From d6e503c1ea60e1836315169e14dee2a82879e78d Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@corsac.net>
Date: Thu, 28 Jun 2012 22:14:35 +0200
Subject: Hardening support

* debian/rules:
  - enable hardening flags with PIE and bindnow.
---
 debian/changelog | 2 ++
 debian/rules     | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 57bc1c18a..c89de61da 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,6 +16,8 @@ strongswan (4.6.4-0.1) UNRELEASED; urgency=low
     - update debhelper build-dep to 9 and add dpkg-dev 1.16.2 build-dep for
       hardening support.
   * debian/compat bumped to 9.
+  * debian/rules:
+    - enable hardening flags with PIE and bindnow.
 
  -- Yves-Alexis Perez <corsac@debian.org>  Thu, 28 Jun 2012 21:17:38 +0200
 
diff --git a/debian/rules b/debian/rules
index 72e28e0f8..b8dfb16f6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -7,8 +7,8 @@
 
 export DH_OPTIONS
 
-# this is a security-critical package, set all the options we can
-export DEB_BUILD_HARDENING=1
+#export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 -Wl,-z,defs
+export DEB_BUILD_MAINT_OPTIONS=hardening=+pie,+bindnow
 
 CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
 		--libexecdir=/usr/lib \
-- 
cgit v1.2.3