On 2012-09-14 Simon Ruderich <[email protected]> wrote: > Package: exim4 > Version: 4.80-4 > Severity: important > Tags: patch
> Dear Maintainer, > The CPPFLAGS and LDFLAGS hardening flags are missing because they > are ignored by the build system. For more hardening information > please have a look at [1], [2] and [3]. > The attached patches (exim_debian_rules.patch and > fix-missing-ldflags.patch) fix the issue but I'm not sure if > forcing LFLAGS to LDFLAGS is the best way to handle the LDFLAGS > problem. [...] Hello, I have just taken a look at the patches: * exim_debian_rules.patch looks fine. * fix-missing-ldflags.patch does not really fit. Exim uses LFLAGS where GNU buildsystem uses LDFLAGS. However src/EDITME (mis)uses LDFLAGS to pass on special libraries (SRS, SPF) when linking the main daemon binary. Therefore I think export LFLAGS += $(LDFLAGS) in debian/rules is the better fix. The change to OS/Makefile-Base (adding LFLAGS when linking a helper binary, only used when preparing the build infrastructure) looks fine. I will forward it. * fix-too-verbose.patch: Does not work for upstream as building without FULLECHO='' would echo nothing at all. * makefile-missing-fullecho.patch Nice catch, will forward upstream. thanks, cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
