--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Please enabled hardened build flags
- From: Moritz Muehlenhoff <jmm@debian.org>
- Date: Mon, 16 Jan 2012 19:09:03 +0100
- Message-id: <20120116180903.3719.59377.reportbug@pisco.westfalen.local>
Package: tgt
Severity: important
Tags: patch
Please enabled hardened build flags through dpkg-buildflags.
Patch attached. (dpkg-buildflags abides "noopt" from DEB_BUILD_OPTIONS)
The hardened build flags also unveiled a missing format string,
for which I've attached a patch as well.
Cheers,
Moritz
diff -aur tgt-1.0.17.harden/debian/rules tgt-1.0.17/debian/rules
--- tgt-1.0.17.harden/debian/rules 2011-06-21 11:48:54.000000000 +0200
+++ tgt-1.0.17/debian/rules 2012-01-16 00:41:45.000000000 +0100
@@ -1,13 +1,12 @@
#!/usr/bin/make -f
#export DH_VERBOSE=1
-CFLAGS = -Wall -g
-
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -O0
-else
- CFLAGS += -O2
-endif
+CFLAGS = `dpkg-buildflags --get CFLAGS`
+CFLAGS += -Wall
+CFLAGS += `dpkg-buildflags --get CPPFLAGS`
+LDFLAGS = `dpkg-buildflags --get LDFLAGS`
+export CFLAGS
+export LDFLAGS
ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
Nur in tgt-1.0.17/debian: rules~.
diff -aur tgt-1.0.17.harden/usr/Makefile tgt-1.0.17/usr/Makefile
--- tgt-1.0.17.harden/usr/Makefile 2011-05-30 02:54:07.000000000 +0200
+++ tgt-1.0.17/usr/Makefile 2012-01-16 00:42:31.000000000 +0100
@@ -63,17 +63,17 @@
all: $(PROGRAMS)
tgtd: $(TGTD_OBJS)
- $(CC) $^ -o $@ $(LIBS)
+ $(CC) $^ -o $@ $(LIBS) $(LDFLAGS)
-include $(TGTD_DEP)
tgtadm: tgtadm.o
- $(CC) $^ -o $@
+ $(CC) $^ -o $@ $(LDFLAGS)
-include tgtadm.d
tgtimg: tgtimg.o libssc.o libcrc32c.o
- $(CC) $^ -o $@
+ $(CC) $^ -o $@ $(LDFLAGS)
-include tgtimg.d libssc.d
Nur in tgt-1.0.17/usr: Makefile~.
diff -aur tgt-1.0.17.orig/usr/fcoe/fcoe_if.c tgt-1.0.17/usr/fcoe/fcoe_if.c
--- tgt-1.0.17.orig/usr/fcoe/fcoe_if.c 2011-05-30 02:54:07.000000000 +0200
+++ tgt-1.0.17/usr/fcoe/fcoe_if.c 2012-01-16 00:50:04.000000000 +0100
@@ -193,7 +193,7 @@
snprintf(fdev->drv_info.vendor, 64, FCOE_DRIVER_VENDOR);
snprintf(fdev->drv_info.model_desc, 64, FCOE_DRIVER_NAME);
/* snprintf(fdev->drv_info.drv_version, 64, BUILD_VERSION); */
- snprintf(fdev->drv_info.drv_name, 64, fdev->ifname);
+ snprintf(fdev->drv_info.drv_name, 64, "%s", fdev->ifname);
fdev->dev_stats[0] = zalloc(sizeof(struct fcoe_dev_stats));
Nur in tgt-1.0.17/usr/fcoe: fcoe_if.c~.
--- End Message ---
--- Begin Message ---
Source: tgt
Source-Version: 1:1.0.46-1
We believe that the bug you reported is fixed in the latest version of
tgt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 656127@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Apollon Oikonomopoulos <apoikos@debian.org> (supplier of updated tgt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 19 May 2014 15:41:46 +0300
Source: tgt
Binary: tgt tgt-rbd tgt-glusterfs tgt-dbg
Architecture: source amd64
Version: 1:1.0.46-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Apollon Oikonomopoulos <apoikos@debian.org>
Description:
tgt - Linux SCSI target user-space daemon and tools
tgt-dbg - Linux SCSI target user-space daemon and tools - debug symbols
tgt-glusterfs - Linux SCSI target user-space daemon and tools - GlusterFS support
tgt-rbd - Linux SCSI target user-space daemon and tools - RBD support
Closes: 653067 656127 710173 710882 714868
Changes:
tgt (1:1.0.46-1) unstable; urgency=medium
.
* New upstream version
+ Drop existing patches that were merged upstream
- CVE-2011-0001
- fix-tgt-admin-bashism
- make-tgt-setup-lun-executable
+ Refresh conf-makefile patch
+ Build-depend on xsltproc and docbook-xsl to build the manpages
+ Remove FCOE and ISCSI feature parameters from debian/rules; FCOE support
has been dropped as of 1.0.19 and ISCSI is always built-in.
* Add myself to Uploaders, as discussed with Ben Hutchings.
