Bug#653504: Please enable hardened build flags
Package: apt
Version: 0.8.15.9
Severity: important
Tags: patch
apt already parses the default CXXFLAGS from dpkg-buildflags, which
results in a protected stack.
However, also CPPFLAGS and LDFLAGS needs to be queried and passed to
configure, so that the fortified source and relro are activated.
Patch attached.
Cheers,
Moritz
diff -aur apt-0.8.15.9.orig/debian/rules apt-0.8.15.9/debian/rules
--- apt-0.8.15.9.orig/debian/rules 2011-08-17 18:01:43.000000000 +0200
+++ apt-0.8.15.9/debian/rules 2011-12-29 00:18:51.000000000 +0100
@@ -18,6 +18,8 @@
ifneq (,$(shell which dpkg-buildflags))
export CXXFLAGS = $(shell dpkg-buildflags --get CXXFLAGS)
+ export LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS)
+ export CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS)
else
ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
export CXXFLAGS = -O0 -g -Wall
@@ -91,7 +93,7 @@
dh_testdir
-mkdir build
cp COPYING debian/copyright
- cd build && CXXFLAGS="$(CXXFLAGS)" ../configure $(confflags)
+ cd build && CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" CPPFLAGS="$(CPPFLAGS)" ../configure $(confflags)
touch $@
build/build-stamp: build/configure-stamp
Nur in apt-0.8.15.9/debian: rules~.
Reply to: