Moritz Muehlenhoff <[email protected]> writes:

> Hi Russ,
> writing my previous mail wrt pkg-perl reminded me of one of my review
> TODO items of hardening changes spotted on debian-devel-changes :-)

> libpam-krb5 (4.5-1) contains the following entry:
>     * Enable compiler hardening flags.

> Out of the three hardening features from the Wheezy default set
> (protected stack, fortified source and relro) only the protected
> stack is enabled:

[...]

> The reason is that you're overwriting CPPFLAGS (which would otherwise
> be "-D_FORTIFY_SOURCE=2", resulting in fortified functions) and LDFLAGS
> (which would be "-Wl,-z,relro", resulting in read-only relocs):

Oh, whoops, thanks.  I was going to check that too.  Just uploaded a fix.

-- 
Russ Allbery ([email protected])               <http://www.eyrie.org/~eagle/>



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to