Source: libclamav6 Severity: normal Tags: patch User: [email protected] Usertags: hardening
Hardening options is a proposed release goal for Wheezy [1]. clamav is a package with code exposed to malicious software, so having its package compiled with the hardening options seems really like a good idea. I have rebuilt the package with hardening options enabled and there was no error (during build, or at runtime). The only required patch is to update the following in debian/rules: DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk CFLAGS += -Wall -g CXXFLAGS += -Wall -g and the package will use dpkg-buildflags, which in turn enable the hardening options. Note that PIE and bindnow are not enabled by default. This can be done using: DEB_BUILD_MAINT_OPTIONS = hardening=+pie,+bindnow in the debian/rules file. You can control and enable/disable each hardening flag independently, see http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html for details. Thanks, Pierre [1] http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
