Bug#823967: libapache2-mod-perl2: hardening-no-relro mod_perl.so

[Damyan Ivanov]

-=| Niko Tyni, 10.05.2016 22:44:07 +0300 |=-
> Package: libapache2-mod-perl2
> Version: 2.0.9-4
> 
> As noticed by lintian, mod_perl.so is not linked with
> -Wl,-z,relro.
> 
> W: libapache2-mod-perl2: hardening-no-relro usr/lib/apache2/modules/mod_perl.so
> 
> It looks like we're currently using the debhelper default behaviour where
> linker flags are passed to Makefile.PL in an LD=[...] argument. This
> normally works with ExtUtils::MakeMaker, but apparently not with the
> libapache2-mod-perl2 build system.
> 
> I see Apache2::Build::ldopts uses
> 
>     my $ld = $self->perl_config('ld');
> 
> so that part probably needs some work. Filing this to track
> the issue, but I'm not promising a patch any time soon...

The following patch seems to fix this. Is it too crude?

-----------------------------------------
--- a/lib/Apache2/Build.pm
+++ b/lib/Apache2/Build.pm
@@ -557,6 +557,8 @@ sub ldopts {
             or warn "Failed to fix Irix symbol exporting\n";
     }
 
+    $ldopts .= " $ENV{LDFLAGS}" if exists $ENV{LDFLAGS};
+
     $ldopts;
 }
 
-----------------------------------------

Cheers,
    dam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20160528/5fcb97c6/attachment-0001.sig>