Quoting Simon Ruderich (2014-01-19 18:42:47) > Raising severity because this causes missing hardening flags for > packages (e.g. shadow and therefore no PIE for setuid su) when the > maintainer uses the DEB_* (which includes DEB_BUILD_MAINT_OPTIONS) > approach documented in dpkg-buildflags to add additional flags. > > The attached patch should fix this issue by exporting all DEB_* flags > when calling dpkg-buildflags. The real issue is that GNU make's > $(shell ..) doesn't use the exported environment which is normally > used when calling subprocesses. > > There should be no backwards incompatible changes because the > maintainer must manually set the DEB_* variables. If none of those > variables are used, nothing happens.
Thanks a lot, both for the explanation and the patch. I appen to have my head deep into cdbs these days, and will apply the patch right now - expected to be released later tonight or tomorrow. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature