Package: audacity
Version: 2.0.0~rc8-1
Severity: important
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
The hardening flags are missing for lib-src/portmixer because the
Makefile ignores compiler flags from the environment. For more
hardening information please have a look at [1], [2] and [3].
The attached patch fixes the issue. If possible it should be sent
upstream.
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):
$ hardening-check /usr/bin/audacity
/usr/bin/audacity:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
(Position Independent Executable and Immediate binding is not
enabled by default.)
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPWqPgAAoJEJL+/bfkTDL5UfoP/3TshdQpTBUKZ6LWbHidWNTI
LnN2rsMKll3g5RLbBS5ajHk6CWfpr0ScUf+KcihwT7YjaPZH93QvSHa5xeYrU2xV
+P5hL/5MggJlTxtnaM1wDe9c0DN7T1LmGvm8qOTiuOWOVmu0kTFkddKyE9jNv3A5
YygqCihgXPuNZXR9TDVEBsd1th6RGVTQ0tDqQaaVSwGmRaReNdCmW7gbLeIaWuRu
HuimLzYsAPoERFaYaNLNqvAoCGz09AEU2ye2p6VjixRTUIVs+A1PLt1tYi4RVojY
QOY+P5I9zp1sm5/4TyfsLrfXoVbRrJI/a6uSHrGeUG1OGaN4YddxZVQeRZN0NJCt
eaAwnT9x6sFVOuW7AvjTd9kLoLv82BzrAXPXXqPuaj2l1v5wgqTCU/FOUfDagfff
Eax09TIbyxt4vzn+8FADkf5XkSVQgXAxhsswu/QQPz/QKlGI4AhMdpAoKuzjn4ms
sVNhnzX6oIGWJUGzSgngwRmZlLh1kp2ezMc7sfxCjNTdDKr0CWFW5K4a/+aQy9zk
SVBWR+ZRsv/WRLVyTQqpRBaQyVl+zXcXkXD7CygDdv8xiXlAWlSqigHfbVXszYxv
FOaC7DDq0t6Qf3bq/ZTvdmgFxUgG2NJnTi8EYhThK5FzB4mcQ47c/8f73nZXNzUR
r5OO2u8TuGilAoNVUrGz
=+jzP
-----END PGP SIGNATURE-----
Description: Use build flags from the environment (dpkg-buildflags).
Author: Simon Ruderich <si...@ruderich.org>
Last-Update: 2012-03-10
--- audacity-2.0.0~rc8.orig/lib-src/portmixer/Makefile.in
+++ audacity-2.0.0~rc8/lib-src/portmixer/Makefile.in
@@ -9,9 +9,12 @@ AR = @AR@
RANLIB = @RANLIB@
DEFS += @DEFS@
+CFLAGS += @CFLAGS@
CFLAGS += @cflags@
CFLAGS += @include@
+CPPFLAGS = @CPPFLAGS@
+
all : $(LIBRARY)
tests:
@@ -22,7 +25,7 @@ $(LIBRARY): $(OBJECTS)
$(RANLIB) $(LIBRARY)
%.o : src/%.c
- $(CC) $(CFLAGS) $(DEFS) -c $(<) -o $@
+ $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c $(<) -o $@
clean :
-rm -f $(LIBRARY)
