On 2012-05-29 at 03:50:23, Simon Ruderich wrote: > The CPPFLAGS hardening flags are missing due to a typo in > makefile_add_flags.patch. For more hardening information please > have a look at [1], [2] and [3].
Thanks for catching that. I've fixed it in git: http://anonscm.debian.org/gitweb/?p=collab-maint/letterize.git and now it includes the right options on the build line: gcc -o letterize -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro letterize.c However, the check tool is still reporting a problem: /usr/bin/letterize: Position Independent Executable: no, normal executable! Stack protected: no, not found! Fortify Source functions: unknown, no protectable libc functions used Read-only relocations: yes Immediate binding: no, not found! This is a one-file program, so I'm not quite sure what else I can tweak... Cheers, Francois -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
