Please sync hardening-wrapper 1.11 (universe) from Debian unstable (main).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/hardening-wrapper
 status confirmed
 importance wishlist
 subscribe ubuntu-archive

Please sync hardening-wrapper 1.11 (universe) from Debian unstable (main).

This includes fixes to PIE defaults which should reduce the number of
FTBFS when using hardening-wrapper on builds that use -fPIC for executables
(as is done by cmake, for example).

Changelog since current hardy version 1.8:

hardening-wrapper (1.11) unstable; urgency=low

  * hardened-ld: disable PIE logic -- gcc should be the only part of the
    toolchain requesting PIE.
  * tests/Makefile: use -B instead of GCC_EXEC_PREFIX, which does not
    do the right thing on all architectures.

 -- Kees Cook <email address hidden> Mon, 14 Apr 2008 16:06:00 -0700

hardening-wrapper (1.10) unstable; urgency=low

  * hardened-cc, hardened-ld: re-arranged logic for "-pie". Old logic
    was resulting in failed compiles under cmake.
  * tests/Makefile: moved debian/rules tests into separate directory,
    added -fPIC test cases, based on issues uncovered by cmake.
  * debian/rules: disabled stack protector on mips, hppa -- not supported.

 -- Kees Cook <email address hidden> Mon, 14 Apr 2008 11:15:35 -0700

hardening-wrapper (1.9) unstable; urgency=low

  * debian/rules:
    - disable stack protector on arm, armel.
    - disable PIE on arm, armel (thanks to Riku Voipio, Closes: 475764).
    - show readelf output on test builds.
    - fully link by tricking gcc into running the ld test wrapper.
  * hello.c: re-arranged to exercise stack protector, report PIE.
  * hardened-ld: add env var way to force use of /usr/bin/ld during tests.

 -- Kees Cook <email address hidden> Sun, 13 Apr 2008 18:01:38 -0700

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iD8DBQFIBnZUH/9LqRcGPm0RAmIqAJsFqBzoOthccF3OQN2pUgOQ9Tw2nwCeMmnm
pA1FCrhG8uE3D6kj2AGQPMk=
=AKek
-----END PGP SIGNATURE-----