Bug#661009: sdlpango: LDFLAGS hardening flags overwritten

Simon Ruderich simon at ruderich.org
Thu Feb 23 15:19:07 UTC 2012 

Package: sdlpango
Severity: important
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear Maintainer,

    export DEB_LDFLAGS_MAINT_SET = -Wl,--as-needed

overwrites the LDFLAGS hardening flags set by dpkg-buildflags.
Please use _APPEND instead:

    export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed

You can check the result with the `hardening-check` script in the
hardening-includes package:

    $ hardening-check /usr/lib/x86_64-linux-gnu/libSDL_Pango.so.1.1.0
    /usr/lib/x86_64-linux-gnu/libSDL_Pango.so.1.1.0:
     Position Independent Executable: no, regular shared library (ignored)
     Stack protected: yes
     Fortify Source functions: no, only unprotected functions found!
     Read-only relocations: yes
     Immediate binding: no not found!

(The Fortify Source warning is fine in this case, the flags are
passed correctly.)

Regards,
Simon

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJPRljmAAoJEJL+/bfkTDL5iGwP/iaMMjun12FLDzmK7DX4vC6P
1MWOtL5xqwd0nyqmakjARipnznT/v6+F5ZQRKf3JvDLhy2KVTYUKrbDT1ej2C9Zb
K5x510PldEPrWsGdeV/pv7PqVeWM7wgujaMwtTXUL1+tEUhi5WPQQ38b3znyRQiO
RsyDYmtoThOcRKEimkA74yDG18zpgpIu6t5GqcEOzumez3S7mo9lvMwsSHs6oGSH
qm4GNtzw+R7vzfDqPkrn5hVsEFmJE9Iygo1v12BEB0N+acSJJwKLCD+ElY2vcNiT
B8N80CNQtJvsm61ugTRAGzuvwjlOsIBskHNapBZVv00cQ5TzDw6soOI8iieccN9X
Ukf++Br9YLnWcau8KIwiNxDKMSWyD8FcxvpP0RemCsGViIeaEzVojFD2zEU+fxQL
iwXA8x4rWUi8Twc2OTItWs09PMpCiycnirlslg0fzooQpBWolmaudEEtwP5jWwlT
NYqrEQya8uxZJGFHquryj7XS2wvB1YgC3m0NEiyixX/+/gXb13I+3eDo0gGsV2M0
Kh5eNfY4AOi50uP9SfwU0zj6kvQalUzgxe9lK+EOKC9sgrxf49bCod8W10rhEyag
p6hssLSfWxrdjiJI7VZa+4G5zXqnl5BfG92nO5yhIwjPKcD2Wpqs/Cydrx5CjnQj
PPPWH9/PXvpuM0yqnJ0R
=FGad
-----END PGP SIGNATURE-----

More information about the Pkg-sdl-maintainers mailing list