Package: wdiff
Version: 1.1.0-2
Severity: important
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear Maintainer,

Please consider enabling hardening flags which are a release goal
for wheezy. For more information please have a look at [1], [2]
and [3].

The following patch bumps debian/compat to 9 to automatically
enable the hardening flags; you could also enable them without
changing compat (see [2]), but compat=9 is the preferred and
simplest solution.

    diff -Nru wdiff-1.1.0/debian/compat wdiff-1.1.0/debian/compat
    --- wdiff-1.1.0/debian/compat   2011-08-06 23:18:23.000000000 +0200
    +++ wdiff-1.1.0/debian/compat   2012-03-02 18:45:17.000000000 +0100
    @@ -1 +1 @@
    -8
    +9
    diff -Nru wdiff-1.1.0/debian/control wdiff-1.1.0/debian/control
    --- wdiff-1.1.0/debian/control  2012-02-26 17:48:08.000000000 +0100
    +++ wdiff-1.1.0/debian/control  2012-03-08 01:24:08.000000000 +0100
    @@ -2,7 +2,7 @@
     Section: text
     Priority: optional
     Maintainer: Santiago Vila <[email protected]>
    -Build-Depends: libncurses5-dev, texinfo, debhelper (>= 8)
    +Build-Depends: libncurses5-dev, texinfo, debhelper (>= 9)
     Build-Depends-Indep: texi2html (>= 1.76)
     Standards-Version: 3.9.2
     Homepage: http://www.gnu.org/software/wdiff/

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):

    $ hardening-check /usr/bin/wdiff2 /usr/bin/wdiff /usr/bin/unify 
/usr/bin/mdiff
    /usr/bin/wdiff2:
     Position Independent Executable: no, normal executable!
     Stack protected: no, not found!
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: no not found!
    /usr/bin/wdiff:
     Position Independent Executable: no, normal executable!
     Stack protected: yes
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: no not found!
    /usr/bin/unify:
     Position Independent Executable: no, normal executable!
     Stack protected: no, not found!
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: no not found!
    /usr/bin/mdiff:
     Position Independent Executable: no, normal executable!
     Stack protected: yes
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: no not found!

(Position Independent Executable and Immediate binding is not
enabled by default.)

Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages wdiff depends on:
ii  libc6      2.13-27
ii  libtinfo5  5.9-4

wdiff recommends no packages.

wdiff suggests no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIbBAEBCAAGBQJPV/y8AAoJEJL+/bfkTDL5WGEP9jpfsDxXsAjM/mpzVzF937eX
9LsM5tgTLuzaevq6Vwou/c82Az56ckxng5H108L8L7RIhLvGtHq3RzZ2t/oEK+/p
8pfHRhZprHDFgEvdO6SheQ97B9/0xxj1KqINqc8Q4Dl3qm94JMhJRgZzRnIPsOES
P1F1nJINaqEiFr3H//CXF41w2I6XjZT6457dcpIlXa760GcDIR1HlGLfVb471a16
77WOBQ2b69u4p15FvgnUzRJXQenusEGj4lrEJMoSu/FO0lhUCT7Swpxqw/1fr4O3
abWn/Ri8xW37PnoAWj/VX7oUdlprTU006QvSOLImmTq/1Qi9fwqyRzB9xb++qqXZ
lqrdVMzieS6kVp8q6bek/D0rztcdXNRv5YqoAW773W7XPMgjaOV+5urWpnuo8K1I
5Z3aHC5r9FfNfC4PrbD3/dmHAcr36nXOVGAFtBNt2sKabNn31iJGoNJ1US5B2pH5
28NBgZ1MtDmRGah3495vCcXN6YXASX6R4lYkqrPrNws2r7/rvxFFP4d/jIwg4tpT
Om/Qw9h3rylx8ksQaeBLdqTKvW5mPiIr4v6ciQLPNb0dDN8nuuC0EzYDZROqeTNO
Id9XQwUstuF05RY3qcTffOtHmqi0cmtQ2/Wbjurzq7qc8MZ6l1uXijEMiWjo2WZX
+oXxPWmExJYcENMvNBI=
=Vkmf
-----END PGP SIGNATURE-----



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to