Bug#664086: asterisk: Hardening flags missing for menuselect
Simon Ruderich
simon at ruderich.org
Thu Mar 15 16:38:58 UTC 2012
Package: asterisk
Version: 1:1.8.8.2~dfsg-1
Severity: important
Tags: patch
Dear Maintainer,
The hardening flags are missing for menuselect because the build
system ignores them.
The following and the attached patch fixes the issue. If possible
it should be sent to upstream. I don't know if menuselect is
important or not, but enabling the flags for the whole package
prevents problems in the future and makes automatic checks
easier.
diff -Nru asterisk-1.8.8.2~dfsg/debian/rules asterisk-1.8.8.2~dfsg/debian/rules
--- asterisk-1.8.8.2~dfsg/debian/rules 2012-01-20 13:10:38.000000000 +0100
+++ asterisk-1.8.8.2~dfsg/debian/rules 2012-03-15 16:53:14.000000000 +0100
@@ -19,6 +19,8 @@
CFLAGS = `dpkg-buildflags --get CFLAGS`
LDFLAGS = `dpkg-buildflags --get LDFLAGS`
CFLAGS += `dpkg-buildflags --get CPPFLAGS`
+# Necessary to pass hardening flags to menuselect.
+export CFLAGS LDFLAGS
ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
Regards,
Simon
Btw. #542741 can be closed as fixed as the hardening flags are
now implemented.
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: use-dpkg-buildflags.patch
Type: text/x-diff
Size: 2600 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20120315/a532a8f2/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20120315/a532a8f2/attachment.pgp>
More information about the Pkg-voip-maintainers
mailing list