From 74e6e6c7cf98dc74ea99ff6715a50ca8d63c7473 Mon Sep 17 00:00:00 2001
From: Benjamin Barenblat <bbaren@mit.edu>
Date: Mon, 30 May 2016 17:35:28 -0400
Subject: Harden urweb executable further

---
 debian/rules | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'debian')

diff --git a/debian/rules b/debian/rules
index 4fa71ed5..5fe61339 100755
--- a/debian/rules
+++ b/debian/rules
@@ -7,7 +7,10 @@ DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
 # Avoid overlinking and reduce library dependencies.
 export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
 
-# Harden SML executables.
+# Harden SML executables.  Do not build position-independent executables,
+# though; urweb depends on the MLton runtime, which is not built position-
+# independent in Debian.
+export DEB_BUILD_MAINT_OPTIONS := hardening=+all,-pie
 export MLTONARGS := \
 	-cc-opt "$(shell dpkg-buildflags --get CPPFLAGS) \
 		$(shell dpkg-buildflags --get CFLAGS)" \
-- 
cgit v1.2.3