Source: evince Severity: normal Version: 3.4.0-2 Tags: patch User: [email protected] Usertags: goal-hardening
Hi! It's great that Evince is now built with a (limited) set of hardening build flags, thanks to CDBS. However, we can easily do better! Please build Evince with PIE and bindnow, as implemented by the attached patch. (FWIW, Ubuntu has been building Evince with these options enabled since 10.04 LTS included.) Thank you for maintaining Evince in Debian.
diff -Naur evince-3.4.0.orig/debian/rules evince-3.4.0/debian/rules --- evince-3.4.0.orig/debian/rules 2012-04-19 15:05:26.000000000 +0200 +++ evince-3.4.0/debian/rules 2012-06-25 17:31:30.109486491 +0200 @@ -1,5 +1,8 @@ #!/usr/bin/make -f +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +include /usr/share/dpkg/buildflags.mk + include /usr/share/cdbs/1/rules/autoreconf.mk include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/class/gnome.mk
