Package: dovecot
Version: 1:2.0.18-1
Followup-For: Bug #653530
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
The hardening flags were not enabled for the DRAC plugin.
The following patch and attached patch fix it. The attached patch
should be sent to upstream if possible.
diff -Nru dovecot-2.0.18/debian/rules dovecot-2.0.18/debian/rules
--- dovecot-2.0.18/debian/rules 2012-03-09 07:01:30.000000000 +0100
+++ dovecot-2.0.18/debian/rules 2012-03-10 21:13:34.000000000 +0100
@@ -65,7 +65,7 @@
# Pigeonhole
$(MAKE) -C $(PIGEONHOLE_DIR)
# DRAC
- $(MAKE) -C src/plugins/drac
+ $(MAKE) -C src/plugins/drac $(shell dpkg-buildflags
--export=configure)
touch build-stamp
clean:
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything).
(Position Independent Executable and Immediate binding is not
enabled by default.)
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPW8c5AAoJEJL+/bfkTDL5IdgP/1w14AuDueVh1oUj3y4/hxr0
/wDu3t0v5kSOPefE0PkhBQfozvp5gYFMAK2ZPsRSTsSb2RrgVw0FIGUh2Wk5fpI6
F48EzAfIqpr5EIQQVDglQj9iwGDxf2ubkqcTVKoexN581Uku2ws3UQoGA5FzX8hq
uLD33qxOuLpYntmsdLbavbcp1sAWSrat4fOBavpRuWBKALODoZsVOW3ak9Dsxuuf
DBh0jykW4DevcJqss89wLJfAYIMjPZHI8glgHVLX3tw29VhEG3/v01avppiT3UQQ
fKt67qo75jrM23YppYXPc4zsFBceWNx1ci320cv0YjQawgK+Dcw6DG1ghy2c79P9
1+hXjvuQsIb0xWZAV0ByF7HSt2IaMIHz34/ifeGW5ASOcH2O9euRnzkm5SAFN7qe
eTSSu8FxZWW10pYRN9xF+DFn21xwjY+UI/RjB/mXwwiy94IqlKvkdoy1fzwbRAVQ
LRa9SXBsco/KzDer/NeNAxGt5Xp5I9xOV0HkERA+gCo/1dHtTVArlH/mniYJJfVJ
9kmz6zeNBiRMCfKPbTNlymoCFseU06PuPiaYmZK+FzzA8mKrsoUQOba5HlCTYk5C
acNLye1KE/ATVvMZzF1fanoGKztVsYe8tuMCeMTcK2WCGXRrbTYE6r866aWyeVAJ
zZ5MY9b4X/CdZYMc/iUy
=Dls9
-----END PGP SIGNATURE-----
Description: Use build flags from environment for plugins/drac (dpkg-buildflags).
Necessary for hardening flags.
Author: Simon Ruderich <si...@ruderich.org>
Last-Update: 2012-03-10
--- dovecot-2.0.18.orig/src/plugins/drac/Makefile
+++ dovecot-2.0.18/src/plugins/drac/Makefile
@@ -1,2 +1,2 @@
all:
- gcc -Wall -W -shared -fPIC -DHAVE_CONFIG_H -I../../.. -I../../lib drac.c -o drac.so -ldrac
+ gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -Wall -W -shared -fPIC -DHAVE_CONFIG_H -I../../.. -I../../lib drac.c -o drac.so -ldrac
