Package: wdiff
Version: 1.1.0-2
Severity: important
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
Please consider enabling hardening flags which are a release goal
for wheezy. For more information please have a look at [1], [2]
and [3].
The following patch bumps debian/compat to 9 to automatically
enable the hardening flags; you could also enable them without
changing compat (see [2]), but compat=9 is the preferred and
simplest solution.
diff -Nru wdiff-1.1.0/debian/compat wdiff-1.1.0/debian/compat
--- wdiff-1.1.0/debian/compat 2011-08-06 23:18:23.000000000 +0200
+++ wdiff-1.1.0/debian/compat 2012-03-02 18:45:17.000000000 +0100
@@ -1 +1 @@
-8
+9
diff -Nru wdiff-1.1.0/debian/control wdiff-1.1.0/debian/control
--- wdiff-1.1.0/debian/control 2012-02-26 17:48:08.000000000 +0100
+++ wdiff-1.1.0/debian/control 2012-03-08 01:24:08.000000000 +0100
@@ -2,7 +2,7 @@
Section: text
Priority: optional
Maintainer: Santiago Vila <[email protected]>
-Build-Depends: libncurses5-dev, texinfo, debhelper (>= 8)
+Build-Depends: libncurses5-dev, texinfo, debhelper (>= 9)
Build-Depends-Indep: texi2html (>= 1.76)
Standards-Version: 3.9.2
Homepage: http://www.gnu.org/software/wdiff/
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):
$ hardening-check /usr/bin/wdiff2 /usr/bin/wdiff /usr/bin/unify
/usr/bin/mdiff
/usr/bin/wdiff2:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
/usr/bin/wdiff:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
/usr/bin/unify:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
/usr/bin/mdiff:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
(Position Independent Executable and Immediate binding is not
enabled by default.)
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages wdiff depends on:
ii libc6 2.13-27
ii libtinfo5 5.9-4
wdiff recommends no packages.
wdiff suggests no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIbBAEBCAAGBQJPV/y8AAoJEJL+/bfkTDL5WGEP9jpfsDxXsAjM/mpzVzF937eX
9LsM5tgTLuzaevq6Vwou/c82Az56ckxng5H108L8L7RIhLvGtHq3RzZ2t/oEK+/p
8pfHRhZprHDFgEvdO6SheQ97B9/0xxj1KqINqc8Q4Dl3qm94JMhJRgZzRnIPsOES
P1F1nJINaqEiFr3H//CXF41w2I6XjZT6457dcpIlXa760GcDIR1HlGLfVb471a16
77WOBQ2b69u4p15FvgnUzRJXQenusEGj4lrEJMoSu/FO0lhUCT7Swpxqw/1fr4O3
abWn/Ri8xW37PnoAWj/VX7oUdlprTU006QvSOLImmTq/1Qi9fwqyRzB9xb++qqXZ
lqrdVMzieS6kVp8q6bek/D0rztcdXNRv5YqoAW773W7XPMgjaOV+5urWpnuo8K1I
5Z3aHC5r9FfNfC4PrbD3/dmHAcr36nXOVGAFtBNt2sKabNn31iJGoNJ1US5B2pH5
28NBgZ1MtDmRGah3495vCcXN6YXASX6R4lYkqrPrNws2r7/rvxFFP4d/jIwg4tpT
Om/Qw9h3rylx8ksQaeBLdqTKvW5mPiIr4v6ciQLPNb0dDN8nuuC0EzYDZROqeTNO
Id9XQwUstuF05RY3qcTffOtHmqi0cmtQ2/Wbjurzq7qc8MZ6l1uXijEMiWjo2WZX
+oXxPWmExJYcENMvNBI=
=Vkmf
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
