reopen 653852 thanks Dear Maintainer,
The hardening flags are still missing for
src/libs/gnulib/lib/localcharset.c because they are not passed to
the configure in debian/rules.
The following patch fixes the issue.
diff -Nru groff-1.21/debian/rules groff-1.21/debian/rules
--- groff-1.21/debian/rules 2012-06-22 12:48:35.000000000 +0200
+++ groff-1.21/debian/rules 2012-06-24 21:31:53.000000000 +0200
@@ -47,6 +47,8 @@
--with-appresdir=/etc/X11/app-defaults
mkdir -p debian/build/src/libs/gnulib
cd debian/build/src/libs/gnulib && \
+ CPPFLAGS="$(CPPFLAGS)" CFLAGS="$(CFLAGS)"
CXXFLAGS="$(CXXFLAGS)" \
+ LDFLAGS="$(LDFLAGS)" \
$(CURDIR)/src/libs/gnulib/configure $(confflags_gnulib)
ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
CFLAGS="$(CFLAGS)" CXXFLAGS="$(CFLAGS)" \
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log with `blhc` (hardening-check doesn't catch
everything).
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
