Package: release-notes Severity: wishlist Tags: patch Hi,
Attached patch renames the "Hardening" section to "Security", adds mention of the removed SSLv3 protocol and progress on hardened build flags. Cheers, Thijs
Index: en/whats-new.dbk =================================================================== --- en/whats-new.dbk (revision 10518) +++ en/whats-new.dbk (working copy) @@ -441,13 +441,17 @@ </para> </section> -<section id="hardening" condition="fixme"> - <title>Hardened security</title> - <para> -TODO: Even more packages / coverage? - </para> +<section id="security" condition="fixme"> + <title>Security</title> + <para>The legacy secure sockets layer protocol SSLv3 has been + disabled in this release. System cryptography libraries as well as servers + and client applications have been compiled or configured without support + for this protocol.</para> - <para>Note that the hardened build flags are not enabled by default in + <para>Continuing on the path set by &oldrelease;, more packages have + been built with hardened compiler flags. Also, the stack protector flag + has been switched to stack-protector-strong for extra hardening. + Note that the hardened build flags are not enabled by default in <systemitem role="package">gcc</systemitem>, so are not used automatically when locally building software. The package <systemitem role="package">hardening-wrapper</systemitem> can provide a
