Bug#653504: Please enable hardened build flags

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#653504: Please enable hardened build flags
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 29 Dec 2011 00:38:29 +0100
Message-id: <[🔎] 20111228233829.30851.50939.reportbug@pisco.westfalen.local>
Reply-to: Moritz Muehlenhoff <jmm@debian.org>, 653504@bugs.debian.org

Package: apt
Version: 0.8.15.9
Severity: important
Tags: patch

apt already parses the default CXXFLAGS from dpkg-buildflags, which
results in a protected stack.

However, also CPPFLAGS and LDFLAGS needs to be queried and passed to
configure, so that the fortified source and relro are activated.

Patch attached.

Cheers,
        Moritz

diff -aur apt-0.8.15.9.orig/debian/rules apt-0.8.15.9/debian/rules
--- apt-0.8.15.9.orig/debian/rules	2011-08-17 18:01:43.000000000 +0200
+++ apt-0.8.15.9/debian/rules	2011-12-29 00:18:51.000000000 +0100
@@ -18,6 +18,8 @@
 
 ifneq (,$(shell which dpkg-buildflags))
   export CXXFLAGS = $(shell dpkg-buildflags --get CXXFLAGS)
+  export LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS)
+  export CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS)
 else
   ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
     export CXXFLAGS = -O0 -g -Wall
@@ -91,7 +93,7 @@
 	dh_testdir
 	-mkdir build
 	cp COPYING debian/copyright
-	cd build && CXXFLAGS="$(CXXFLAGS)" ../configure $(confflags)
+	cd build && CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" CPPFLAGS="$(CPPFLAGS)" ../configure $(confflags)
 	touch $@
 
 build/build-stamp: build/configure-stamp
Nur in apt-0.8.15.9/debian: rules~.

Reply to:

Prev by Date: Processed: your mail
Next by Date: Processed: tagging and retitling
Previous by thread: Processed: your mail
Next by thread: Processed: tagging and retitling
Index(es):
- Date
- Thread