Package: cups Version: 1.5.2-6 Severity: important Tags: patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Dear Maintainer, Most hardening flags are already enabled by default, but +now is missing. The attached enables it. For more information please have a look at [1], [2] and [3]. Regards, Simon [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags [2]: https://wiki.debian.org/Hardening [3]: https://wiki.debian.org/HardeningWalkthrough - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPVjcYAAoJEJL+/bfkTDL5A1MP/20RkPASv9VDW6ePK70RAMMd ThinpvINHlhYs4ezmU4HdNJovWIq5w+22EAzwLukhxTOZ3ZaAs5wVyl/pGGYX0sg Hn9/D7VUXW8+2Sm8A8dp90ztNzsUCSyItEqXHs/1tgtifzq+m8VAjRzyc7QABf1c oLgrK1np0+zs5av19kjhd6VK80a6VuPpuF2N6LKQ+hqCVKnaeRc8gsx518OLUmoM wbgXh/8/V3UUGIJDSJHQstmYoO4G3KvopqN9daNZSCU0vjyQ0qf0K1uZJKDohLH/ vmvfW3JcynYYLOsEFRVKgKhlbpEDlWHCjiMkvxCwjlt3hx2F0ox6JX1IKm8GHXDB aOo6kffRPGmkI5QYaZTNXm+QOQnmTc+eOAveP07vojXBPq1fg4dpH9Rkh89g9Frf MhUdQXVkJdeFSTmKt/l4K3pPtsaivmjFJU3Txa86yeDGuF5NeNO2SpNo+2ECbZpX 6EGJsCwux03+2oaRSj0YMN3cD9HYXY83osuBBjUdZKysCyY8f0wYtC5xqnFMK83g Ru5wvkOrfGXtnNso+VuIqVUn9R+Uv+niLRjn4tXrpqdaazs8V2mbpI+06mMweJCP uE/GdZnipPic7t91djGLTOPQM067eCff8+afyeO8zlLM7DUav5c9PCfSJmXnb/1A 2PKkP3Sjtnz1uJ7drUJx =GRUT -----END PGP SIGNATURE-----
diff -Nru cups-1.5.2/debian/rules cups-1.5.2/debian/rules --- cups-1.5.2/debian/rules 2012-03-05 08:05:56.000000000 +0100 +++ cups-1.5.2/debian/rules 2012-03-06 00:35:48.000000000 +0100 @@ -12,10 +12,15 @@ # work around libpng crash on our test PNGs with 8 bit colormaps (LP #710881) export NO_PNG_PKG_MANGLE=1 -#export DEB_BUILD_MAINT_OPTIONS=hardening +# Enabling PIE globally doesn't work, but ./configure already enables PIE +# where necessary. +export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie DPKG_EXPORT_BUILDFLAGS=1 include /usr/share/dpkg/buildflags.mk LDFLAGS+= -Wl,--as-needed +# The build system uses only DSOFLAGS but not LDFLAGS to build some libraries. +# Add LDFLAGS to enable (hardening) build flags. +export DSOFLAGS = $(LDFLAGS) include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/class/autotools.mk
