Package: mpv Version: 0.3.6-1 Severity: normal Tags: patch Hello,
As audio/movie player, mpv is vulnerable to exploits in the used
libraries, which are common. PIE and bindnow provide additional
hardening against those attacks. Please enable them by default.
The following patch enables all additional flags (PIE and
bindnow) and enables a verbose build to detect missing flags:
diff -Nru mpv-0.3.6/debian/rules mpv-0.3.6/debian/rules
--- mpv-0.3.6/debian/rules 2014-03-11 16:00:33.000000000 +0100
+++ mpv-0.3.6/debian/rules 2014-03-12 14:32:39.000000000 +0100
@@ -4,6 +4,9 @@
export CC=gcc-4.8 # fixes #73363
endif
+export V := 1
+export DEB_BUILD_MAINT_OPTIONS := hardening=+all
+
%:
dh $@
I've been using mpv with this patch for some time and haven't
noticed any issues.
Regards
Simon
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
