hardening-includes - Makefile for enabling compiler flags for security hardening

Property Value
Distribution Ubuntu 16.04 LTS (Xenial Xerus)
Repository Ubuntu Main amd64
Package filename hardening-includes_2.7ubuntu2_all.deb
Package name hardening-includes
Package version 2.7ubuntu2
Package release -
Package architecture all
Package type deb
Category devel
Homepage http://wiki.debian.org/Hardening
License -
Maintainer Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Download size 13.29 KB
Installed size 43.00 KB
Makefile to be included in Debian rules files. CFLAGS and LDFLAGS
can be extended to include the respective HARDENING_* variables which
contain architecture-validated security hardening compiler options.
Also includes the "hardening-check" script to help evaluate the hardening
status of already compiled binaries.


Package Version Architecture Repository
hardening-includes_2.7ubuntu2_all.deb 2.7ubuntu2 all Ubuntu Main
hardening-includes - - -


Name Value
binutils -
make -
perl -


Type URL
Mirror archive.ubuntu.com
Binary Package hardening-includes_2.7ubuntu2_all.deb
Source Package hardening-wrapper

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install hardening-includes deb package:
    # sudo apt-get install hardening-includes




2016-01-05 - Dimitri John Ledkov <xnox@ubuntu.com>
hardening-wrapper (2.7ubuntu2) xenial; urgency=high
* Use -no-pie to disable PIE, when not otherwise enabled.
2015-03-18 - Matthias Klose <doko@ubuntu.com>
hardening-wrapper (2.7ubuntu1) vivid; urgency=medium
* Merge with Debian; remaining changes:
- Stop installing links for GCC 4.2, 4.3, 4.5.
* Install links for GCC 5.
2014-11-14 - Kees Cook <kees@debian.org>
hardening-wrapper (2.7) unstable; urgency=medium
* hardening.make: drop mips restriction on building PIE.
* hardened-cc: fix comment typo, thanks to Steven Honeyman.
* hardened-cc: disable format-security when related arguments
are already present, thanks to Steve Beattie (Closes: 767269).
* tests/Makefile.common: include tests for new format-security
disabling abilities.
2014-09-24 - Kees Cook <kees@debian.org>
hardening-wrapper (2.6) unstable; urgency=medium
* Acknowledge NMU, thanks Aurelien Jarno!
* debian/rules: add clarifying comment about dpkg-buildflags.
* hardening.make, debian/README.Debian:
- switch to -fstack-protector-strong, thanks to Romain Francoise
(Closes: 762662).
- enable stack protector on mips*, arm64.
* hardened-cc: use -fstack-protector-strong when old GCC not found.
* tests/
- Makefile: add -fstack-protector-strong to logs
- Makefile.common, ssp-buffer-type-protect.c: check for -strong behavior
2014-10-14 - Matthias Klose <doko@ubuntu.com>
hardening-wrapper (2.5+nmu1ubuntu2) utopic; urgency=medium
* Divert ld.gold on arm64.
2014-09-17 - Steve Beattie <sbeattie@ubuntu.com>
hardening-wrapper (2.5+nmu1ubuntu1) utopic; urgency=low
* Merge with Debian.  Remaining changes:
- hardened-cc: don't set -Wformat options if they are already set
- Allow -fstack-protector on arm64
- Don't install a symlink for gold on architectures not having a gold port.
- Stop installing links for GCC 4.2, 4.3, 4.5.
2014-08-21 - Aurelien Jarno <aurel32@debian.org>
hardening-wrapper (2.5+nmu1) unstable; urgency=medium
* Non-maintainer upload.
* Disable standard hardening flags for test suite, to avoid conflicting
with hardening-wrapper's own flags which are being tested. Thanks to
Romain Francoise for the patch (Closes: 752717).
2014-07-24 - Steve Beattie <sbeattie@ubuntu.com>
hardening-wrapper (2.5ubuntu3) utopic; urgency=medium
* hardened-cc: don't set -Wformat options if they are already set
(LP: #1347257)
2014-03-07 - Adam Conrad <adconrad@ubuntu.com>
hardening-wrapper (2.5ubuntu2) trusty; urgency=medium
* Allow -fstack-protector on arm64 now that GCC and glibc support it.
2013-12-18 - Matthias Klose <doko@ubuntu.com>
hardening-wrapper (2.5ubuntu1) trusty; urgency=medium
* Merge with Debian; remaining changes:
- Don't install a symlink for gold on architectures not having a gold port.
- Stop installing links for GCC 4.2, 4.3, 4.5.

See Also

Package Description
hdparm_9.48+ds-1_amd64.deb tune hard disk parameters for high performance
heartbeat-dev_3.0.6-2_amd64.deb Subsystem for High-Availability Linux - development files
heartbeat_3.0.6-2_amd64.deb Subsystem for High-Availability Linux
heat-api-cfn_6.0.0-0ubuntu1_all.deb OpenStack orchestration service - CFN API
heat-api-cloudwatch_6.0.0-0ubuntu1_all.deb OpenStack orchestration service - CloudWatch API
heat-api_6.0.0-0ubuntu1_all.deb OpenStack orchestration service - ReST API
heat-common_6.0.0-0ubuntu1_all.deb OpenStack orchestration service - common files
heat-engine_6.0.0-0ubuntu1_all.deb OpenStack orchestration service - engine
heimdal-dev_1.7~git20150920+dfsg-4ubuntu1_amd64.deb Heimdal Kerberos - development files
heimdal-docs_1.7~git20150920+dfsg-4ubuntu1_all.deb Heimdal Kerberos - documentation
heimdal-multidev_1.7~git20150920+dfsg-4ubuntu1_amd64.deb Heimdal Kerberos - Multi-implementation Development
hello_2.10-1_amd64.deb example package based on GNU hello
hfsplus_1.0.4-13_amd64.deb Tools to access HFS+ formatted volumes
hfsutils_3.2.6-13ubuntu1_amd64.deb Tools for reading and writing Macintosh volumes
hicolor-icon-theme_0.15-0ubuntu1_all.deb default fallback theme for FreeDesktop.org icon themes