Bug#656127: Please enabled hardened build flags

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#656127: Please enabled hardened build flags
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 16 Jan 2012 19:09:03 +0100
Message-id: <[🔎] 20120116180903.3719.59377.reportbug@pisco.westfalen.local>
Reply-to: Moritz Muehlenhoff <jmm@debian.org>, 656127@bugs.debian.org

Package: tgt
Severity: important
Tags: patch

Please enabled hardened build flags through dpkg-buildflags.

Patch attached. (dpkg-buildflags abides "noopt" from DEB_BUILD_OPTIONS)

The hardened build flags also unveiled a missing format string,
for which I've attached a patch as well.

Cheers,
        Moritz

diff -aur tgt-1.0.17.harden/debian/rules tgt-1.0.17/debian/rules
--- tgt-1.0.17.harden/debian/rules	2011-06-21 11:48:54.000000000 +0200
+++ tgt-1.0.17/debian/rules	2012-01-16 00:41:45.000000000 +0100
@@ -1,13 +1,12 @@
 #!/usr/bin/make -f
 #export DH_VERBOSE=1
 
-CFLAGS = -Wall -g
-
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-	CFLAGS += -O0
-else
-	CFLAGS += -O2
-endif
+CFLAGS = `dpkg-buildflags --get CFLAGS`
+CFLAGS += -Wall
+CFLAGS += `dpkg-buildflags --get CPPFLAGS`
+LDFLAGS = `dpkg-buildflags --get LDFLAGS`
+export CFLAGS
+export LDFLAGS
 
 ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
   NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
Nur in tgt-1.0.17/debian: rules~.
diff -aur tgt-1.0.17.harden/usr/Makefile tgt-1.0.17/usr/Makefile
--- tgt-1.0.17.harden/usr/Makefile	2011-05-30 02:54:07.000000000 +0200
+++ tgt-1.0.17/usr/Makefile	2012-01-16 00:42:31.000000000 +0100
@@ -63,17 +63,17 @@
 all: $(PROGRAMS)
 
 tgtd: $(TGTD_OBJS)
-	$(CC) $^ -o $@ $(LIBS)
+	$(CC) $^ -o $@ $(LIBS) $(LDFLAGS)
 
 -include $(TGTD_DEP)
 
 tgtadm: tgtadm.o
-	$(CC) $^ -o $@
+	$(CC) $^ -o $@ $(LDFLAGS)
 
 -include tgtadm.d
 
 tgtimg: tgtimg.o libssc.o libcrc32c.o
-	$(CC) $^ -o $@
+	$(CC) $^ -o $@ $(LDFLAGS)
 
 -include tgtimg.d libssc.d
 
Nur in tgt-1.0.17/usr: Makefile~.

diff -aur tgt-1.0.17.orig/usr/fcoe/fcoe_if.c tgt-1.0.17/usr/fcoe/fcoe_if.c
--- tgt-1.0.17.orig/usr/fcoe/fcoe_if.c	2011-05-30 02:54:07.000000000 +0200
+++ tgt-1.0.17/usr/fcoe/fcoe_if.c	2012-01-16 00:50:04.000000000 +0100
@@ -193,7 +193,7 @@
 	snprintf(fdev->drv_info.vendor, 64, FCOE_DRIVER_VENDOR);
 	snprintf(fdev->drv_info.model_desc, 64, FCOE_DRIVER_NAME);
 /* 	snprintf(fdev->drv_info.drv_version, 64, BUILD_VERSION); */
-	snprintf(fdev->drv_info.drv_name, 64, fdev->ifname);
+	snprintf(fdev->drv_info.drv_name, 64, "%s", fdev->ifname);
 
 	fdev->dev_stats[0] = zalloc(sizeof(struct fcoe_dev_stats));
 
Nur in tgt-1.0.17/usr/fcoe: fcoe_if.c~.

Reply to:

Prev by Date: [bts-link] source package linux-2.6
Next by Date: Re: Upcoming stable point release
Previous by thread: Processed: Re: Bug#633961 closed by Jonathan Nieder <jrnieder@gmail.com> (Re: linux images must conflict with unfixed input-utils)
Next by thread: Bug#604627: linux-image-2.6.32-5-amd64: megasas: Failed to alloc kernel SGL buffer for IOCTL
Index(es):
- Date
- Thread