Hi Martin, please consider the patch below for the makefile of LAST. It allows to set the compiler, preprocessor and linker separately, which is the way Debian follows when passing 'hardening' flags (see below).
Cheers, -- Charles Le Sat, Apr 07, 2012 at 06:47:11PM +0200, Simon Ruderich a écrit : > Package: last-align > Version: 198-1 > Severity: important > Tags: patch > > Dear Maintainer, > > The hardening flags are missing because the build system ignores > them. > > The attached patch fixes the issue, if possible it should be sent > to upstream. > > To check if all flags were correctly enabled you can use > `hardening-check` from the hardening-includes package and check > the build log (hardening-check doesn't catch everything): > > $ hardening-check /usr/bin/lastdb /usr/bin/lastal > /usr/bin/lastdb: > Position Independent Executable: no, normal executable! > Stack protected: yes > Fortify Source functions: no, only unprotected functions found! > Read-only relocations: yes > Immediate binding: no not found! > /usr/bin/lastal: > Position Independent Executable: no, normal executable! > Stack protected: yes > Fortify Source functions: yes (some protected functions found) > Read-only relocations: yes > Immediate binding: no not found! > > (Position Independent Executable and Immediate binding is not > enabled by default.) > > Use find -type f \( -executable -o -name \*.so\* \) -exec > hardening-check {} + on the build result to check all files. > > Regards, > Simon > > [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags > [2]: https://wiki.debian.org/HardeningWalkthrough > [3]: https://wiki.debian.org/Hardening > -- > + privacy is necessary > + using gnupg http://gnupg.org > + public key id: 0x92FEFDB7E44C32F9 Description: Use build flags from environment (dpkg-buildflags). Necessary for hardening flags. Author: Simon Ruderich <si...@ruderich.org> Last-Update: 2012-04-07 --- last-align-198.orig/makefile +++ last-align-198/makefile @@ -1,4 +1,4 @@ -CXXFLAGS = -O3 +CXXFLAGS += -O3 all: @cd src && $(MAKE) CXXFLAGS="$(CXXFLAGS)" --- last-align-198.orig/src/makefile +++ last-align-198/src/makefile @@ -1,12 +1,12 @@ CXX = g++ CC = gcc -CXXFLAGS = -O3 -Wall -Wextra -Wcast-qual -Wswitch-enum -Wundef \ +CXXFLAGS += -O3 -Wall -Wextra -Wcast-qual -Wswitch-enum -Wundef \ -Wcast-align -Wno-long-long -ansi -pedantic # -Wconversion # -fomit-frame-pointer ? -CFLAGS = -Wall +CFLAGS += -Wall DBSRC = Alphabet.cc MultiSequence.cc CyclicSubsetSeed.cc \ SubsetSuffixArray.cc LastdbArguments.cc io.cc fileMap.cc \ @@ -50,16 +50,16 @@ OBJ = lambda_calculator.o all: lastdb lastal lastex lastdb: $(DBSRC) $(DBINC) makefile - $(CXX) $(CXXFLAGS) -o $@ $(DBSRC) + $(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) -o $@ $(DBSRC) lastal: $(ALSRC) $(ALINC) makefile $(OBJ) - $(CXX) $(CXXFLAGS) -o $@ $(ALSRC) $(OBJ) + $(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) -o $@ $(ALSRC) $(OBJ) lastex: $(EXSRC) $(EXINC) makefile - $(CXX) -Igumbel_params $(CXXFLAGS) -o $@ $(EXSRC) + $(CXX) -Igumbel_params $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) -o $@ $(EXSRC) $(OBJ): CA_code/*.c CA_code/*.h makefile - $(CC) $(CFLAGS) -c CA_code/lambda_calculator.c + $(CC) $(CPPFLAGS) $(CFLAGS) -c CA_code/lambda_calculator.c clean: rm -f lastdb lastal lastex $(OBJ) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org