Package: iceweasel Version: 31.0-3 Severity: important Tags: patch Hello,
Please enable all available hardening (relo, now and pie) for iceweasel. As browser iceweasel is a target of many attacks which can be complicated or prevented through the additional hardening provided by these methods. The attached patch uses hardening-wrapper to enable all hardening flags as it's simpler than patching the iceweasel build system to handle PIE. It would be great if the hardened version of iceweasel would make it into Jessie! Regards Simon -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
diff -Nru iceweasel-31.0/debian/control iceweasel-31.0/debian/control
--- iceweasel-31.0/debian/control 2014-08-03 02:59:50.000000000 +0200
+++ iceweasel-31.0/debian/control 2014-08-24 22:40:22.000000000 +0200
@@ -50,7 +50,8 @@
imagemagick,
librsvg2-bin,
xsltproc,
- iso-codes
+ iso-codes,
+ hardening-wrapper
Build-Conflicts: graphicsmagick-imagemagick-compat,
liboss4-salsa-dev,
libhildonmime-dev,
diff -Nru iceweasel-31.0/debian/rules iceweasel-31.0/debian/rules
--- iceweasel-31.0/debian/rules 2014-08-03 02:52:12.000000000 +0200
+++ iceweasel-31.0/debian/rules 2014-08-24 22:40:22.000000000 +0200
@@ -1,4 +1,7 @@
#!/usr/bin/make -f
+
+export DEB_BUILD_HARDENING=1
+
TESTDIR = $(shell dh_testdir || echo no)
ifeq (,$(TESTDIR))
include debian/make.mk
signature.asc
Description: Digital signature
