Bug#664984: Please enable hardened build flags

[Carlos Alberto Lopez Perez]

Package: ngircd
Version: 19-1
Tags: patch, security


Please enable hardened build flags through hardening-wrapper.

http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
http://wiki.debian.org/Hardening#Using_Hardening_Options


I am attaching a patch for it.


Before the patch:

$ hardening-check /usr/sbin/ngircd
/usr/sbin/ngircd:
 Position Independent Executable: no, normal executable!
 Stack protected: yes
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: no, not found!
 Immediate binding: no not found!


After the patch:

$ hardening-check /usr/sbin/ngircd
/usr/sbin/ngircd:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: yes


Thanks!

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carlos Alberto Lopez Perez                           http://neutrino.es
Igalia - Free Software Engineering                http://www.igalia.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



diff -ru a/ngircd-19/debian/control b/ngircd-19/debian/control
--- a/ngircd-19/debian/control	2012-03-22 03:12:20.000000000 +0100
+++ b/ngircd-19/debian/control	2012-03-22 03:11:32.034913201 +0100
@@ -11,6 +11,7 @@
     po-debconf,
     procps,
     telnet,
+    hardening-wrapper
 Vcs-Svn: svn://svn.debian.org/pkg-irc/
 Vcs-Browser: http://svn.debian.org/wsvn/pkg-irc
 Standards-Version: 3.9.3
Only in b/ngircd-19/debian/: files
Only in b/ngircd-19/debian/: ngircd
Only in b/ngircd-19/debian/: ngircd.debhelper.log
Only in b/ngircd-19/debian/: ngircd.postinst.debhelper
Only in b/ngircd-19/debian/: ngircd.postrm.debhelper
Only in b/ngircd-19/debian/: ngircd.prerm.debhelper
Only in b/ngircd-19/debian/: ngircd.substvars
diff -ru a/ngircd-19/debian/rules b/ngircd-19/debian/rules
--- a/ngircd-19/debian/rules	2012-03-22 03:12:20.000000000 +0100
+++ b/ngircd-19/debian/rules	2012-03-22 03:05:30.100491823 +0100
@@ -1,4 +1,5 @@
 #!/usr/bin/make -f
+export DEB_BUILD_HARDENING=1
 
 override_dh_auto_configure:
 	dh_auto_configure -- \

signature.asc
Description: OpenPGP digital signature