Package: xloadimage Version: 4.1-18 Severity: important Tags: Patch Dear Maintainer,
The hardening flags are missing because the build system ignores them. For more hardening information please have a look at [1], [2] and [3]. The attached patch fixes the issue. To check if all flags were correctly enabled you can use `hardening-check` from the hardening-includes package and check the build log (for example with blhc [4]) (hardening-check doesn't catch everything): $ hardening-check /usr/bin/uufilter /usr/bin/xloadimage /usr/bin/uufilter: Position Independent Executable: yes Stack protected: no, not found! Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes /usr/bin/xloadimage: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes (Position Independent Executable and Immediate binding is not enabled by default.) Use find -type f \( -executable -o -name \*.so\* \) -exec hardening-check {} + on the build result to check all files. Regards, Simon [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags [2]: https://wiki.debian.org/HardeningWalkthrough [3]: https://wiki.debian.org/Hardening [4]: http://ruderich.org/simon/blhc/ -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
Description: Use build flags from environment (dpkg-buildflags). Necessary for hardening flags. Author: Simon Ruderich <si...@ruderich.org> Last-Update: 2012-04-29 Index: xloadimage-4.1/Makefile.in =================================================================== --- xloadimage-4.1.orig/Makefile.in 2012-04-29 12:13:45.456985928 +0200 +++ xloadimage-4.1/Makefile.in 2012-04-29 12:13:45.640985927 +0200 @@ -27,7 +27,7 @@ $(CC) -o $@ $(OBJS) build.o $(LDFLAGS) $(XLIB) $(LIBS) uufilter: uufilter.c - $(CC) $(CFLAGS) $(DEFS) uufilter.c -o $@ + $(CC) $(CFLAGS) $(LDFLAGS) $(DEFS) uufilter.c -o $@ .c.o: config.h image.h $(CC) $(CFLAGS) -c $(DEFS) $< Index: xloadimage-4.1/Makefile.std =================================================================== --- xloadimage-4.1.orig/Makefile.std 2012-04-29 12:13:41.916985912 +0200 +++ xloadimage-4.1/Makefile.std 2012-04-29 12:13:45.640985927 +0200 @@ -23,7 +23,7 @@ # the Make.conf file and recursively calls make. autoconfig: autoconfig.c - $(CC) -g -o autoconfig autoconfig.c + $(CC) $(CFLAGS) $(LDFLAGS) -g -o autoconfig autoconfig.c # manual configuration target configure:: autoconfig Index: xloadimage-4.1/Makefile =================================================================== --- xloadimage-4.1.orig/Makefile 2012-04-29 12:13:41.916985912 +0200 +++ xloadimage-4.1/Makefile 2012-04-29 12:13:45.640985927 +0200 @@ -8,7 +8,7 @@ # Include system configuration parameters include Make.conf -CFLAGS=$(OPT_FLAGS) $(CC_FLAGS) $(CC_CONFIG_FLAGS) $(X11_INC_DIR) \ +CFLAGS+=$(OPT_FLAGS) $(CC_FLAGS) $(CC_CONFIG_FLAGS) $(X11_INC_DIR) \ -DSYSPATHFILE=\"$(SYSPATHFILE)\" LIBS=$(X11_LIB_DIR) $(X11_LIB_NAME) $(SYS_LIBS) -lm @@ -23,7 +23,7 @@ # the Make.conf file and recursively calls make. autoconfig: autoconfig.c - $(CC) -g -o autoconfig autoconfig.c + $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -g -o autoconfig autoconfig.c # manual configuration target configure:: autoconfig
signature.asc
Description: Digital signature