File: control

package info (click to toggle)
blhc 0.11-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, sid
  • size: 636 kB
  • sloc: perl: 1,042; sh: 21; makefile: 2
file content (33 lines) | stat: -rw-r--r-- 1,394 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Source: blhc
Section: utils
Priority: optional
Maintainer: Joao Eriberto Mota Filho <eriberto@debian.org>
Build-Depends: debhelper-compat (= 12), libmodule-build-perl
Standards-Version: 4.4.1
Rules-Requires-Root: no
Vcs-Git: https://salsa.debian.org/debian/blhc.git
Vcs-Browser: https://salsa.debian.org/debian/blhc
Homepage: https://ruderich.org/simon/blhc

Package: blhc
Architecture: all
Multi-Arch: foreign
Depends: ${misc:Depends}, libdpkg-perl
Description: build log hardening check
 Perl tool which checks build logs for missing hardening flags. Hardening
 flags enable additional security features in the compiler to prevent e.g.
 stack overflows, format string vulnerabilities, GOT overwrites, etc. See
 e.g. <http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags>.
 .
 Because most build systems are quite complicated there are many places
 where compiler flags from the environment might be ignored. The parser
 verifies that all compiler commands use the correct hardening flags and
 thus all hardening features are correctly used.
 .
 It's designed to check build logs generated by Debian's dpkg-buildpackage
 (or tools for packaging, using dpkg-buildpackage like pbuilder or the
 official buildd build logs) to help maintainers detect missing hardening
 flags in their packages.
 .
 Only gcc is detected as compiler at the moment (but other compilers maybe
 supported).