Moritz Muehlenhoff <[email protected]> writes: > Hi Russ, > writing my previous mail wrt pkg-perl reminded me of one of my review > TODO items of hardening changes spotted on debian-devel-changes :-)
> libpam-krb5 (4.5-1) contains the following entry: > * Enable compiler hardening flags. > Out of the three hardening features from the Wheezy default set > (protected stack, fortified source and relro) only the protected > stack is enabled: [...] > The reason is that you're overwriting CPPFLAGS (which would otherwise > be "-D_FORTIFY_SOURCE=2", resulting in fortified functions) and LDFLAGS > (which would be "-Wl,-z,relro", resulting in read-only relocs): Oh, whoops, thanks. I was going to check that too. Just uploaded a fix. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

