Package: cvsd Severity: important Tags: patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Dear Maintainer, Please consider enabling hardening flags which are a release goal for wheezy. For more information please have a look at [1], [2] and [3]. The following patch bumps debian/compat to 9 to automatically enable the hardening flags and enables all flags (including PIE because cvsd is a server); you could also enable them without changing compat (see [2]), but compat=9 is the preferred and simplest solution. diff -Nru cvsd-1.0.23/debian/compat cvsd-1.0.23.1~hardening1/debian/compat --- cvsd-1.0.23/debian/compat 2011-08-07 21:40:23.000000000 +0200 +++ cvsd-1.0.23.1~hardening1/debian/compat 2012-03-04 20:36:19.000000000 +0100 @@ -1 +1 @@ -8 +9 diff -Nru cvsd-1.0.23/debian/rules cvsd-1.0.23.1~hardening1/debian/rules --- cvsd-1.0.23/debian/rules 2011-08-07 22:05:56.000000000 +0200 +++ cvsd-1.0.23.1~hardening1/debian/rules 2012-03-04 20:45:44.000000000 +0100 @@ -1,5 +1,7 @@ #!/usr/bin/make -f +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + export DH_VERBOSE=1 %: To check if all flags were correctly enabled you can use `hardening-check` from the hardening-includes package: $ hardening-check /usr/sbin/cvsd /usr/sbin/cvsd: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes Regards, Simon [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags [2]: https://wiki.debian.org/HardeningWalkthrough [3]: https://wiki.debian.org/Hardening - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPU8eoAAoJEJL+/bfkTDL5hdUP/20rCYhKH6j2i2zH47vB7nJX fBCvVzgrqAMtHwlh8r/H6tOnjj7A8XiKk9fuO0ige5O3uRMXXNySvFNj2U3cWGe8 BcwA7cEivVhlGHsZmaliFLpqUgUST0EXl1a3IPEMFX+ix7Re9UUe+0MdQdx/erv6 MUOKTP2O3Wb9eORRQHXiNivAGr+yD0oE1j0LEZxarBXKdFzdwWIC9naaHMlP003C 1YCEG++uLsyU1cKn+Ytbt2DUYZq39OpQ1GcgnK5Pvjxtb0Oao2+Wh/Ct+deADVLU XiQFKGvDoxvIY8ziCEDSs9Aoxye2/q15O7mmQzE+3YVDyomFshrV0XvT63kDdi00 pxtb6361HhLLgoXibRY4tzEMUTqo93SfDn+7nRFVBNeV5vpkW2Y6nART8/aqiz7r RUH+plUNQPcILk4MLPwMZbHaQn8yl4cfIIyTi8J+zeDIUFSoKRIv7QiXJ2sRF+EG jFofB4EdNLoRNtOhAuq1IEbvx8zGF2FSlxsSd/ZhOJgJ7RsG2NGxlROSU36TzLRZ 4Ecj5/c8TvoB61T2wmja41Oq41i+UgNYQ7F0JNGNw6Gu+dXOG2LAqVdn4swkQymB m7EMbRymJJSABQQhnxGnpSJIGEdHqALWEtv8pkqkPvJ0vkwz5rYHhk5rVKzaCfG9 p9cJGyKkEa8GTZ6DsToS =QRUX -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org