Re: Passing LDFLAGS to Apache modules for hardened build flags
On Sat, Apr 14, 2012 at 04:50:44PM +0200, Arno Töll wrote:
> On 14.04.2012 16:42, Moritz Mühlenhoff wrote:
> > I can rebuild the Apache modules in the archive with test builds if that
> > helps.
>
> I committed a fix to apxs in our VCS yesterday [1]. This will allow you
> to override LDFLAGS just like it is possible for CFLAGS. Moreover, this
> change automatically injects hardening flags through apxs if the Apache2
> server was built itself with it.
>
> Consider this behavior highly experimental and not widely tested. It is
> probably included in our next upload to experimental and/or unstable
> unless I find problems with it.
>
> This only affects modules built against Apache 2.4 in experimental which
> we plan to release with Wheezy. This means there aren't too many where
> you could see this behavior already [2].
>
> Let me know if that helps you, as that will mean all Apache modules in
> Wheezy (i.e. _after_ the transition) will be built by default with
> hardening flags unless the maintainer opted out by overriding
> CFLAGS/CPPFLAGS/LDFLAGS through apxs explicitly.
Thank your for the nice and fast turnaround in addressing this,
much appreciated!
I'll run test builds of the Apache modules in the archive with
2.4.2-1 and followup on the individual bug reports.
Cheers,
Moritz
Reply to: