Package: libxslt Version: 1.1.26-13 Severity: normal Tags: patch Dear Maintainer,
The LDFLAGS hardening flags are missing for the dbg package
because they are not set in debian/rules. For more hardening
information please have a look at [1], [2] and [3].
The following patch fixes the issue.
diff -Nru libxslt-1.1.26/debian/rules libxslt-1.1.26/debian/rules
--- libxslt-1.1.26/debian/rules 2012-07-05 05:05:21.000000000 +0200
+++ libxslt-1.1.26/debian/rules 2012-07-11 02:50:09.000000000 +0200
@@ -37,7 +37,7 @@
dobuild-python%: BUILD_DIR=builddir/main/$*
dobuild-python%-dbg: BUILD_FLAGS = PYTHON_INCLUDES=/usr/include/$(*:-dbg=_d) \
- LDFLAGS="-L$(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)"
CFLAGS="-Wall -g -O0"
+ LDFLAGS="$(LDFLAGS) -L$(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)"
CFLAGS="$(CFLAGS) -Wall -O0"
override_dh_auto_clean:
rm -rf builddir debian/tmp-dbg config.sub config.guess autogen.sh
-O0 overrides the default -O2.
Enabling the hardening flags for the complete package allows
automatic checks for missing hardening flags and is generally a
good idea.
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log with `blhc` (hardening-check doesn't catch
everything).
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