* New patches
+ use-dpkg-buildflags.patch: use hardened build flags where applicable
(closes: #656127)
+ use-docbook-xsl.patch: use the XSLT stylesheets from docbook-xsl instead
of docbook.sf.net
+ do-not-build-html-manpages.patch: do not build the HTML version of the
manpages
* Update package descriptions (closes: #653067)
* Convert debian/rules to dh sequencer
+ Simplify debian/rules and remove DEB_BUILD_OPTIONS handling which is now
left up to dh
* Build with ceph/rados support (closes: #714868)
+ New binary package, tgt-rbd, offering rbd support
+ Build-Depend on librados-dev and librbd-dev
* Build with GlusterFS support
+ New binary package, tgt-glusterfs, offering GlusterFS support
+ Build-Depend on glusterfs-common
* New binary package, tgt-dbg, containing debug symbols for tgt
* Ship upstream's bash completion
+ Build-Depend on bash-completion
* Add DEP-8 autopkgtests
+ Import the DEP-8 tests from Ubuntu. Thanks to Yolanda Robla and Barry
Warsaw (closes: #710173, #710882)
+ Drop the bashisms in the imported autopkgtests
+ Drop the root-needed restriction, as it is not strictly required
+ Add a test to check the rbd and glusterfs loadable modules
* Mark all packages as arch:linux-any
* Bump standards to 3.9.5 and compat to 9
* Update debian/watch to point to github
* debian/init: provide self (fixes lintian info)
* debian/copyright: update license information and convert to Format 1.0
* Initial systemd support
* Only restart tgt on upgrade when no initiators are connected
Checksums-Sha1:
750507ae7199eb6a8f1522155d5722e7cec39530 2250 tgt_1.0.46-1.dsc
8739e55e4111fbf57447e26772edccfbc6d9e948 287141 tgt_1.0.46.orig.tar.gz
397d804cd0ae8573d250de3112322e39d816ccad 8536 tgt_1.0.46-1.debian.tar.xz
9558f7206f184d5438091230befa629d2a699d3b 198422 tgt_1.0.46-1_amd64.deb
d71fab77e629e39fb8b22c15c9b9f453f4459a6e 10174 tgt-rbd_1.0.46-1_amd64.deb
32b598d53737d3abeb99a5a45948acccee362e47 9416 tgt-glusterfs_1.0.46-1_amd64.deb
e8d1d6ec38e7d11a614094d37f8a2a0ec450410c 541152 tgt-dbg_1.0.46-1_amd64.deb
Checksums-Sha256:
5ef221efaea956a9826dcf7342b135821adf3bf5f0d0070206ea7d7c515eb2ed 2250 tgt_1.0.46-1.dsc
9ef119f18a1671d1f36999fbff21bf06d7ea766f68a96bd0935c3a0e09be56b2 287141 tgt_1.0.46.orig.tar.gz
21020220cff2de455203c44a4aad9139285da87d3f25dc4e2a2cf1965e2e125c 8536 tgt_1.0.46-1.debian.tar.xz
b4de6c9d5517906e9425a78c5219165ad7547d94a77804f80070801a1681723d 198422 tgt_1.0.46-1_amd64.deb
795f1244ec0a4cae445782d00541adfd91c3e5b694b31300f32cf21d8b557dcf 10174 tgt-rbd_1.0.46-1_amd64.deb
8c604dfa3c5a2aa3feda800126cfada149925cf9ac32b418e81e3acf9ff8d784 9416 tgt-glusterfs_1.0.46-1_amd64.deb
a94a7c900236e3419be36b91a2fe612311cc244155734b8fbc9442f838ca0b0a 541152 tgt-dbg_1.0.46-1_amd64.deb
Files:
c188b9b46268895d480ae5cabf50d88a 198422 net optional tgt_1.0.46-1_amd64.deb
b4426832ca5595e342d4d8fd902713c8 10174 net optional tgt-rbd_1.0.46-1_amd64.deb
90ff97cc6eb63c18ec06328e03af0778 9416 net optional tgt-glusterfs_1.0.46-1_amd64.deb
2eca3bc9c9e88fdd2df8dd50755dcdcf 541152 debug extra tgt-dbg_1.0.46-1_amd64.deb
931a6215aaec0ed1744dd5b02f1ca133 2250 net optional tgt_1.0.46-1.dsc
cf71e30a0906039a1b2f04e4e5593f8d 287141 net optional tgt_1.0.46.orig.tar.gz
5d4d977a39e957c691bbb75aafc3b8ad 8536 net optional tgt_1.0.46-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJTeg7fAAoJEHLTQsHpUUMGitIP+wXSl3H/QLL1eSTxjCFrE3nF
xDgwwNjWzkSbJwlakytwPCHhjvlbn8PhD3+prmTQgEhjcxxhurYiflnOhjYNe0+g
HytkoaIH7USwJbYgt8a2P+x6UdutCpx/r+n4wVIk10pSIW2GZp5b65iDEnjoXYsr
ENCv0mXdAP1O0ZI6A61l3uIvBT/ZDZ/dQ5zezbcg1h7KgO6u9k6SzWTPH/TRS10N
lti6tyBEX7F5W0xGjT4rzv9BC0xoYEMc7u/AhHZ66YlFgSaiu8shk/UBYn05W40J
PFl/ZTXp3x/2IG0WmfezFNX+ohtG4LEZymJ15aydVi6ndPCTy5NPtXTB8uYUVU7b
KBRkle464MVxvBqs+15ux4fx5xCotefNoNz7Mk9ths/RlZY4FsEEpYH/piVqcNaK
nCHq9EkdjwaTzyXzT+RCijiEB/pQPaWe/11aHLp+cMLvvUSBo4Orq68eP6fzWyTf
oLlLvDBVeQNQw5cFTXuc8AmoqghDLNj8BF49/MySiJGrUoyN8YAEzKYWXe8iY40I
B2TUYtwVy1EnCZi2FxDJrsCC6p5Q2f89JuKEV9VHHJwoFvCmj4+OKbCIRLZE2ziB
JJ8s1CY7Kv0V/l3ehKLJdK0LiEEQGd1t/b9eaMn0hgd8rxmW/ruord6ARCFUoM2e
63hhxl1hIVyfgY6M5zY4
=nu1S
-----END PGP SIGNATURE-----
--- End Message ---