Bug#653443: Hardening options incomplete
Moritz Muehlenhoff
jmm at debian.org
Wed Dec 28 11:31:26 UTC 2011
Package: gtetrinet
Version: 0.7.11-3
Severity: important
The 0.7.11-3 upload enabled most of the hardening options
through cdbs. One of the standard flags emitted by dpkg-buildflags
is missing: relro
dpkg-b jmm at pisco:~$ dpkg-buildflags
CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security
CPPFLAGS=-D_FORTIFY_SOURCE=2
CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security
FFLAGS=-g -O2
LDFLAGS=-Wl,-z,relro
root at pisco:~# hardening-check --lintian /usr/games/gtetrinet
(..)
no-relro:/usr/games/gtetrinet
The reason is apparently that LDFLAGS is reset in debian/rules.
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gtetrinet depends on:
ii gconf2 3.2.3-1
ii libc6 2.13-23
ii libgconf2-4 3.2.3-1
ii libgdk-pixbuf2.0-0 2.24.0-2
ii libglib2.0-0 2.30.2-4
ii libgnome2-0 2.32.1-2
ii libgnomeui-0 2.24.5-2
ii libgtk2.0-0 2.24.8-2
gtetrinet recommends no packages.
Versions of packages gtetrinet suggests:
pn tetrinetx <none>
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list