summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2010-01-02 01:15:49 +0000
committerColin Watson <cjwatson@debian.org>2010-01-02 01:15:49 +0000
commit8d7de91141ff6a09186794d6a2a9834b02a20bab (patch)
treeb01d37539d818a71532a05acbf6dd3efd2202734 /debian
parent4f3c4b6584fb9f942ea27b601e3b58e316b999a1 (diff)
Use hardening-includes for hardening logic (thanks, Kees Cook; closes:
#561887).
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog2
-rw-r--r--debian/control2
-rwxr-xr-xdebian/rules14
3 files changed, 8 insertions, 10 deletions
diff --git a/debian/changelog b/debian/changelog
index 56f4b6f9e..3065481d6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -39,6 +39,8 @@ openssh (1:5.2p1-1) UNRELEASED; urgency=low
39 closes: #498684). 39 closes: #498684).
40 * Don't duplicate backslashes when displaying server banner (thanks, 40 * Don't duplicate backslashes when displaying server banner (thanks,
41 Michał Górny; closes: #505378, LP: #425346). 41 Michał Górny; closes: #505378, LP: #425346).
42 * Use hardening-includes for hardening logic (thanks, Kees Cook; closes:
43 #561887).
42 44
43 -- Colin Watson <cjwatson@debian.org> Thu, 12 Nov 2009 21:31:44 +0000 45 -- Colin Watson <cjwatson@debian.org> Thu, 12 Nov 2009 21:31:44 +0000
44 46
diff --git a/debian/control b/debian/control
index 062a5148e..25df28c5c 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: openssh
2Section: net 2Section: net
3Priority: standard 3Priority: standard
4Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> 4Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
5Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8-1), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 7.0.1), sharutils, libselinux1-dev [alpha amd64 arm armeb armel hppa i386 ia64 lpia m68k mips mipsel powerpc ppc64 s390 sh4 sparc], libkrb5-dev | heimdal-dev 5Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8-1), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 7.0.1), sharutils, libselinux1-dev [alpha amd64 arm armeb armel hppa i386 ia64 lpia m68k mips mipsel powerpc ppc64 s390 sh4 sparc], libkrb5-dev | heimdal-dev, hardening-includes
6Standards-Version: 3.7.3 6Standards-Version: 3.7.3
7Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org> 7Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org>
8Vcs-Bzr: http://bzr.debian.org/pkg-ssh/openssh/trunk 8Vcs-Bzr: http://bzr.debian.org/pkg-ssh/openssh/trunk
diff --git a/debian/rules b/debian/rules
index ff83b852b..0966a2e55 100755
--- a/debian/rules
+++ b/debian/rules
@@ -3,6 +3,8 @@
3# Uncomment this to turn on verbose mode. 3# Uncomment this to turn on verbose mode.
4# export DH_VERBOSE=1 4# export DH_VERBOSE=1
5 5
6include /usr/share/hardening-includes/hardening.make
7
6# This has to be exported to make some magic below work. 8# This has to be exported to make some magic below work.
7export DH_OPTIONS 9export DH_OPTIONS
8 10
@@ -44,12 +46,6 @@ ifneq (,$(findstring :$(DEB_HOST_ARCH_OS):,:linux:knetbsd:))
44 PIC_CFLAGS := -fPIC 46 PIC_CFLAGS := -fPIC
45 PIC_LDFLAGS := -fPIC 47 PIC_LDFLAGS := -fPIC
46 endif 48 endif
47 ifeq (,$(findstring :$(DEB_HOST_ARCH_CPU):,:hppa:m68k:mips:mipsel:))
48 # Use position-independent executables to take advantage of address space
49 # layout randomisation. TODO: This should be done in configure.
50 PIE_CFLAGS := -fPIE
51 PIE_LDFLAGS := -fPIE -pie
52 endif
53endif 49endif
54 50
55# Change the version string to include the Debian version 51# Change the version string to include the Debian version
@@ -100,7 +96,7 @@ confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUS
100confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 96confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
101 97
102# Compiler flags. 98# Compiler flags.
103cflags := $(OPTFLAGS) $(PIC_CFLAGS) $(PIE_CFLAGS) 99cflags := $(OPTFLAGS) $(PIC_CFLAGS) $(HARDENING_CFLAGS)
104cflags += -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT 100cflags += -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT
105cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\" 101cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\"
106cflags_udeb := -Os 102cflags_udeb := -Os
@@ -109,8 +105,8 @@ confflags += --with-cflags='$(cflags)'
109confflags_udeb += --with-cflags='$(cflags_udeb)' 105confflags_udeb += --with-cflags='$(cflags_udeb)'
110 106
111# Linker flags. 107# Linker flags.
112ifneq ($(PIC_LDFLAGS)$(PIE_LDFLAGS),) 108ifneq ($(PIC_LDFLAGS)$(HARDENING_LDFLAGS),)
113confflags += --with-ldflags='$(strip $(PIC_LDFLAGS) $(PIE_LDFLAGS))' 109confflags += --with-ldflags='$(strip $(PIC_LDFLAGS) $(HARDENING_LDFLAGS))'
114endif 110endif
115 111
116build: build-deb build-udeb 112build: build-deb build-udeb