Package: letterize Version: 1.3-2 Severity: normal Tags: patch Dear Maintainer,
The CPPFLAGS hardening flags are missing due to a typo in makefile_add_flags.patch. For more hardening information please have a look at [1], [2] and [3]. The following patch fixes the issue. Btw. CXXFLAGS are not necessary in this case because no C++ files are built. diff -Nru letterize-1.3/debian/patches/makefile_add_flags.patch letterize-1.3/debian/patches/makefile_add_flags.patch --- letterize-1.3/debian/patches/makefile_add_flags.patch 2012-05-28 05:48:49.000000000 +0200 +++ letterize-1.3/debian/patches/makefile_add_flags.patch 2012-05-29 03:45:52.000000000 +0200 @@ -3,13 +3,15 @@ Author: Francois Marier <franc...@debian.org> Last-Update: 2012-05-28 ---- a/Makefile -+++ b/Makefile -@@ -6,6 +6,7 @@ VERS=$(shell sed <letterize.spec -n -e '/Version: \(.*\)/s//\1/p') +Index: letterize-1.3/Makefile +=================================================================== +--- letterize-1.3.orig/Makefile 2012-05-29 03:43:16.000000000 +0200 ++++ letterize-1.3/Makefile 2012-05-29 03:45:44.324712366 +0200 +@@ -6,6 +6,7 @@ all: letterize letterize: letterize.c -+ gcc -o letterize $(CFLAGS) $(CPPFLAGES) $(CXXFLAGS) $(LDFLAGS) letterize.c ++ gcc -o letterize $(CFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) letterize.c SOURCES = README COPYING letterize.xml Makefile letterize.c letterize.spec To check if all flags were correctly enabled you can use `hardening-check` from the hardening-includes package and check the build log (for example with blhc [4]) (hardening-check doesn't catch everything): $ hardening-check /usr/bin/letterize /usr/bin/letterize: Position Independent Executable: no, normal executable! Stack protected: no, not found! Fortify Source functions: unknown, no protectable libc functions used Read-only relocations: yes Immediate binding: no not found! (Position Independent Executable and Immediate binding is not enabled by default.) Use find -type f \( -executable -o -name \*.so\* \) -exec hardening-check {} + on the build result to check all files. Regards, Simon [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags [2]: https://wiki.debian.org/HardeningWalkthrough [3]: https://wiki.debian.org/Hardening [4]: http://ruderich.org/simon/blhc/ -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature