Use hardening-includes for hardening logic (thanks, Kees Cook; closes:

#561887).

1 files changed, 5 insertions, 9 deletions

diff --git a/debian/rules b/debian/rules
index ff83b852b..0966a2e55 100755
--- a/debian/rules
+++ b/debian/rules
@@ -3,6 +3,8 @@
 # Uncomment this to turn on verbose mode.
 # export DH_VERBOSE=1
 
+include /usr/share/hardening-includes/hardening.make
+
 # This has to be exported to make some magic below work.
 export DH_OPTIONS
 
@@ -44,12 +46,6 @@ ifneq (,$(findstring :$(DEB_HOST_ARCH_OS):,:linux:knetbsd:))
     PIC_CFLAGS := -fPIC
     PIC_LDFLAGS := -fPIC
   endif
-  ifeq (,$(findstring :$(DEB_HOST_ARCH_CPU):,:hppa:m68k:mips:mipsel:))
-    # Use position-independent executables to take advantage of address space
-    # layout randomisation. TODO: This should be done in configure.
-    PIE_CFLAGS := -fPIE
-    PIE_LDFLAGS := -fPIE -pie
-  endif
 endif
 
 # Change the version string to include the Debian version
@@ -100,7 +96,7 @@ confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUS
 confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
 # Compiler flags.
-cflags := $(OPTFLAGS) $(PIC_CFLAGS) $(PIE_CFLAGS)
+cflags := $(OPTFLAGS) $(PIC_CFLAGS) $(HARDENING_CFLAGS)
 cflags += -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT
 cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
 cflags_udeb := -Os
@@ -109,8 +105,8 @@ confflags += --with-cflags='$(cflags)'
 confflags_udeb += --with-cflags='$(cflags_udeb)'
 
 # Linker flags.
-ifneq ($(PIC_LDFLAGS)$(PIE_LDFLAGS),)
-confflags += --with-ldflags='$(strip $(PIC_LDFLAGS) $(PIE_LDFLAGS))'
+ifneq ($(PIC_LDFLAGS)$(HARDENING_LDFLAGS),)
+confflags += --with-ldflags='$(strip $(PIC_LDFLAGS) $(HARDENING_LDFLAGS))'
 endif
 
 build: build-deb build-udeb