Bug#653481: marked as done (Please enable hardened build flags)

Sun, 01 Jul 2012 05:14:11 -0700 

Your message dated Sun, 01 Jul 2012 14:05:50 +0200
with message-id <[email protected]>
and subject line Re: Please enable hardened build flags
has caused the Debian Bug report #653481,
regarding Please enable hardened build flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
653481: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653481
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: file
Version: 5.09-2
Severity: important
Tags: patch

Please enabled hardened build flags through dpkg-buildflags.

Patch attached.

Cheers,
        Moritz

diff -aur file-5.09.orig/debian/rules file-5.09/debian/rules
--- file-5.09.orig/debian/rules	2011-10-21 00:20:57.000000000 +0200
+++ file-5.09/debian/rules	2011-12-28 20:41:47.000000000 +0100
@@ -11,6 +11,10 @@
 	CROSS= --build=$(DEB_BUILD_GNU_TYPE)
 endif
 
+CFLAGS = `dpkg-buildflags --get CFLAGS`
+LDFLAGS_DEF = `dpkg-buildflags --get LDFLAGS`
+CPPFLAGS_DEF = `dpkg-buildflags --get CPPFLAGS`
+
 # HOWMANY is the number of bytes looked at by file
 CFLAGS += -DHOWMANY=0x18000
 
@@ -38,7 +42,7 @@
 	cp -f /usr/share/misc/config.sub config.sub
 endif
 
-	./configure $(CROSS) --prefix=/usr --datadir=\$${prefix}/share --mandir=\$${prefix}/share/man --enable-fsect-man5 CFLAGS="$(CFLAGS)"
+	./configure $(CROSS) --prefix=/usr --datadir=\$${prefix}/share --mandir=\$${prefix}/share/man --enable-fsect-man5 CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS_DEF)" CXXFLAGS="$(CXXFLAGS_DEF)"
 
 build: build-arch build-indep
 build-arch: build-stamp
Nur in file-5.09/debian: rules~.

--- End Message ---
--- Begin Message --- 
It seems that the bug is fixed in file (5.11-2).

But it is not mentioned in the changelog!

file (5.11-1)
hardening-check    /usr/bin/file 
/usr/bin/file:
 Position Independent Executable: no, normal executable!
 Stack protected: no, not found!
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: no, not found!
 Immediate binding: no, not found!

file (5.11-2)
hardening-check    /usr/bin/file 
/usr/bin/file:
 Position Independent Executable: no, normal executable!
 Stack protected: yes
 Fortify Source functions: yes
 Read-only relocations: yes
 Immediate binding: no, not found!

--- End Message ---

Reply via email to