[Pkg-octave-commit] [octave-pkg-dev] 01/02: octave-pkg.mk: Hardening issue with "bindnow" linker flag

[Rafael Laboissière]

This is an automated email from the git hooks/post-receive script.

rlaboiss-guest pushed a commit to branch master
in repository octave-pkg-dev.

commit 80a28ed352b866774cb5d76c9b8f74bd8de62820
Author: Rafael Laboissiere <rafael at laboissiere.net>
Date:   Sun Jan 31 19:05:35 2016 -0200

    octave-pkg.mk: Hardening issue with "bindnow" linker flag
    
    Tell the mkoctfile linker to resolve all symbols when the .oct file is
    loaded.
    
    Gbp-Dch: Full
---
 octave-pkg.mk | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/octave-pkg.mk b/octave-pkg.mk
index 8b60813..49351e9 100644
--- a/octave-pkg.mk
+++ b/octave-pkg.mk
@@ -61,8 +61,9 @@ export OCTAVE_HISTFILE=/dev/null
 
 # Export buildflags to the environment, they will be picked up by mkoctfile.
 # Link with --as-needed since that drastically reduces the number of linked
-# libraries.
-DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed
+# libraries.  Also, link with "-z now" for telling the dynamic linker
+# to resolve all symbols when the .oct file is loaded (hardening issues).
+DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed -Wl,-z,now
 DPKG_EXPORT_BUILDFLAGS = 1
 include /usr/share/dpkg/buildflags.mk
 # Oct-files ldflags are taken from the following variable

-- 
Alioth's /home/groups/pkg-octave/bin/git-commit-notice on /srv/git.debian.org/git/pkg-octave/octave-pkg-dev.git