Bug#741439: mpv: Please enable all hardening options
Simon Ruderich
simon at ruderich.org
Wed Mar 12 13:38:47 UTC 2014
Package: mpv
Version: 0.3.6-1
Severity: normal
Tags: patch
Hello,
As audio/movie player, mpv is vulnerable to exploits in the used
libraries, which are common. PIE and bindnow provide additional
hardening against those attacks. Please enable them by default.
The following patch enables all additional flags (PIE and
bindnow) and enables a verbose build to detect missing flags:
diff -Nru mpv-0.3.6/debian/rules mpv-0.3.6/debian/rules
--- mpv-0.3.6/debian/rules 2014-03-11 16:00:33.000000000 +0100
+++ mpv-0.3.6/debian/rules 2014-03-12 14:32:39.000000000 +0100
@@ -4,6 +4,9 @@
export CC=gcc-4.8 # fixes #73363
endif
+export V := 1
+export DEB_BUILD_MAINT_OPTIONS := hardening=+all
+
%:
dh $@
I've been using mpv with this patch for some time and haven't
noticed any issues.
Regards
Simon
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20140312/51c8af0d/attachment.sig>
More information about the pkg-multimedia-maintainers
mailing list