Package: netcat-openbsd Version: 1.105-4 Severity: important Tags: patch Dear Maintainer,
The LDFLAGS hardening flags are missing because they are
overwritten in debian/rules.
The following patch fixes the issue.
diff -Nru netcat-openbsd-1.105/debian/rules netcat-openbsd-1.105/debian/rules
--- netcat-openbsd-1.105/debian/rules 2012-03-06 08:21:04.000000000 +0100
+++ netcat-openbsd-1.105/debian/rules 2012-03-23 02:18:09.000000000 +0100
@@ -3,7 +3,7 @@
-include /usr/share/dpkg/buildflags.mk
DEB_CFLAGS = $(CPPFLAGS) $(CFLAGS)
-DEB_LDFLAGS = -Wl,--no-add-needed,--as-needed
+DEB_LDFLAGS = $(LDFLAGS) -Wl,--no-add-needed,--as-needed
DEB_VER = $(shell dpkg-parsechangelog | sed -n 's/^Version: //p')
%:
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):
$ hardening-check /bin/nc.openbsd
/bin/nc.openbsd:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
(Position Independent Executable and Immediate binding is not
enabled by default.)
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
