On Fri, Jan 03, 2014 at 11:23:44PM +0100, intrig...@debian.org wrote:
> Source: libotr
> Version: 4.0.0-2.2
> Severity: normal
> Tags: patch
> User: hardening-disc...@lists.alioth.debian.org
> Usertags: goal-hardening
> 
> Hi,
> 
> the attached patch completes the set of hardening flags used for
> libotr, by enabling the bindnow linker option.
> 
> Cheers,
> --
>   intrigeri
>   | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
>   | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
> 

> diff -Nru libotr-4.0.0/debian/rules libotr-4.0.0/debian/rules
> --- libotr-4.0.0/debian/rules 2012-08-24 17:23:35.000000000 +0200
> +++ libotr-4.0.0/debian/rules 2014-01-02 21:54:23.000000000 +0100
> @@ -19,7 +19,7 @@
>  
>       # Add here commands to configure the package.
>       ./configure --with-pic --prefix=/usr --mandir=/usr/share/man \
> -     $(shell dpkg-buildflags --export=configure)
> +     $(shell DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow dpkg-buildflags 
> --export=configure)
>  
>       touch configure-stamp

The existing configure.ac file includes:

if test x$enable_linker_hardening != xno; then
    OTR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", 
"$all_libs_for_check")
fi

Does this not already accomplish the same thing?
https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_BINDNOW_.28ld_-z_now.29

Thanks,

   - Ian


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to