On Fri, Jan 03, 2014 at 11:23:44PM +0100, intrig...@debian.org wrote: > Source: libotr > Version: 4.0.0-2.2 > Severity: normal > Tags: patch > User: hardening-disc...@lists.alioth.debian.org > Usertags: goal-hardening > > Hi, > > the attached patch completes the set of hardening flags used for > libotr, by enabling the bindnow linker option. > > Cheers, > -- > intrigeri > | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc > | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc >
> diff -Nru libotr-4.0.0/debian/rules libotr-4.0.0/debian/rules > --- libotr-4.0.0/debian/rules 2012-08-24 17:23:35.000000000 +0200 > +++ libotr-4.0.0/debian/rules 2014-01-02 21:54:23.000000000 +0100 > @@ -19,7 +19,7 @@ > > # Add here commands to configure the package. > ./configure --with-pic --prefix=/usr --mandir=/usr/share/man \ > - $(shell dpkg-buildflags --export=configure) > + $(shell DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow dpkg-buildflags > --export=configure) > > touch configure-stamp The existing configure.ac file includes: if test x$enable_linker_hardening != xno; then OTR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check") fi Does this not already accomplish the same thing? https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_BINDNOW_.28ld_-z_now.29 Thanks, - Ian -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org