[Pkg-varnish-devel] Bug#663064: varnish: Please enable hardening flags
Allard Hoeve
allard at byte.nl
Thu Mar 8 10:09:50 UTC 2012
Package: varnish
Version: 3.0.2-1
Severity: wishlist
Tags: patch
Dear Maintainers,
As you are probably aware, one of the release goals for Wheezy is to enable the hardening flags that dpkg-buildflags now exports by default.
I've compiled Varnish with the default flags and all is well. It runs in production on ten of my servers. No problems so far.
Debhelper 9 and later export the flags by default, but your use of ./configure prevents the flags from propagating. Please apply the attached patch that enables the flags in override_auto_configure.
Thanks,
Allard Hoeve
PS: I've tried hardening=+all, but the VCL compiler churns out non-PIE code and the Varnish croaks. This needs some more work.
-- System Information:
Debian Release: 6.0.4
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF8)
Shell: /bin/sh linked to /bin/dash
-------------- next part --------------
commit f6c91fccf2aa79b3dd93ccfd416a2cc2e750a081
Author: Allard Hoeve <allard at byte.nl>
Date: Tue Mar 6 20:01:07 2012 +0100
Compile with dpkg-buildflags (hardening)
diff --git a/debian/rules b/debian/rules
index 77977f2..d9a0596 100755
--- a/debian/rules
+++ b/debian/rules
@@ -35,7 +35,7 @@ override_dh_auto_test:
# Override to add local configure flags
override_dh_auto_configure:
- dh_auto_configure -- $(LOCAL_CONFIGURE_FLAGS)
+ dh_auto_configure -- $(LOCAL_CONFIGURE_FLAGS) $(shell dpkg-buildflags --export=configure)
override_dh_auto_install:
dh_auto_install -a
More information about the Pkg-varnish-devel
mailing list