Package: dpkg
Version: 1.18.4
Severity: wishlist
Tags: patch
User: bal...@balintreczey.hu
Usertags: hardened1-linux-amd64
Dear Guillem,
This is the second patch enabling extra flags in dpkg in case the
hardened1-linux-amd64 port is accepted in #812782.
Cheers,
Balint
>From 2f43474201ea50f9b48d2ba80fcdc2ae38cefc84 Mon Sep 17 00:00:00 2001
From: Balint Reczey <bal...@balintreczey.hu>
Date: Tue, 26 Jan 2016 13:41:54 +0100
Subject: [PATCH 2/2] Dpkg::Vendor::Debian: Use ASAN, UBSAN and bindnow on
hardened1-* architectures
---
scripts/Dpkg/Vendor/Debian.pm | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm
index db40b2c..2f39d82 100644
--- a/scripts/Dpkg/Vendor/Debian.pm
+++ b/scripts/Dpkg/Vendor/Debian.pm
@@ -177,6 +177,14 @@ sub _add_reproducible_flags {
sub _add_sanitize_flags {
my ($self, $flags) = @_;
+ my $arch = get_host_arch();
+ my ($abi, $os, $cpu) = debarch_to_debtriplet($arch);
+
+ unless (defined $abi and defined $os and defined $cpu) {
+ warning(g_("unknown host architecture '%s'"), $arch);
+ ($abi, $os, $cpu) = ('', '', '');
+ }
+
# Default feature states.
my %use_feature = (
address => 0,
@@ -185,6 +193,13 @@ sub _add_sanitize_flags {
undefined => 0,
);
+ if ($abi =~ /^(?:gnuhardened1)$/) {
+ # Enable address and undefined behavior sanitizers for the
+ # hardened ports
+ $use_feature{address} = 1;
+ $use_feature{undefined} = 1;
+ }
+
# Adjust features based on user or maintainer's desires.
$self->_parse_feature_area('sanitize', \%use_feature);
@@ -251,6 +266,11 @@ sub _add_hardening_flags {
bindnow => 0,
);
+ if ($abi =~ /^(?:gnuhardened1)$/) {
+ # Enable bindnow on hardened ports
+ $use_feature{bindnow} = 1;
+ }
+
# Adjust features based on user or maintainer's desires.
$self->_parse_feature_area('hardening', \%use_feature);
--
2.1.4
