Package: isoqlog
Version: 2.2.1-6
Severity: important
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
Please consider enabling hardening flags which are a release goal
for wheezy. For more information please have a look at [1], [2]
and [3].
The following patch enables the hardening flags.
diff -Nru isoqlog-2.2.1/debian/rules isoqlog-2.2.1/debian/rules
--- isoqlog-2.2.1/debian/rules 2012-03-07 10:33:45.000000000 +0100
+++ isoqlog-2.2.1/debian/rules 2012-03-08 01:11:51.000000000 +0100
@@ -14,6 +14,8 @@
DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
CFLAGS += -g
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):
$ hardening-check /usr/bin/isoqlog
/usr/bin/isoqlog:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
(Position Independent Executable and Immediate binding is not
enabled by default.)
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPV/o+AAoJEJL+/bfkTDL5VHMQAK7ntE7Jixr9uTThHn9iQsHI
1hBuXa5SOH6AeWAEmj/OqKl2B344b9kGmhJUB5sTFrXpoCvGk4CSB7XRwFpoMt53
cg7scQ4a7K4Z1Ka1s/9gKqRb8WL6C/pozGnkKHDjjbambjsJYvEZXb9h2naE8Vrz
UmLwTg6WUzMb2Wam5iw3IzV75oS5LfqG5zfIbFaoLMgfyUcV3JayuDNzvARHjctj
ycbMNEK2SS1qWmlX9m/PsiSCVQV8HYkOPSJVgxEjj8HL8cSmuh9f6yrWxUgsDCEq
3Pgevgm80FOzZ2+SRsQeXssDhdhaRkbSiKTAHftBd+6DjcKuN3OUSQX7SPGLGXfq
OoZPSf3UlgbfvdTbQdKXPEARL0IBqv4pf8JKf8/F05HICROtXupYw/zkEUr+ZMNu
UKcUaxiF41TMcp66eIfG8eA0dHmC3lUejlh787vP9ioFlbShYEr2mvPdlE2E/fDx
le9gxj4EQSPVT5nKpkCIi1L4CE80UKbSrS1z5onNAOBWKYDhs0hs7aGkwsszIW07
HJdOaaYvMv9nrJpbyj4HpusQ2DlhFxwW8fFk4wXTRHDCbdhY80wWg6ZuwA+Lqn/I
OeOAO0KmVRbwt7xGgyodc9weAEOPdCwGLPM7C737Xu1gPSIiloRChe6SQT1zCWJf
yIGUl/Re70MUb7OYAFvF
=nc78
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
