Adding debian version 3.5.24-0+deb11u1.debian/3.5.24-0+deb11u1debian

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 26 insertions, 0 deletions

diff --git a/debian/patches/12_add_bind_now_and_relro_to_pie.diff b/debian/patches/12_add_bind_now_and_relro_to_pie.diff
new file mode 100644
index 0000000..0a16cbb
--- /dev/null
+++ b/debian/patches/12_add_bind_now_and_relro_to_pie.diff
@@ -0,0 +1,26 @@
+Subject: add immediate binding and relro when enabling position independent
+  executables
+Author: Steve Beattie <steve.beattie@canonical.com>
+
+When enabling position independent executables (-pie) to get better
+Address Space Layout Protection, using immediate binding (linking with
+"-z now") gives better protection as well.  Added relro to the patch as well
+since it seems to have gotten lost somewhere (ScottK/2016-07-29).
+
+---
+ makedefs |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: postfix/makedefs
+===================================================================
+--- postfix.orig/makedefs
++++ postfix/makedefs
+@@ -1219,7 +1219,7 @@ case "$pie" in
+        case " $CCARGS " in
+          *" $CCARGS_PIE "*) CCARGS_PIE=;;
+        esac
+-       SYSLIBS_PIE="-pie";;
++       SYSLIBS_PIE="-pie -z relro -z now";;
+ ""|no) ;;
+     *) error "Specify \"pie=yes\" or \"pie=no\"";;
+ esac