[Debian-med-packaging] Bug#688632: seaview: CFLAGS hardening flags missing for csrc/*

Simon Ruderich simon at ruderich.org
Mon Sep 24 10:13:16 UTC 2012 

Package: seaview
Version: 1:4.4.0-1
Severity: normal
Tags: patch

Dear Maintainer,

The following CFLAGS hardening flags are missing because they are
ignored in Makefile:

    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/raa_acnuc.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/parser.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/md5.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/zsockr.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/misc_acnuc.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/dnapars.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/protpars.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/lwl.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/bionj.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/phyml_util.c

For more hardening information please have a look at [1], [2] and
[3].

The attached patch fixes the issue, if possible it should be sent
to upstream.

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log with `blhc` (hardening-check doesn't catch
everything).

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: use-cflags-for-csrc.patch
Type: text/x-diff
Size: 508 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-med-packaging/attachments/20120924/c1e26801/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/debian-med-packaging/attachments/20120924/c1e26801/attachment.pgp>

More information about the Debian-med-packaging mailing list