[Pkg-zsh-devel] Bug#644400: zsh: please enable hardening options
Simon Ruderich
simon at ruderich.org
Thu Feb 23 14:43:22 UTC 2012
Package: zsh
Version: 4.3.16-1
Followup-For: Bug #644400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
The patch doesn't enable all default hardening flags. CPPFLAGS
must be exported as well to allow source fortification [1]. The
following patch fixes that:
diff -Nru zsh-4.3.16/debian/rules zsh-4.3.16/debian/rules
--- zsh-4.3.16/debian/rules 2012-02-21 21:51:32.000000000 +0100
+++ zsh-4.3.16/debian/rules 2012-02-23 15:27:39.000000000 +0100
@@ -11,7 +11,7 @@
endif
-include /usr/share/dpkg/buildflags.mk
-export CFLAGS LDFLAGS
+export CFLAGS LDFLAGS CPPFLAGS
H_LDFLAGS = $(LDFLAGS)
CFLAGS += -Wall -g
Regards,
Simon
[1]: https://wiki.debian.org/Hardening
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages zsh depends on:
ii libc6 2.13-26
ii libcap2 1:2.22-1
ii libtinfo5 5.9-4
Versions of packages zsh recommends:
ii libc6 2.13-26
ii libncursesw5 5.9-4
ii libpcre3 8.12-4
Versions of packages zsh suggests:
pn zsh-doc <none>
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJPRlCEAAoJEJL+/bfkTDL5s+gP/0fj854ynJrEFIPJA2xm+XWh
YqlYDoQU/5BcQUs6OuUu+hs20l9oe4iapKLRAo7OeCbY3RsrN2/AL5sV2o/+uCfY
80x+NCOQSnsPKozPrKjDPwjK6NFbMilYajFvWfQDhoWLL1lzi2bW8qYIlOKF709d
aOVfkfMwJ7XGv1l65NN+OB7MbhFeOOh1qsb7l1sRaHZqrWWLIpKgHvSEcH0tS3mO
XP/0JuZ32hk1Nj/NEFN1GNuXgikd5wKbq3rdk7Olls1nuFIstmJ0x15C8Uxd7Slj
FjZUJTBP7esPr2Cto3U6HpM6lvvC2bHSmkXQ5WROewXTb4OALPkib8bfpuMjGPE8
g2jNBn9l5cpivhG5gWjqFq2hq7mfrkL4Pb9HeXKOuU9YsVvLOEHOxcezm0IzZZE1
KWA3AnOci3CU8CdZQL6a+3lkGhPsckb2TsNmxEyw5kWBbHizpMr0ZeQMT94rwoAr
ZFOtmCdSicVJKwimc8rpYQD8z6mV+5I8afa8zArae1o+Hjk13mMiF79tZo+QR5qx
NKdVKGatIVj16AvfZB7Frwqb/8VwjjZZ8qfdwzyINQz4yuZlbT7KDJHx6KkSiXdG
brqtCXqYFesuB3Ydh5CX7Zx+OOH6ln5bpN71woxd1PCUSbxjpfwxB8fzggansvJR
CNqGvpC+pxU/OQsDZQP5
=l3PQ
-----END PGP SIGNATURE-----
More information about the Pkg-zsh-devel
mailing list