Bug#662009: wv2: LDFLAGS Hardening flags missing

Simon Ruderich Sat, 03 Mar 2012 06:48:19 -0800

Package: wv2
Severity: important
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Dear Maintainer,

The hardening flags from LDFLAGS are missing in wv2. The
following patch fixes this by switching to debian/compat=9 which
is the recommended way (alternatively you could set them with
dpkg-buildflags). For more information please have a look at [1],
[2] and [3].

diff -Nru wv2-0.4.2.dfsg.1/debian/compat wv2-0.4.2.dfsg.1/debian/compat
- --- wv2-0.4.2.dfsg.1/debian/compat    2009-11-14 00:16:12.000000000 +0100
+++ wv2-0.4.2.dfsg.1/debian/compat      2012-03-03 15:24:18.000000000 +0100
@@ -1 +1 @@
- -7
+9
diff -Nru wv2-0.4.2.dfsg.1/debian/rules wv2-0.4.2.dfsg.1/debian/rules
- --- wv2-0.4.2.dfsg.1/debian/rules     2012-01-05 06:14:29.000000000 +0100
+++ wv2-0.4.2.dfsg.1/debian/rules       2012-03-03 15:39:06.000000000 +0100
@@ -1,7 +1,7 @@
 #!/usr/bin/make -f
 
- -CXXFLAGS := `dpkg-buildflags --get CXXFLAGS` `dpkg-buildflags --get CPPFLAGS`
- -CXXFLAGS += -DNDEBUG
+# Cmake doesn't use CPPFLAGS by default.
+CXXFLAGS += $(CPPFLAGS) -DNDEBUG
 
 %:
        dh $@

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package:

    $ hardening-check /usr/lib/libwv2.so.4.0.1
    /usr/lib/libwv2.so.4.0.1:
     Position Independent Executable: no, regular shared library (ignored)
     Stack protected: yes
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: no not found!

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJPUi5yAAoJEJL+/bfkTDL5bf8P/1A6QgW3UNF1m/Pk62SxCm6e
Vfpvmk13AHz6C25TeUwKiUBX30XMhVD9SvF5x+jBrixQ0oDdPZpYudACvZTiXk0Q
EXyfS9LP4v/TC6AxyZoz9xNCLovv7B42NnfuvIKC2VhdyieWgMYbo8aA/ombZetH
2PPhlWjPpUo4tTtvONh2NF2l1LnEGyBRK0y+6U2qrPbo4BDQmTt0JnGvfauazvgH
SqOw3peLPWLY5ZPVRckNh9rvWwASXp+zSzNKg6AmySzl0OHET+KQN3T0UrlospUo
UPZOrICrqfM8PESa9KakzrAcHL0Wr2gFKI3q6y0HKeMP28oRNgFzLTACz2d/SNw4
AuDeKLbqOopnMT1TdHNkfnANry9J0OVp1LUnTozgTAhJaHphDbtAw+2FZ30ZHvtO
gS21N4X0unOMBa/Kv3HjzCDTW3AP8kccfqvYhNmHDt5TybRgaqg4WdiLymnQUaag
tZ1X6VwXenBltzHA/uvmiNLutl0cH8t4PMV5rs5JQnnB6Lzut03SuZ4i8j0wPzBc
B2S4N49z3jZcKZzCj9PdAwP+MLUGkpzwBFFW/s0E2rDMpYvV2oAxUXAiro0Gte6A
z04FZxYdo7hlVmz7R8xveVw2dSthumHgK5Of2QB/3NnygXEwtKIC4M6MKl+LWsxG
w1+qZyihjREGC8JuCz5D
=8p23
-----END PGP SIGNATURE-----



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#662009: wv2: LDFLAGS Hardening flags missing

Reply via email to