[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#653504: marked as done (Please enable hardened build flags)

Your message dated Tue, 24 Jan 2012 13:02:21 +0000
with message-id <E1Rpg0z-0004ii-OB@franck.debian.org>
and subject line Bug#653504: fixed in apt 0.8.16~exp12
has caused the Debian Bug report #653504,
regarding Please enable hardened build flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

653504: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653504
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: apt
Severity: important
Tags: patch

apt already parses the default CXXFLAGS from dpkg-buildflags, which
results in a protected stack.

However, also CPPFLAGS and LDFLAGS needs to be queried and passed to
configure, so that the fortified source and relro are activated.

Patch attached.

diff -aur apt- apt-
--- apt-	2011-08-17 18:01:43.000000000 +0200
+++ apt-	2011-12-29 00:18:51.000000000 +0100
@@ -18,6 +18,8 @@
 ifneq (,$(shell which dpkg-buildflags))
   export CXXFLAGS = $(shell dpkg-buildflags --get CXXFLAGS)
+  export LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS)
+  export CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS)
   ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
     export CXXFLAGS = -O0 -g -Wall
@@ -91,7 +93,7 @@
 	-mkdir build
 	cp COPYING debian/copyright
-	cd build && CXXFLAGS="$(CXXFLAGS)" ../configure $(confflags)
+	cd build && CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" CPPFLAGS="$(CPPFLAGS)" ../configure $(confflags)
 	touch $@
 build/build-stamp: build/configure-stamp
Nur in apt- rules~.

--- End Message ---
--- Begin Message ---
Source: apt
Source-Version: 0.8.16~exp12

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive:

  to main/a/apt/apt-doc_0.8.16~exp12_all.deb
  to main/a/apt/apt-transport-https_0.8.16~exp12_amd64.deb
  to main/a/apt/apt-utils_0.8.16~exp12_amd64.deb
  to main/a/apt/apt_0.8.16~exp12.dsc
  to main/a/apt/apt_0.8.16~exp12.tar.gz
  to main/a/apt/apt_0.8.16~exp12_amd64.deb
  to main/a/apt/libapt-inst1.4_0.8.16~exp12_amd64.deb
  to main/a/apt/libapt-pkg-dev_0.8.16~exp12_amd64.deb
  to main/a/apt/libapt-pkg-doc_0.8.16~exp12_all.deb
  to main/a/apt/libapt-pkg4.12_0.8.16~exp12_amd64.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 653504@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Michael Vogt <mvo@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.8
Date: Tue, 24 Jan 2012 12:24:38 +0100
Source: apt
Binary: apt libapt-pkg4.12 libapt-inst1.4 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source all amd64
Version: 0.8.16~exp12
Distribution: experimental
Urgency: low
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Michael Vogt <mvo@debian.org>
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package managment related utility programs
 libapt-inst1.4 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg4.12 - package managment runtime library
Closes: 646381 652834 652835 653504 656530
 apt (0.8.16~exp12) experimental; urgency=low
   [ Michael Vogt ]
   * apt-pkg/deb/dpkgpm.cc:
     - fix segfault on pkg removal
   [ David Kalnischkies ]
   * apt-pkg/cacheiterators.h:
     - return the correct version arch for all+foreign, too
   * apt-pkg/packagemanager.cc:
     - ignore breaks on not-installed versions while searching for
       breakage loops as we don't have to avoid them
   * debian/control:
     - remove APT from the short descriptions as lintian doesn't like it
       and it doesn't transport any information for a reader anyway
     - apply typofixes by Pascal De Vuyst, thanks! (Closes: #652834, #652835)
   * debian/rules:
     - apply patch to enable usage of hardning CPPFLAGS and LDFLAGS by
       Moritz Muehlenhoff, thanks! (Closes: #653504)
   * methods/https.cc:
     - use curls list append instead of appending Range and If-Range by hand
       which generates malformed requests, thanks Mel Collins for the hint!
       (Closes: #646381)
   * test/libapt/run-tests:
     - hurd doesn't have dmesg yet and we don't really need it either,
       so use with $0 a more stable data source for hashsumming
   [ Pino Toscano ]
   * test/libapt/globalerror_test.cc:
     - errno 0 has a different strerror on hurd, so generate the expected
       message dynamically instead of hardcoding 'Success' (Closes: #656530)
 d5e9e3985597280e0de33717db2e1bcfb922dfd0 1690 apt_0.8.16~exp12.dsc
 b63603dd5d08af2e7a49bbe6ce225e89c3bb0d1a 3391344 apt_0.8.16~exp12.tar.gz
 e33fa774235d70f81a2dc8349e0920069ae5b5b5 250286 apt-doc_0.8.16~exp12_all.deb
 1530d42b0b5dcd9152354e4136a17c3999714040 827608 libapt-pkg-doc_0.8.16~exp12_all.deb
 ed6036bd8c3608db1b9d2aa21fe36e5e9c38d55c 1012746 libapt-pkg4.12_0.8.16~exp12_amd64.deb
 99cc86c8ce74144c3bfc4588c4d5cf869fc63365 185510 libapt-inst1.4_0.8.16~exp12_amd64.deb
 3b4d51bdc06cf4edadf17c1c63364c5a76763d9d 1158632 apt_0.8.16~exp12_amd64.deb
 26057422db80c68793dc52b32662c95d7747a8d2 174694 libapt-pkg-dev_0.8.16~exp12_amd64.deb
 0ad6029dbfaf4c5f239157304110eec98fa70c6d 270822 apt-utils_0.8.16~exp12_amd64.deb
 a48920ef9674ba99ecb2b5829ecba4fad339f396 96654 apt-transport-https_0.8.16~exp12_amd64.deb
 3d68a284f7616382692d4616a5fe60ea1ce9b173975cd58028e3746868ea068a 1690 apt_0.8.16~exp12.dsc
 4eea61773b41cee791bd058c019d62cad3ca10b98c20349aef98f82747e945b9 3391344 apt_0.8.16~exp12.tar.gz
 3195aebfb8439d19d630895b7ff30d7255c70165480897b003a4ccb25a78b973 250286 apt-doc_0.8.16~exp12_all.deb
 44b7f1c3b7ed5f6d171bcc1afe76a7279c23c9901c6d8d3f0ef6226befae21e5 827608 libapt-pkg-doc_0.8.16~exp12_all.deb
 4c9fd4fd959a02ab6c54bcfb7386d8bc186996082dfc8e8b768ae1bdd64414fe 1012746 libapt-pkg4.12_0.8.16~exp12_amd64.deb
 886b3edf65a3e19b9084c009e36e4d691fdf29ae9db217d1d63bb85662b92345 185510 libapt-inst1.4_0.8.16~exp12_amd64.deb
 33b226cceb956823bda11880a4ab1be010488374835a39044c224cd78c8c9fe5 1158632 apt_0.8.16~exp12_amd64.deb
 ca01715bcb8ca9fcccc0a21d4794367610666daa91190b7336f6da3e406f508a 174694 libapt-pkg-dev_0.8.16~exp12_amd64.deb
 2626f59575574808d35b66ec882899c36247b869fbd03f2e9beaeb334a322b97 270822 apt-utils_0.8.16~exp12_amd64.deb
 18141e19cc942c071d636b8d1a1a6a4eff4d615575580f68633dcfc2c23fd117 96654 apt-transport-https_0.8.16~exp12_amd64.deb
 dbe8f5e0c838ba82ede8d971a9cc82d9 1690 admin important apt_0.8.16~exp12.dsc
 f53a0ee7a81b05b68fee247dec639721 3391344 admin important apt_0.8.16~exp12.tar.gz
 f4977870e9202887575d9a846b4de197 250286 doc optional apt-doc_0.8.16~exp12_all.deb
 40b07fc3a576c9979ccedc7595ffdc11 827608 doc optional libapt-pkg-doc_0.8.16~exp12_all.deb
 0aed824976e68e45d3b2061c5f0acd8d 1012746 admin important libapt-pkg4.12_0.8.16~exp12_amd64.deb
 602f86dd43ba05da4bbc8b210bd59876 185510 admin important libapt-inst1.4_0.8.16~exp12_amd64.deb
 10915f1758b7fda912f2f00209156e19 1158632 admin important apt_0.8.16~exp12_amd64.deb
 8f31208f9c8ce8868fabbd107ab660df 174694 libdevel optional libapt-pkg-dev_0.8.16~exp12_amd64.deb
 4a53e73312255e510bd31a47a53252b2 270822 admin important apt-utils_0.8.16~exp12_amd64.deb
 1c7ae13d45417782e0b0398df4f873cb 96654 admin optional apt-transport-https_0.8.16~exp12_amd64.deb

Version: GnuPG v1.4.11 (GNU/Linux)


--- End Message ---

Reply to: