Package: netcat-openbsd Version: 1.105-4 Severity: important Tags: patch Dear Maintainer,
The LDFLAGS hardening flags are missing because they are overwritten in debian/rules. The following patch fixes the issue. diff -Nru netcat-openbsd-1.105/debian/rules netcat-openbsd-1.105/debian/rules --- netcat-openbsd-1.105/debian/rules 2012-03-06 08:21:04.000000000 +0100 +++ netcat-openbsd-1.105/debian/rules 2012-03-23 02:18:09.000000000 +0100 @@ -3,7 +3,7 @@ -include /usr/share/dpkg/buildflags.mk DEB_CFLAGS = $(CPPFLAGS) $(CFLAGS) -DEB_LDFLAGS = -Wl,--no-add-needed,--as-needed +DEB_LDFLAGS = $(LDFLAGS) -Wl,--no-add-needed,--as-needed DEB_VER = $(shell dpkg-parsechangelog | sed -n 's/^Version: //p') %: To check if all flags were correctly enabled you can use `hardening-check` from the hardening-includes package and check the build log (hardening-check doesn't catch everything): $ hardening-check /bin/nc.openbsd /bin/nc.openbsd: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no not found! (Position Independent Executable and Immediate binding is not enabled by default.) Use find -type f \( -executable -o -name \*.so\* \) -exec hardening-check {} + on the build result to check all files. Regards, Simon [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags [2]: https://wiki.debian.org/HardeningWalkthrough [3]: https://wiki.debian.org/Hardening -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature