Package: fcron
Version: 3.0.1-1.3
Followup-For: Bug #353508
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Here is a logcheck/ignore.d.paranoid file for fcron. It should
catch most messages but I may have missed some.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ fcron\[[0-9]+\]: Job .+ started for
Package: w3c-markup-validator
Version: 0.7.4-5.2
Severity: minor
Tags: patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
There is a minor typo in README.Debian. The post.pl example
script specifies a wrong URL on line 48, it says
w3-markup-validator but it should be
Package: libghc6-xmonad-contrib-dev
Version: 0.7-2
Severity: important
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
The Debian update 3.0.4 updates libghc6-xmonad-dev to 0.7-2+b1
but libghc6-xmonad-contrib-dev depends on 0.7-2. This causes a
conflict and prevents the update of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, Jan 02, 2010 at 10:20:33PM +0100, Armin Obersteiner wrote:
hi!
Hello,
Thanks for your quick reply.
where does /dev/cdrom point to? is it the right device?
/dev/cdrom points to /dev/hda. I'm not sure, it works fine for
playing music CDs
Package: inspircd
Version: 1.1.22+dfsg-3
Severity: minor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
I installed inspircd locally for testing purposes. Every time I
connect to it with localhost:6667 I get the following error
message:
21:41 !irc.local *** Looking up your hostname...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, Aug 19, 2009 at 09:43:07PM +0100, Robin Burchell wrote:
InspIRCd does not parse /etc/hosts. You either need a DNS A record +
reverse lookup on whatever recursive nameserver you're using, or
change options:nouserdns if DNS is not important
Rocco Rutte wrote:
Hi,
It would nice if one of you missing the old behaviour could write some
lines as to what the workflow is when the flag is cleared everytime you
leave a folder...
Rocco
Hi,
I like the old behavior much more, so here is my workflow. I mark
important messages with F
Package: mpc
Version: 0.12.1-1
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
I'm mpd running on localhost (bind_to_address localhost) and
when I run mpc to control mpd I get the following error:
MPD_HOST and/or MPD_PORT environment variables are not set
error:
Package: lbdb
Version: 0.36
Followup-For: Bug #542012
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The attached patch should fix this and the same problem in
another file of the package.
Simon
- -- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Package: sshfs
Followup-For: Bug #551288
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi again,
My report was not correct, the problem is the same like in
#571005. I didn't notice this because I mounted the directory in
$HOME which caused many programs to hang and made the mistake of
not
Package: libcddb-get-perl
Version: 2.23-2.1
Severity: important
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
When running the example script from perldoc CDDB_get (and also
other scripts using CDDB_get, I tried it with crip) I get the
following error:
cannot read toc [Function not
Package: asciidoc
Version: 8.2.7-2
Severity: minor
Tags: patch
Hi,
there is a minor bug in README.Debian. It states that the
docbook2odf is not available in Debian, but at least in Lenny it
is. Attached is a patch to fix this.
Thanks,
Simon
-- System Information:
Debian Release: 5.0.1
APT
Package: asciidoc
Version: 8.4.4-1
Severity: normal
Tags: patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
In 8.4.1 AsciiDoc added an API which makes using it from other
applications very easy. The API is provided by a new file named
asciidocapi.py. The package does not include the file
Package: sshfs
Version: 2.1-1
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
I'm using sshfs among other things to mount a directory from my
laptop on my local machine. This works fine except when the
laptop goes to sleep or I pull the network cable (to use my
laptop
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
Description: Don't set the hardening flags manually.
Instead take them from dpkg-buildflags which automatically disables
unsupported flags on the current architecture.
.
Prevents build failure on e.g. kfreebsd.
Author: Simon
Package: sysvinit
Version: 2.88dsf-27
Severity: normal
Tags: patch
Dear Maintainer,
The CPPFLAGS hardening flags (-D_FORTIFY_SOURCE=2) are missing
because they are not set in debian/rules. For more hardening
information please have a look at [1], [2] and [3].
The following patch fixes the issue
reopen 653852
thanks
Dear Maintainer,
The hardening flags are still missing for
src/libs/gnulib/lib/localcharset.c because they are not passed to
the configure in debian/rules.
The following patch fixes the issue.
diff -Nru groff-1.21/debian/rules groff-1.21/debian/rules
---
reopen 669495
thanks
Dear Maintainer,
Please don't disable all hardening flags just because one
hardening option causes a build failure.
The problem is the pie hardening option which can cause
-fPIC/-fPIE conflicts (libraries must be built/linked with -fPIC,
binaries with -fPIE).
Most build
On Tue, Jun 26, 2012 at 08:05:19PM +0100, Roger Leigh wrote:
Are you sure? I enabled all this stuff in the last upload.
Commits 83e9240 and prior. We also use dh9 compatibility and dh
to set up CFLAGS. Are we just missing the inclusion of
CPPFLAGS only? Or are we getting other bits wrong
reopen 655164
thanks
Dear Maintainer,
The LDFLAGS hardening flags are still missing for libbz2.so
because $(LDFLAGS) is not used in Makefile. For more hardening
information please have a look at [1], [2] and [3].
The attached patch is an updated version of bzip2-harden.patch
which fixes the
On Tue, Jul 03, 2012 at 07:49:06PM +0200, Nicolas Boulenguez wrote:
Hello. Ada sources are compiled with gcc command lines.
CPPFLAGS do not make sense at all for them. Please consider the
following trivial patch.
[snip]
Hello Nicolas,
Thanks for your report. I've applied your patch
On Sat, Jul 07, 2012 at 09:54:47PM +0200, Nicolas Boulenguez wrote:
Your changes has the expected effect for all my packages, showing two
true errors that were hiddens among false positives. Thanks.
Hello Nicolas,
Thanks for verifying the fix.
Regards,
Simon
--
+ privacy is necessary
+ using
Package: devscripts
Version: 2.12.0
Severity: normal
Tags: patch
Dear Maintainer,
getbuildlog fails to fetch versions which contain +, e.g.
$ getbuildlog mpg123 1.14.2+svn20120622-1
The following patch should fix this issue:
--- /usr/bin/getbuildlog2012-06-30 17:20:16.0
Package: libxslt
Version: 1.1.26-13
Severity: normal
Tags: patch
Dear Maintainer,
The LDFLAGS hardening flags are missing for the dbg package
because they are not set in debian/rules. For more hardening
information please have a look at [1], [2] and [3].
The following patch fixes the issue.
On Tue, May 22, 2012 at 12:06:38AM +0100, Mark Brown wrote:
On Mon, May 21, 2012 at 08:51:16PM +0200, Simon Ruderich wrote:
On Mon, May 21, 2012 at 08:42:11AM +0100, Mark Brown wrote:
And fixing the upstream build system to respect flags from the
environment sounds like a good idea to me
reopen 674537
thanks
Dear Maintainer,
The LDFLAGS hardening flags are still missing because they are
not set in debian/rules. For more hardening information please
have a look at [1], [2] and [3].
The following patch fixes the issue.
diff -Nru aria2-1.15.0/debian/rules
/
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
Description: Use build flags from environment (dpkg-buildflags).
Necessary for hardening flags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-05-27
--- loqui-0.5.3.orig/libloqui/Makefile.am
+++ loqui
://ruderich.org/simon/blhc/
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
Description: Use build flags from environment (dpkg-buildflags).
Necessary for hardening flags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-05-27
Index: tomoyo
(dpkg-buildflags).
Necessary for hardening flags.
.
Just passing LDFLAGS as CLDFLAGS doesn't work.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-05-27
Index: lvm2-2.02.95/configure.in
===
--- lvm2-2.02.95.orig
reopen 655139
thanks
Dear Maintainer,
The CPPFLAGS hardening flags are still missing because they are
ignored by the build system. For more hardening information
please have a look at [1], [2] and [3].
The following patch fixes the issue.
diff -Nru openswan-2.6.37/debian/rules
On Sun, May 27, 2012 at 11:56:24AM +0100, Alasdair G Kergon wrote:
On Sun, May 27, 2012 at 02:42:14AM +0200, Simon Ruderich wrote:
-CLDFLAGS=$CLDFLAGS -Wl,--version-script,.export.sym
+CLDFLAGS=$LDFLAGS $CLDFLAGS -Wl,--version-script,.export.sym
What are typical
reopen 673719
thanks
Dear Maintainer,
The CPPFLAGS are still missing because you applied my patch only
in parts. Here is the part which is still missing:
diff -Nru onscripter-20120527/debian/rules onscripter-20120527/debian/rules
--- onscripter-20120527/debian/rules2012-05-27
On Mon, May 28, 2012 at 07:31:54AM +0900, Hideki Yamane wrote:
Hi Simon,
Thanks for your patch, but how about attached one? (almost same)
Hi Hideki,
Your patch works fine to fix the missing flags.
However AM_CPPFLAGS/CPPFLAGS are not meant for compiler flags,
but for preprocessor flags.
On Tue, May 29, 2012 at 07:46:17AM +0900, Hideki Yamane wrote:
Hi Simon,
Thanks again for the lesson :)
Hi Hideki,
No problem ;-) Thanks for applying the patch so quickly.
If hardening-check would says all hardening functions are enabled,
do I need to check it with blhc, too?
If you
Package: letterize
Version: 1.3-2
Severity: normal
Tags: patch
Dear Maintainer,
The CPPFLAGS hardening flags are missing due to a typo in
makefile_add_flags.patch. For more hardening information please
have a look at [1], [2] and [3].
The following patch fixes the issue. Btw. CXXFLAGS are not
On Tue, May 29, 2012 at 07:24:46PM +1200, Francois Marier wrote:
Thanks for catching that. I've fixed it in git:
http://anonscm.debian.org/gitweb/?p=collab-maint/letterize.git
and now it includes the right options on the build line:
gcc -o letterize -g -O2 -fstack-protector
Package: libedit
Version: 2.11-20080614-4
Severity: normal
Tags: patch
Dear Maintainer,
The LDFLAGS hardening flags are missing for libedit.so.2.11
because the build system ignores them. For more hardening
information please have a look at [1], [2] and [3].
The following patch fixes the issue.
/
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
Description: Use build flags from environment (dpkg-buildflags).
Necessary for hardening flags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-05-20
Index: zlib-1.2.7.dfsg/Makefile.in
On Sun, May 20, 2012 at 03:42:31PM +0100, Mark Brown wrote:
Dear Whatever,
Hello Mark,
(Just using the snippet from reportbug, what do you prefer as
address?)
If you're sending stuff like this please just send a patch that can
actually be applied to the package, it's much easier than having
On Sun, May 20, 2012 at 04:05:44PM +0100, Mark Brown wrote:
Description: Use build flags from environment (dpkg-buildflags).
Necessary for hardening flags.
example$(EXE): example.o $(STATICLIB)
-$(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS)
+$(CC) $(CFLAGS) $(LDFLAGS) -o $@
On Sun, May 20, 2012 at 07:21:10PM -0500, Jonathan Nieder wrote:
Hi Simon,
Simon Ruderich wrote:
I think just patching in LDFLAGS is simpler than fixing configure
and adding TEST_LDFLAGS in a few places.
The problem with this approach is that all the distros are going to
have to make
Package: onscripter
Version: 20120520-1
Severity: normal
Tags: patch
Dear Maintainer,
The CPPFLAGS and LDFLAGS hardening flags are missing because they
are not set in debian/rules. Setting only CFLAGS is not enough.
For more hardening information please have a look at [1], [2] and
[3].
The
On Mon, May 21, 2012 at 08:42:11AM +0100, Mark Brown wrote:
This isn't a problem at all - it's not like any of the test programs are
actually shipped. I'm not sure why I bothered even pass it in to be
honest, I think I was just too mystified as to what your patch was all
about.
True, they
On Sun, May 20, 2012 at 09:45:08PM -0500, Jonathan Nieder wrote:
I see. In that case I disagree with you. My first impression is that
patching in LDFLAGS upstream is not simpler than fixing configure and
adding TEST_LDFLAGS in a few places. The former is a maintainability
hassle (how do I
On Mon, May 21, 2012 at 04:03:37PM -0500, Jonathan Nieder wrote:
No, none of us are being paid for this. :)
Hello Jonathan,
I think everything would have gone more smoothly if you had said
Fixing this properly is not my itch --- here's a patch to illustrate
the problem, and it works for me.
On Thu, Jul 12, 2012 at 12:11:41PM +0800, Aron Xu wrote:
Hi Simon,
Thanks for your care, but I'm still not sure how useful to enable
hardening in -dbg package, and I'm not sure if it will make debugging
more difficult? The use of -O0 was deliberate by previous libxslt
maintainer and I agree
-buildflags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-07-11
--- ecryptfs-utils-98.orig/configure
+++ ecryptfs-utils-98/configure
@@ -14258,6 +14258,8 @@ ac_link='$CC -o conftest$ac_exeext $CFLA
ac_compiler_gnu=$ac_cv_c_compiler_gnu
# save current global flags
: 0x92FEFDB7E44C32F9
Description: Use CFLAGS from environment (dpkg-buildflags).
Necessary for hardening flags.
.
Don't specify -O2 and -g (on by default) so they can be overwritten by
dpkg-buildflags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-07-13
--- scheme9-2012.07.10.orig
Package: nasm
Version: 2.10.01-1
Severity: normal
Tags: patch
Dear Maintainer,
The CPPFLAGS hardening flags are missing because they are ignored
by the build system. For more hardening information please have a
look at [1], [2] and [3].
The following patch fixes the issue.
dpkg-buildflags
On Sat, Jul 14, 2012 at 09:47:03AM +1000, AnĂbal Monsalve Salazar wrote:
Everything in nasm is C. Why do I need $CPPFLAGS?
Because $CPPFLAGS are not flags for C++ files (CXXFLAGS are for
C++ files), but flags for the preprocessor (cpp).
Compiling a normal C file needs $CPPFLAGS and $CFLAGS,
Package: mediainfo
Version: 0.7.56-1
Severity: important
Tags: patch
Dear Maintainer,
The LDFLAGS hardening flags are missing because they are
overwritten in debian/rules.
DEB_*_MAINT_APPEND is the preferred way to set additional flags
(see man dpkg-buildflags for more information). For more
Package: tabix
Version: 0.2.5-2
Severity: important
Tags: patch
Dear Maintainer,
The LDFLAGS hardening flags are missing because the build system
ignores them. For more hardening information please have a look
at [1], [2] and [3].
The attached patch is a revised version of
reopen 664086
thanks
Dear Maintainer,
Sorry to bother you again but the LDFLAGS hardening flags are
still missing because there is a typo in debian/rules.
The following patch fixes the issue.
diff -Nru asterisk-1.8.11.1~dfsg/debian/rules
asterisk-1.8.11.1~dfsg/debian/rules
---
reopen 667939
thanks
Hello Charles,
The hardening flags are not working because the build system
ignores them - which is why I opened this bug report for 198-1.
Please apply the patch - and if possible sent it to upstream to
fix their build system.
Regards,
Simon
--
+ privacy is necessary
+
Hello,
Just wanted to let you know that debhelper's cmake build system
now respects CPPFLAGS (#668813 is fixed). Thus this bug can be
closed in the next upload of korundum.
Regards,
Simon
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
Description: Use build flags from environment (dpkg-buildflags).
Necessary for hardening flags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-04-29
Index: xloadimage-4.1/Makefile.in
===
--- xloadimage-4.1.orig/Makefile.in
reopen 656128
thanks
Dear Maintainer,
Sorry to bother you again, but the update to compat=9 disabled
the custom CFLAGS, including CPPFLAGS. And `...` in CFLAGS breaks
the build.
The following patch fixes the issue:
diff -Nru slang2-2.2.4/debian/rules slang2-2.2.4/debian/rules
---
overwrite CPPFLAGS in ./configure.
Necessary for (hardening) flags from dpkg-buildflags.
.
$WX_CXXFLAGS contains CPPFLAGS and LDFLAGS. As it's called CXXFLAGS append it
to CXXFLAGS.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-05-02
Index: wxmaxima-12.04.0/configure
://wiki.debian.org/Hardening
[4]: http://ruderich.org/simon/blhc/
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
Description: Use CFLAGS from environment (dpkg-buildflags).
Necessary for hardening flags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
Description: Use build flags from environment (dpkg-buildflags).
Necessary for hardening flags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-05-04
Index: sniffit-0.3.7.beta/Makefile.in
Package: elinks
Version: 0.12~pre5-7
Followup-For: Bug #652449
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Moritz,
Please reconsider enabling pie and bindow. As a browser elinks
reads untrusted data and thus is more vulnerable to attacks.
Especially PIE makes most attacks much more
Package: mdadm
Version: 3.2.5-3
Severity: normal
Tags: patch
Hello,
It looks like there's typo in the status command of mdadm-raid:
status)
if [ -f /proc/mdstat ]; then
log_problem no MD subsystem loaded
exit 1
else
cat /proc/mdstat
fi
/debian/patches/fix-format-security.patch 2012-08-29 16:02:53.0 +0200
@@ -0,0 +1,17 @@
+Description: Fix compiling with -Wformat=security.
+Author: Simon Ruderich si...@ruderich.org
+Last-Update: 2012-08-29
+
+Index: iputils-20101006/rdisc.c
reopen 685670
thanks
Hello,
The attached patch adds the missing CPPFLAGS/LDFLAGS. Not sure if
that's possible for Wheezy, if not it should be fixed in sid.
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log with
Package: libauthen-tacacsplus-perl
Version: 0.23-1
Severity: normal
Dear Maintainer,
Some hardening flags are missing because they are not passed
correctly to the Makefile in tacpluslib/:
$ blhc libauthen-tacacsplus-perl-build-log
CFLAGS missing (--param=ssp-buffer-size=4 -Wformat
Package: unar
Version: 1.2-1
Severity: normal
Tags: patch
Dear Maintainer,
The CPPFLAGS hardening flags are missing for .m and .cpp files
because they are not enabled for all *FLAGS in the Makefile. For
more hardening information please have a look at [1], [2] and
[3].
The attached patch is an
://wiki.debian.org/Hardening
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
Description: Fix compiling with -Werror=format-security.
Prevents format string attacks.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-09-13
Index: chktex-1.6.6/ChkTeX.c
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
Description: Use build flags from environment (dpkg-buildflags).
Necessary for hardening flags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-09-13
Index: attr-2.4.46/libmisc/Makefile
for hardening flags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-09-13
--- acl-2.2.51.orig/libmisc/Makefile
+++ acl-2.2.51/libmisc/Makefile
@@ -20,7 +20,7 @@ TOPDIR = ..
include $(TOPDIR)/include/builddefs
LTLIBRARY = libmisc.la
-LTLDFLAGS =
+LTLDFLAGS = $(LDFLAGS)
CFILES = quote.c
=C
Description: Use LDFLAGS from environment (dpkg-buildflags).
Necessary for hardening flags.
.
The buildsystem uses LFLAGS and LDFLAGS, but doesn't pass LDFLAGS when
linking some binaries, fix that.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-09-14
Index: exim4-4.80/OS/Makefile
Package: speex
Version: 1.2~rc1-6
Severity: normal
Tags: patch
Dear Maintainer,
Some hardening flags (format flags and relro on some archs) are
still missing because they are not set in debian/rules. For more
hardening information please have a look at [1], [2] and [3].
The attached patch fixes
Package: sendmail
Version: 8.14.4-2.1
Severity: normal
Tags: patch
Dear Maintainer,
The CPPFLAGS hardening flags are missing on all architectures
because they are not set in debian/rules, some other hardening
flags (e.g. relro) are missing on some architectures. For more
hardening information
compiling with -Werror=format-security.
Prevents format string attacks.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-09-15
--- readline6-6.2.orig/examples/rlfe/rlfe.c
+++ readline6-6.2/examples/rlfe/rlfe.c
@@ -273,7 +273,7 @@ static void maybe_emphasize_input (int o
On Fri, Sep 14, 2012 at 07:26:46PM +0200, Thorsten Alteholz wrote:
Great, thanks alot for the patch.
This allowed it to compile with CXXFLAGS (otherwise lintian would still
complain about some hardening stuff).
Hello Thorsten,
I just checked it again and it works fine without CXXFLAGS.
CFLAGS
On Sun, Sep 16, 2012 at 08:10:12PM +0930, Ron wrote:
On Sat, Sep 15, 2012 at 12:53:53PM +0200, Simon Ruderich wrote:
Some hardening flags (format flags and relro on some archs) are
still missing because they are not set in debian/rules.
Do you have some actual evidence of that?
Hello Ron
On Sat, Sep 15, 2012 at 04:32:35PM +0200, Andreas Metzler wrote:
Hello,
Hello Andreas,
I have just taken a look at the patches:
* exim_debian_rules.patch looks fine.
* fix-missing-ldflags.patch does not really fit. Exim uses LFLAGS
where GNU buildsystem uses LDFLAGS. However src/EDITME
On Mon, Sep 17, 2012 at 11:26:44PM +0930, Ron wrote:
The following flag is missing:
-Werror=format-security
Uh. That's not a hardening option.
That's road spikes for people who blindly applied dpkg-buildflags
and didn't actually bother to look at their build logs ...
It's not really
for csrc/* (dpkg-buildflags).
Necessary for hardening flags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-09-24
--- seaview-4.4.0.orig/Makefile
+++ seaview-4.4.0/Makefile
@@ -49,7 +49,7 @@ seaview : $(OBJECTS) $(COBJECTS)
-lX11 -lm -lz -lpthread
$(COBJECTS) : $(CSRC
On Mon, Sep 24, 2012 at 11:05:16AM +0200, Mathieu Malaterre wrote:
It looks like blhc is reporting false positive for OpenSlide compilation. EG:
https://buildd.debian.org/~brlink/packages/o/openslide.html
W compiler-flags-hidden 5 (of 45) hidden (armel, armhf, hurd-i386, i386,
ia64,
On Mon, Sep 24, 2012 at 12:47:17PM +0200, Simon Ruderich wrote:
Hello Mathieu,
This is not a false positive.
Forgot to mention the fix:
diff -Nru openslide-3.2.6/debian/rules openslide-3.2.6/debian/rules
--- openslide-3.2.6/debian/rules2012-01-16 11:12:17.0 +0100
+++ openslide
Package: lifeograph
Version: 0.9.0.dfsg-1
Severity: normal
Tags: patch
Dear Maintainer,
The following CXXFLAGS hardening flags are missing because they
are not set correctly in debian/rules and makefile.debian:
CXXFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat
Package: hotot
Version: 1:0.9.8.5+git20120630.884797d-1
Severity: normal
Tags: patch
Dear Maintainer,
The following CPPFLAGS hardening flags are missing because
CPPFLAGS are not respected by the build system:
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): cd
Package: texmaker
Version: 3.4-1
Severity: normal
Tags: patch
Dear Maintainer,
The following CPPFLAGS hardening flags are missing because they
are not correctly set in debian/rules:
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): g++ -c -g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat
Package: less
Version: 444-3
Severity: normal
Tags: patch
Dear Maintainer,
The CFLAGS hardening flags are missing because they are
overwritten in debian/rules. For more hardening information
please have a look at [1], [2] and [3].
The following patch fixes the issue.
diff -Nru
--- unoconv-0.4/debian/patches/fix-deprecated-options.patch 1970-01-01 01:00:00.0 +0100
+++ unoconv-0.4/debian/patches/fix-deprecated-options.patch 2012-01-10 16:00:47.0 +0100
@@ -0,0 +1,34 @@
+Description: Fix deprecated LibreOffice options.
+Author: Simon Ruderich si...@ruderich.org
Package: fpm2
Version: 0.79-2
Severity: important
Tags: patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Maintainer,
The LDFLAGS hardening flags are missing because they are
overwritten in debian/rules, by the time dh $@ is executed
LDFLAGS doesn't contain the hardening flags yet.
build flags from the environment (dpkg-buildflags).
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-03-10
--- audacity-2.0.0~rc8.orig/lib-src/portmixer/Makefile.in
+++ audacity-2.0.0~rc8/lib-src/portmixer/Makefile.in
@@ -9,9 +9,12 @@ AR = @AR@
RANLIB = @RANLIB@
DEFS+= @DEFS
Package: fltk1.3
Version: 1.3.0-6
Severity: important
Tags: patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Maintainer,
The LDFLAGS hardening flags are missing because the build system
partially ignores them. For more hardening information please
have a look at [1], [2] and [3].
The
Package: fltk1.1
Version: 1.1.10-12
Severity: important
Tags: patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Maintainer,
The LDFLAGS hardening flags are missing because the build system
partially ignores them. For more hardening information please
have a look at [1], [2] and [3].
/04/ACPtHPAIw9yZQz/uq43vF0a2VF14bq+KhWkcXU
QadvlQsQqDN1JouGwYVD
=Xe0P
-END PGP SIGNATURE-
Description: Always use $CFLAGS and $LDFLAGS.
Necessary for hardening flags and noopt support.
Author: Simon Ruderich si...@ruderich.org.
Last-Update: 2012-03-06
Index: picolisp-3.0.9.4/src64/Makefile
/ATVvMZzF1fanoGKztVsYe8tuMCeMTcK2WCGXRrbTYE6r866aWyeVAJ
zZ5MY9b4X/CdZYMc/iUy
=Dls9
-END PGP SIGNATURE-
Description: Use build flags from environment for plugins/drac (dpkg-buildflags).
Necessary for hardening flags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-03-10
--- dovecot-2.0.18.orig/src/plugins/drac
Package: slang2
Version: 2.2.4-7
Followup-For: Bug #656128
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Maintainer,
The hardening flags were not enabled due to a typo in
debian/rules.
The following patch fixes that:
diff -Nru slang2-2.2.4/debian/rules slang2-2.2.4/debian/rules
Package: libktorrent
Version: 1.2.0-1
Severity: important
Tags: patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Maintainer,
The CPPFLAGS hardening flags are missing because CMake ignores
them by default.
The following patch fixes the issue by adding them to
CFLAGS/CXXFLAGS. For more
Package: ktorrent
Version: 4.2.0-1
Severity: important
Tags: patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Maintainer,
The CPPFLAGS hardening flags are missing because CMake ignores
them by default.
The following patch fixes the issue by adding them to
CFLAGS/CXXFLAGS. For more
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Mar 12, 2012 at 01:11:35PM +0530, Ritesh Raj Sarraf wrote:
hello Simon,
That patch didn't apply clean. I have redone it and here's the patch and
the result.
Hello Ritesh,
My patch is an updated version of
Package: ncompress
Version: 4.2.4.4
Severity: important
Tags: patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Maintainer,
The CPPFLAGS and LDFLAGS hardening flags are missing because
debian/rules doesn't set them.
The following patch fixes the issue.
diff -Nru
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
This bug was caused by a CDBS bug (#651964) which was fixed. I
checked the result, LDFLAGS is applied correctly now. This bug
can be closed - after a package rebuild.
Regards,
Simon
- --
+ privacy is necessary
+ using gnupg
CPPFLAGS/LDFLAGS from environment (dpkg-buildflags).
Necessary for hardening flags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-03-12
--- mailman-2.1.14.orig/src/Makefile.in
+++ mailman-2.1.14/src/Makefile.in
@@ -43,6 +43,8 @@ MAILMAN_USER= @MAILMAN_USER@
# Customizable
Package: icu
Version: 4.8.1.1-4
Severity: important
Tags: patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Maintainer,
Please consider enabling hardening flags which are a release goal
for wheezy. For more information please have a look at [1], [2]
and [3].
The attached patch enables
qR0ApMFLnO1TVa19f0FiT0ZmI8M+dt7c7LX8xquL/SObKU/NO01tplkU9Ml0pNsg
nY1ImMZ3HGxtmaCUNYy70t/h9T4eDLYOazCx2esmCiWwMkXX8p/JtBCe127W52Oa
THues9M/EoHSP8722Yak
=ijFp
-END PGP SIGNATURE-
Description: Use LDFLAGS when building xxd.
Necessary to pass all hardening flags when building xxd.
Author: Simon Ruderich si
1 - 100 of 487 matches
Mail list logo
