-
hardening-wrapper (1.25) unstable; urgency=low
* debian/control:
- bump standards version: no changes needed.
- should not be considered "experimental".
* hardening-check: use readelf's "-s" instead of "-r" to avoid issues
with archs that lack sane relocations.
* tests/Makefile.common:
- adjust tests to include -s output.
- weaken nm symbol matching.
hardening-wrapper (1.24) unstable; urgency=low
* hardening-check: handle alternate names for relocation jump slots
(Closes: 568622)
* tests/Makefile.common: show relocations as well for future debugging.
hardening-wrapper (1.23) unstable; urgency=low
* hardening.make: correctly document how to disable PIE on a per-target
basis (Closes: 567707).
* tests/Makefile.{common,includes}: add HARDENING_DISABLE_* flags tests.
-- Kees Cook <email address hidden> Mon, 22 Mar 2010 18:37:24 +0000
-
hardening-wrapper (1.22) unstable; urgency=low
* debian/hardening-wrapper.postrm: fix typo in diversion name
(Closes: 564840).
hardening-wrapper (1.21) unstable; urgency=low
* debian/control: add ${misc:Depends} to control file entries to
keep lintian happy.
* hardening-check: add -q option to only report failures.
* really handle gcc 4.5 diversion (Closes: 564596).
* handle ld diversion when binutils-gold installed (Closes: 535037).
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 22 Jan 2010 11:25:13 +0000
-
hardening-wrapper (1.20) unstable; urgency=low
* hardening.make:
- switch to "filter" for easier to read logic.
- allow PIE for arm/armel, since it's only the kernel that lacks ASLR.
* tests/Makefile: perform test builds with -fstack-protector and -fPIE -pie
on all architectures just to have a record of the success/failure
in the build logs, even if we are manually selecting the defaults.
hardening-wrapper (1.19) unstable; urgency=low
* debian/rules: fix up arch/arch-indep rules to avoid rebuilding
arch-indep bits repeatedly.
* hardening-check, debian/{rules,hardening-includes.manpages},
tests/Makefile.common: add helper utility to allow users of
hardening-includes to evaluate the state of a given binary's
resulting hardening features.
* debian/rules: add gcc-4.5 to the diversion list.
hardening-wrapper (1.18) unstable; urgency=low
* debian/{control,rules}: add "hardening-includes" for use in other
Debian rules files.
* debian/rules, hardening.make: relocate/enhance architecture logic
to common makefile include file.
* tests/*: update to test both wrapper and include style.
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 04 Jan 2010 13:37:28 +0000
-
hardening-wrapper (1.17) unstable; urgency=low
* Add Conflicts on binutils-gold, which also uses diversions against
gcc and friends (Closes: 535037, LP: #442636).
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 08 Dec 2009 02:20:02 +0000
-
hardening-wrapper (1.16) unstable; urgency=low
* tests/Makefile: exclude relro test on hppa.
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 17 Nov 2009 17:45:39 +0000
-
hardening-wrapper (1.15) unstable; urgency=low
* tests/Makefile: exclude tests based on architecture (ia64 w/o relro).
* debian/rules: disable PIE on mips/mipsel until bug 532821 is solved
(Closes: #548250).
-- Kees Cook <email address hidden> Sun, 04 Oct 2009 16:52:43 +0100
