[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#552688: marked as done (Please decide how Debian should enable hardening build flags)

Your message dated Thu, 31 May 2012 12:41:33 -0700
with message-id <87r4u0f89e.fsf@windlord.stanford.edu>
and subject line Re: Bug#552688: Please decide how Debian should enable hardening build flags
has caused the Debian Bug report #552688,
regarding Please decide how Debian should enable hardening build flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

552688: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552688
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: gcc-4.4
Version: 4.4.2-1
Severity: wishlist
Tags: patch


Based on the ubuntu-devel discussions[1], there are no objections yet
from other developers about enabling the hardened compiler defaults in



[1] http://lists.debian.org/debian-gcc/2009/10/msg00186.html

Kees Cook                                            @debian.org
diff -uNrp gcc-4.4-4.4.1/debian~/rules.defs gcc-4.4-4.4.1/debian/rules.defs
--- gcc-4.4-4.4.1/debian~/rules.defs	2009-10-25 10:46:48.000000000 -0700
+++ gcc-4.4-4.4.1/debian/rules.defs	2009-10-25 10:50:13.000000000 -0700
@@ -675,10 +675,8 @@ endif
 with_ssp := $(call envfilt, ssp, , , $(with_ssp))
 ifeq ($(with_ssp),yes)
-  ifneq ($(distribution),Debian)
-    ifneq (,$(findstring gcc-4, $(PKGSOURCE)))
-      with_ssp_default := yes
-    endif
+  ifneq (,$(findstring gcc-4, $(PKGSOURCE)))
+    with_ssp_default := yes
diff -uNrp gcc-4.4-4.4.1/debian~/rules.patch gcc-4.4-4.4.1/debian/rules.patch
--- gcc-4.4-4.4.1/debian~/rules.patch	2009-10-25 10:46:48.000000000 -0700
+++ gcc-4.4-4.4.1/debian/rules.patch	2009-10-25 10:49:47.000000000 -0700
@@ -64,14 +64,12 @@ debian_patches += \
 hardening_patches =
-ifneq ($(distribution),Debian)
-  ifneq (,$(findstring gcc-4, $(PKGSOURCE)))
-    hardening_patches += gcc-default-format-security \
+ifneq (,$(findstring gcc-4, $(PKGSOURCE)))
+  hardening_patches += gcc-default-format-security \
 	gcc-default-fortify-source gcc-default-relro \
 	testsuite-hardening-format \
 	testsuite-hardening-fortify \
-  endif
 ifeq ($(with_ssp)-$(with_ssp_default),yes-yes)
   hardening_patches += gcc-default-ssp

--- End Message ---
--- Begin Message ---
Following discussion of this bug in today's Technical Committee meeting on
IRC, we tentatively decided (assuming no objections from those who
couldn't make it) to decide this is resolved by the dpkg-buildflags work
and to close it without a vote.

If there are any objections, particularly from TC members who couldn't
make the meeting, or if anyone involved in this work feels that it would
be useful for the TC to make a formal decision, please let me know and
I'll reopen.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

--- End Message ---

Reply to: