Package: vsftpd
Version: 2.3.5-1
Severity: important
Tags: patch
2.3.5-1 didn't properly enable the default hardened build flags for Wheezy:
dh automatically injects a hardened CPPFLAGS to enable fortified source
functions, but since the vsftpd build system isn't based on the autotools
it doesn't pick up CPPFLAGS.
The attached patch fixes this by passing it through CFLAGS. I've used
hardening-check in a local build to verify that it is properly enabled.
Cheers,
Moritz
--- vsftpd-2.3.5.orig/debian/rules 2012-01-08 10:54:02.000000000 +0100
+++ vsftpd-2.3.5/debian/rules 2012-01-08 16:54:09.000000000 +0100
@@ -13,7 +13,7 @@
dh ${@}
override_dh_auto_build:
- $(MAKE) CFLAGS="$(CFLAGS) -W -Wshadow" LIBS="$(LIBS)" LINK=""
+ $(MAKE) CFLAGS="$(CFLAGS) -W -Wshadow $(shell dpkg-buildflags --get CPPFLAGS)" LIBS="$(LIBS)" LINK=""
override_dh_auto_install:
# disabled
