[Pkg-apache-commits] r993 - in /trunk/apache2: changelog rules

sf at alioth.debian.org sf at alioth.debian.org
Sat Jul 25 20:29:12 UTC 2009


Author: sf
Date: Sat Jul 25 20:29:11 2009
New Revision: 993

URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=993
Log:
Enable hardening compile options

Modified:
    trunk/apache2/changelog
    trunk/apache2/rules

Modified: trunk/apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/changelog?rev=993&op=diff
==============================================================================
--- trunk/apache2/changelog (original)
+++ trunk/apache2/changelog Sat Jul 25 20:29:11 2009
@@ -1,3 +1,9 @@
+apache2 (2.2.11-8) UNRELEASED; urgency=low
+
+  * Enable hardening compile options.
+
+ -- Stefan Fritsch <sf at debian.org>  Sat, 25 Jul 2009 22:27:59 +0200
+
 apache2 (2.2.11-7) unstable; urgency=low
 
   * Security fixes:

Modified: trunk/apache2/rules
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/rules?rev=993&op=diff
==============================================================================
--- trunk/apache2/rules (original)
+++ trunk/apache2/rules Sat Jul 25 20:29:11 2009
@@ -34,7 +34,8 @@
 		      --enable-log-config=static --enable-logio=static \
 		      --with-apr=/usr/bin/apr-1-config \
 		      --with-apr-util=/usr/bin/apu-1-config \
-		      --with-pcre=yes
+		      --with-pcre=yes \
+		      --enable-pie
 
 AP2_MODS_CONFARGS =   --enable-authn-alias=shared --enable-authnz-ldap=shared  \
 		      --enable-disk-cache=shared --enable-cache=shared \
@@ -70,8 +71,8 @@
 		      --enable-rewrite=shared --enable-mime=shared \
 		      --enable-substitute=shared
 
-AP2_CFLAGS = $(CFLAGS) -g -pipe -I/usr/include/xmltok -I/usr/include/openssl -Wall
-AP2_LDFLAGS = -Wl,--as-needed
+AP2_CFLAGS = $(CFLAGS) -g -pipe -I/usr/include/xmltok -I/usr/include/openssl -Wall -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector
+AP2_LDFLAGS = -Wl,--as-needed -Wl,-z,relro
 
 #support noopt building
 ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))




More information about the Pkg-apache-commits mailing list