Re: Passing LDFLAGS to Apache modules for hardened build flags

[Moritz Mühlenhoff <jmm@inutil.org>]

On Mon, Apr 16, 2012 at 05:37:24PM +0200, Moritz Mühlenhoff wrote:
> On Sat, Apr 14, 2012 at 04:50:44PM +0200, Arno Töll wrote:
> > On 14.04.2012 16:42, Moritz Mühlenhoff wrote:
> > > I can rebuild the Apache modules in the archive with test builds if that
> > > helps.
> > 
> > I committed a fix to apxs in our VCS yesterday [1]. This will allow you
> > to override LDFLAGS just like it is possible for CFLAGS. Moreover, this
> > change automatically injects hardening flags through apxs if the Apache2
> > server was built itself with it.
> > 
> > Consider this behavior highly experimental and not widely tested. It is
> > probably included in our next upload to experimental and/or unstable
> > unless I find problems with it.
> > 
> > This only affects modules built against Apache 2.4 in experimental which
> > we plan to release with Wheezy. This means there aren't too many where
> > you could see this behavior already [2].
> > 
> > Let me know if that helps you, as that will mean all Apache modules in
> > Wheezy (i.e. _after_ the transition) will be built by default with
> > hardening flags unless the maintainer opted out by overriding
> > CFLAGS/CPPFLAGS/LDFLAGS through apxs explicitly.
> 
> Thank your for the nice and fast turnaround in addressing this,
> much appreciated!
> 
> I'll run test builds of the Apache modules in the archive with
> 2.4.2-1 and followup on the individual bug reports.

I was about to run test builds now.
Since the plan is to no longer go with 2.4 for Wheezy, will you backport
the changes to 2.2 or is this for post-Wheezy?
 
Cheers,
        Moritz