Package: sdl-mixer1.2 Version: 1.2.12-1 Severity: normal Tags: patch Dear Maintainer,
The LDFLAGS hardening flags are missing for playwave/playmus because the build system ignores them. The attached patch fixes the issue, if possible it should be sent upstream. I don't know if playwave/playmus is important or not, but enabling the flags for the whole package prevents problems in the future and makes automatic checks easier. Regards, Simon [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags [2]: https://wiki.debian.org/HardeningWalkthrough [3]: https://wiki.debian.org/Hardening -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
Description: Use LDFLAGS from environment (dpkg-buildflags). Necessary for hardening flags. Author: Simon Ruderich <[email protected]> Last-Update: 2012-03-24 --- sdl-mixer1.2-1.2.12.orig/Makefile.in +++ sdl-mixer1.2-1.2.12/Makefile.in @@ -66,10 +66,10 @@ $(objects)/$(TARGET): $(OBJECTS) $(VERSI $(LIBTOOL) --mode=link $(CC) -o $@ $(OBJECTS) $(VERSION_OBJECTS) $(LDFLAGS) $(EXTRA_LDFLAGS) $(LT_LDFLAGS) $(objects)/playwave$(EXE): $(objects)/playwave.lo $(objects)/$(TARGET) - $(LIBTOOL) --mode=link $(CC) -o $@ $(objects)/playwave.lo $(SDL_CFLAGS) $(SDL_LIBS) $(objects)/$(TARGET) + $(LIBTOOL) --mode=link $(CC) -o $@ $(objects)/playwave.lo $(SDL_CFLAGS) $(SDL_LIBS) $(LDFLAGS) $(objects)/$(TARGET) $(objects)/playmus$(EXE): $(objects)/playmus.lo $(objects)/$(TARGET) - $(LIBTOOL) --mode=link $(CC) -o $@ $(objects)/playmus.lo $(SDL_CFLAGS) $(SDL_LIBS) $(objects)/$(TARGET) + $(LIBTOOL) --mode=link $(CC) -o $@ $(objects)/playmus.lo $(SDL_CFLAGS) $(SDL_LIBS) $(LDFLAGS) $(objects)/$(TARGET) install: all install-hdrs install-lib #install-bin install-hdrs:
signature.asc
Description: Digital signature
