The following commit has been merged in the sid branch:
commit 343c4935b8b7f57281564659aa6ff0d3c925d5ab
Author: Guillem Jover <[email protected]>
Date: Thu Oct 13 10:28:58 2011 +0200
dpkg-buildflags: Disable bindnow if relro is not used
There is no point in enabling full relro (aka bindnow) if relro is
not enabled. It just brings its disadvantages and none of its possible
advantages.
diff --git a/debian/changelog b/debian/changelog
index 3376439..4025dc2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -24,6 +24,7 @@ dpkg (1.16.1.1) UNRELEASED; urgency=low
in CPPFLAGS, instead of CFLAGS and CXXFLAGS. Closes: #642521, #643632
* Fix typo to correctly set DEB_*_ARCH_BITS instead of DEB_*_ARCH in
architecture.mk. Thanks to Thorsten Glaser <[email protected]>.
+ * Make dpkg-buildflags disable full relro (bindnow) if relro is not enabled.
-- Raphaƫl Hertzog <[email protected]> Tue, 27 Sep 2011 08:15:51 +0200
diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm
index 7cc49d5..e824d0e 100644
--- a/scripts/Dpkg/Vendor/Debian.pm
+++ b/scripts/Dpkg/Vendor/Debian.pm
@@ -145,6 +145,9 @@ sub add_hardening_flags {
# Relro
if ($use_feature{"relro"} and $cpu !~ /^(ia64|hppa|avr32)$/) {
$flags->append("LDFLAGS", "-Wl,-z,relro");
+ } else {
+ # Disable full relro if relro is not enabled.
+ $use_feature{"bindnow"} = 0;
}
# Bindnow
if ($use_feature{"bindnow"}) {
--
dpkg's main repository
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
