +7,9 @@ export DH_OPTIONS +# this is a security-critical package, set all the options we can +export DEB_BUILD_HARDENING=1 + configure: configure-stamp configure-stamp: patch dh_testdir -- cgit v1.2.3