Bug#687645: exim4: Hardening flags missing
Andreas Metzler
ametzler at downhill.at.eu.org
Sat Sep 15 14:32:35 UTC 2012
On 2012-09-14 Simon Ruderich <simon at ruderich.org> wrote:
> Package: exim4
> Version: 4.80-4
> Severity: important
> Tags: patch
> Dear Maintainer,
> The CPPFLAGS and LDFLAGS hardening flags are missing because they
> are ignored by the build system. For more hardening information
> please have a look at [1], [2] and [3].
> The attached patches (exim_debian_rules.patch and
> fix-missing-ldflags.patch) fix the issue but I'm not sure if
> forcing LFLAGS to LDFLAGS is the best way to handle the LDFLAGS
> problem.
[...]
Hello,
I have just taken a look at the patches:
* exim_debian_rules.patch looks fine.
* fix-missing-ldflags.patch does not really fit. Exim uses LFLAGS
where GNU buildsystem uses LDFLAGS. However src/EDITME (mis)uses
LDFLAGS to pass on special libraries (SRS, SPF) when linking the
main daemon binary. Therefore I think
export LFLAGS += $(LDFLAGS)
in debian/rules is the better fix.
The change to OS/Makefile-Base (adding LFLAGS when linking a helper
binary, only used when preparing the build infrastructure) looks
fine. I will forward it.
* fix-too-verbose.patch: Does not work for upstream as building
without FULLECHO='' would echo nothing at all.
* makefile-missing-fullecho.patch Nice catch, will forward upstream.
thanks, cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-exim4-maintainers
mailing list