[Pkg-zsh-devel] Bug#644400: zsh: please enable hardening options

Simon Ruderich simon at ruderich.org
Thu Feb 23 14:43:22 UTC 2012 

Package: zsh
Version: 4.3.16-1
Followup-For: Bug #644400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear Maintainer,

The patch doesn't enable all default hardening flags. CPPFLAGS
must be exported as well to allow source fortification [1]. The
following patch fixes that:

    diff -Nru zsh-4.3.16/debian/rules zsh-4.3.16/debian/rules
    --- zsh-4.3.16/debian/rules	2012-02-21 21:51:32.000000000 +0100
    +++ zsh-4.3.16/debian/rules	2012-02-23 15:27:39.000000000 +0100
    @@ -11,7 +11,7 @@
     endif

     -include /usr/share/dpkg/buildflags.mk
    -export CFLAGS LDFLAGS
    +export CFLAGS LDFLAGS CPPFLAGS
     H_LDFLAGS = $(LDFLAGS)

     CFLAGS += -Wall -g

Regards,
Simon

[1]: https://wiki.debian.org/Hardening

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages zsh depends on:
ii  libc6      2.13-26
ii  libcap2    1:2.22-1
ii  libtinfo5  5.9-4

Versions of packages zsh recommends:
ii  libc6         2.13-26
ii  libncursesw5  5.9-4
ii  libpcre3      8.12-4

Versions of packages zsh suggests:
pn  zsh-doc  <none>

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJPRlCEAAoJEJL+/bfkTDL5s+gP/0fj854ynJrEFIPJA2xm+XWh
YqlYDoQU/5BcQUs6OuUu+hs20l9oe4iapKLRAo7OeCbY3RsrN2/AL5sV2o/+uCfY
80x+NCOQSnsPKozPrKjDPwjK6NFbMilYajFvWfQDhoWLL1lzi2bW8qYIlOKF709d
aOVfkfMwJ7XGv1l65NN+OB7MbhFeOOh1qsb7l1sRaHZqrWWLIpKgHvSEcH0tS3mO
XP/0JuZ32hk1Nj/NEFN1GNuXgikd5wKbq3rdk7Olls1nuFIstmJ0x15C8Uxd7Slj
FjZUJTBP7esPr2Cto3U6HpM6lvvC2bHSmkXQ5WROewXTb4OALPkib8bfpuMjGPE8
g2jNBn9l5cpivhG5gWjqFq2hq7mfrkL4Pb9HeXKOuU9YsVvLOEHOxcezm0IzZZE1
KWA3AnOci3CU8CdZQL6a+3lkGhPsckb2TsNmxEyw5kWBbHizpMr0ZeQMT94rwoAr
ZFOtmCdSicVJKwimc8rpYQD8z6mV+5I8afa8zArae1o+Hjk13mMiF79tZo+QR5qx
NKdVKGatIVj16AvfZB7Frwqb/8VwjjZZ8qfdwzyINQz4yuZlbT7KDJHx6KkSiXdG
brqtCXqYFesuB3Ydh5CX7Zx+OOH6ln5bpN71woxd1PCUSbxjpfwxB8fzggansvJR
CNqGvpC+pxU/OQsDZQP5
=l3PQ
-----END PGP SIGNATURE-----

More information about the Pkg-zsh-devel mailing list