Bug#662802: jwm: CPPFLAGS hardening flags missing

Tue, 06 Mar 2012 06:12:42 -0800 

Package: jwm
Severity: important
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

The CPPFLAGS hardening flags are missing because the build system
ignores them.

The attached patch fixes the issue, if possible it should be
included upstream.

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package:

    $ hardening-check /usr/bin/jwm
    /usr/bin/jwm:
     Position Independent Executable: no, normal executable!
     Stack protected: yes
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: no not found!

(Position Independent Executable and Immediate binding is not
enabled by default.)

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJPVhcuAAoJEJL+/bfkTDL5eu0QALU1VZDSJA1NUsN3Mxn1/f/8
cDLlnowNYJ1KgfUhuE3PY2zXMpbk4AVy39bgBHsYMLkrDEyFgodKEBDTWDXtg6Ql
p8zI+Ooy3Z5C+5V/PuwXArg6DuM5GLcdNna2mV1E1M8QjKlgxjt36sKSM+1fOv0/
Y+3dug8VJjoTSghnmEFPSAg9CWCZ6RXG6IYv7V+q+lfleMB2bvpUnjfNvt7WNjAW
/WqAUm4eQRurxxg8S/yf2KHIgSlvkG0+ZoLUe3fHMfkN8axZ4XJUdWCKsfIsM+L3
2belvavxdwykg75GPgJwILjRn5KyHWI1R6XBPY/+J8FMJh9zEEAsqkGusijKreng
vFQPpj0zjHXwBNC+KMnYTdwbSXqDorGuAw2YoS63olkggm9vIBRJEYAVzVwH8HM4
39mqdvg+5jkknirNln68JlPN7z+gHiP0Uxv5pgyJuQduGEfzamSfqS0HCb8Ihqjb
RivRojSluY8TVYNp5vh4CPTUsUlPejvT2gNV5GUzTfvtpoaeF9cXqUFMn+usZQZM
33aaBSmPcb6V/+b15+/XtVqkOtVflx5n0oFVEz1yTva5Z0kWZtP4EXK1Y7iaoDUv
urH9lWsATVJ7+1Zeoczxea58jifAn9X8FmVBwjVv9iwvz9oGzr6Nutv9Gr93mOwd
UvP27KFSNY2R/J1B46Mu
=GQpp
-----END PGP SIGNATURE-----

Description: Use CPPFLAGS, necessary for hardening flags.
Author: Simon Ruderich <[email protected]>
Last-Update: 2012-03-06

--- jwm-2.1.0.orig/src/Makefile.in
+++ jwm-2.1.0/src/Makefile.in
@@ -1,6 +1,7 @@
 
 CC = @CC@
 CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
 LDFLAGS = @LDFLAGS@
 BINDIR = @BINDIR@
 
@@ -31,7 +32,7 @@ $(EXE): $(OBJECTS)
 	$(CC) -o $(EXE) $(OBJECTS) $(LDFLAGS)
 
 .c.o:
-	$(CC) -c $(CFLAGS) $<
+	$(CC) -c $(CFLAGS) $(CPPFLAGS) $<
 
 clean:
 	rm -f $(OBJECTS) $(EXE) core

Reply via email to