Package: zathura Version: 0.0.8.5-3 Severity: important Tags: patch Dear Maintainer,
Please enable additional hardening flags. As PDF viewer zathura reads untrusted data, thus all hardening flags are recommended. The attached patch adds them. It works fine for me. Regards, Simon -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages zathura depends on: ii libc6 2.13-23 ii libcairo2 1.10.2-6.2 ii libglib2.0-0 2.30.2-4 ii libgtk2.0-0 2.24.8-2 ii libpango1.0-0 1.29.4-2 ii libpoppler-glib6 0.16.7-2+b1 zathura recommends no packages. Versions of packages zathura suggests: pn cups-client | lprng <none> pn elinks [www-browser] 0.12~pre5-6 pn poppler-data <none> -- no debconf information
diff -Nru zathura-0.0.8.5/debian/rules zathura-0.0.8.5/debian/rules --- zathura-0.0.8.5/debian/rules 2011-11-12 15:10:36.000000000 +0100 +++ zathura-0.0.8.5/debian/rules 2011-12-13 18:23:06.000000000 +0100 @@ -1,10 +1,13 @@ #!/usr/bin/make -f # -*- makefile -*- +# Use hardening flags. +dpkg_buildflags = DEB_BUILD_MAINT_OPTIONS="hardening=+all" dpkg-buildflags + # zathura's build system does not support CPPFLAGS yet -export CFLAGS=$(shell dpkg-buildflags --get CPPFLAGS) $(shell dpkg-buildflags --get CFLAGS) +export CFLAGS=$(shell $(dpkg_buildflags) --get CPPFLAGS) $(shell $(dpkg_buildflags) --get CFLAGS) # remove unused libraries to reduce dependencies -export LDFLAGS=-Wl,--as-needed $(shell dpkg-buildflags --get LDFLAGS) +export LDFLAGS=-Wl,--as-needed $(shell $(dpkg_buildflags) --get LDFLAGS) # do not strip export SFLAGS= # build with verbose output