Package: seaview Version: 1:4.4.0-1 Severity: normal Tags: patch Dear Maintainer,
The following CFLAGS hardening flags are missing because they are
ignored in Makefile:
CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc
csrc/raa_acnuc.c
CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/parser.c
CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/md5.c
CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/zsockr.c
CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc
csrc/misc_acnuc.c
CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/dnapars.c
CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/protpars.c
CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/lwl.c
CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/bionj.c
CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc
csrc/phyml_util.c
For more hardening information please have a look at [1], [2] and
[3].
The attached patch fixes the issue, if possible it should be sent
to upstream.
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log with `blhc` (hardening-check doesn't catch
everything).
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
Description: Use CFLAGS from environment for csrc/* (dpkg-buildflags). Necessary for hardening flags. Author: Simon Ruderich <[email protected]> Last-Update: 2012-09-24 --- seaview-4.4.0.orig/Makefile +++ seaview-4.4.0/Makefile @@ -49,7 +49,7 @@ seaview : $(OBJECTS) $(COBJECTS) -lX11 -lm -lz -lpthread $(COBJECTS) : $(CSRC)/$* - $(CC) -c $(DEBUG) $(OPT) $(CPPFLAGS) -I$(CSRC) $(CSRC)/$*.c + $(CC) -c $(DEBUG) $(OPT) $(CFLAGS) $(CPPFLAGS) -I$(CSRC) $(CSRC)/$*.c .SUFFIXES: .c .cxx .h .o
signature.asc
Description: Digital signature

