Package: rekonq Version: 0.9.9-1-1 Severity: important Tags: patch Dear Maintainer,
The CPPFLAGS hardening flags are missing because CMake ignores them by default. The following patch fixes the issue by adding them to CFLAGS/CXXFLAGS. For more hardening information please have a look at [1], [2] and [3]. diff -Nru rekonq-0.9.0-1/debian/rules rekonq-0.9.0-1/debian/rules --- rekonq-0.9.0-1/debian/rules 2012-03-20 19:26:04.000000000 +0100 +++ rekonq-0.9.0-1/debian/rules 2012-03-24 16:27:09.000000000 +0100 @@ -1,6 +1,12 @@ #!/usr/bin/make -f export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow +# CMake doesn't use CPPFLAGS, pass them to CFLAGS/CXXFLAGS to enable the +# missing (hardening) flags. dpkg_buildflags is necessary because $(shell ..) +# doesn't use local environment variables. +dpkg_buildflags = DEB_BUILD_MAINT_OPTIONS=$(DEB_BUILD_MAINT_OPTIONS) dpkg-buildflags +export DEB_CFLAGS_MAINT_APPEND = $(shell $(dpkg_buildflags) --get CPPFLAGS) +export DEB_CXXFLAGS_MAINT_APPEND = $(shell $(dpkg_buildflags) --get CPPFLAGS) export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed %: Regards, Simon [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags [2]: https://wiki.debian.org/HardeningWalkthrough [3]: https://wiki.debian.org/Hardening -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
