Package: wv2 Severity: important Tags: patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Dear Maintainer, The hardening flags from LDFLAGS are missing in wv2. The following patch fixes this by switching to debian/compat=9 which is the recommended way (alternatively you could set them with dpkg-buildflags). For more information please have a look at [1], [2] and [3]. diff -Nru wv2-0.4.2.dfsg.1/debian/compat wv2-0.4.2.dfsg.1/debian/compat - --- wv2-0.4.2.dfsg.1/debian/compat 2009-11-14 00:16:12.000000000 +0100 +++ wv2-0.4.2.dfsg.1/debian/compat 2012-03-03 15:24:18.000000000 +0100 @@ -1 +1 @@ - -7 +9 diff -Nru wv2-0.4.2.dfsg.1/debian/rules wv2-0.4.2.dfsg.1/debian/rules - --- wv2-0.4.2.dfsg.1/debian/rules 2012-01-05 06:14:29.000000000 +0100 +++ wv2-0.4.2.dfsg.1/debian/rules 2012-03-03 15:39:06.000000000 +0100 @@ -1,7 +1,7 @@ #!/usr/bin/make -f - -CXXFLAGS := `dpkg-buildflags --get CXXFLAGS` `dpkg-buildflags --get CPPFLAGS` - -CXXFLAGS += -DNDEBUG +# Cmake doesn't use CPPFLAGS by default. +CXXFLAGS += $(CPPFLAGS) -DNDEBUG %: dh $@ To check if all flags were correctly enabled you can use `hardening-check` from the hardening-includes package: $ hardening-check /usr/lib/libwv2.so.4.0.1 /usr/lib/libwv2.so.4.0.1: Position Independent Executable: no, regular shared library (ignored) Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no not found! Regards, Simon [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags [2]: https://wiki.debian.org/HardeningWalkthrough [3]: https://wiki.debian.org/Hardening - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPUi5yAAoJEJL+/bfkTDL5bf8P/1A6QgW3UNF1m/Pk62SxCm6e Vfpvmk13AHz6C25TeUwKiUBX30XMhVD9SvF5x+jBrixQ0oDdPZpYudACvZTiXk0Q EXyfS9LP4v/TC6AxyZoz9xNCLovv7B42NnfuvIKC2VhdyieWgMYbo8aA/ombZetH 2PPhlWjPpUo4tTtvONh2NF2l1LnEGyBRK0y+6U2qrPbo4BDQmTt0JnGvfauazvgH SqOw3peLPWLY5ZPVRckNh9rvWwASXp+zSzNKg6AmySzl0OHET+KQN3T0UrlospUo UPZOrICrqfM8PESa9KakzrAcHL0Wr2gFKI3q6y0HKeMP28oRNgFzLTACz2d/SNw4 AuDeKLbqOopnMT1TdHNkfnANry9J0OVp1LUnTozgTAhJaHphDbtAw+2FZ30ZHvtO gS21N4X0unOMBa/Kv3HjzCDTW3AP8kccfqvYhNmHDt5TybRgaqg4WdiLymnQUaag tZ1X6VwXenBltzHA/uvmiNLutl0cH8t4PMV5rs5JQnnB6Lzut03SuZ4i8j0wPzBc B2S4N49z3jZcKZzCj9PdAwP+MLUGkpzwBFFW/s0E2rDMpYvV2oAxUXAiro0Gte6A z04FZxYdo7hlVmz7R8xveVw2dSthumHgK5Of2QB/3NnygXEwtKIC4M6MKl+LWsxG w1+qZyihjREGC8JuCz5D =8p23 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org