Package: wmfrog Version: 0.2.0-3 Severity: important Tags: patch Dear Maintainer,
The CPPFLAGS hardening flags are missing because they are not set
in debian/rules.
The following patch fixes the issue. Passing LDFLAGS as CFLAGS
might be not a good idea though.
diff -Nru wmfrog-0.2.0/debian/rules wmfrog-0.2.0/debian/rules
--- wmfrog-0.2.0/debian/rules 2012-03-24 07:30:44.000000000 +0100
+++ wmfrog-0.2.0/debian/rules 2012-04-10 21:39:54.000000000 +0200
@@ -12,7 +12,7 @@
$(MAKE) -C debian -f pod2man.mk PACKAGE=$(PACKAGE) makeman
override_dh_auto_build: man
- $(MAKE) $(MAKEOPT) CFLAGS="$(CFLAGS) $(LDFLAGS)"
+ $(MAKE) $(MAKEOPT) CFLAGS="$(CFLAGS) $(CPPFLAGS) $(LDFLAGS)"
override_dh_auto_clean:
[ ! Src/Makefile ] || $(MAKE) $(MAKEOPT) clean
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):
$ hardening-check /usr/bin/wmfrog
/usr/bin/wmfrog:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
