Bug#656260: Please enabled hardened build flags

Tue, 17 Jan 2012 13:42:22 -0800 

Source: hylafax
Severity: important
Tags: patch

Hi Giuseppe,
Please enabled hardened build flags through dpkg-buildflags.

The attached patch enables proper format string checks, a
fortified stack and relro linking. (debian/compat is bumped
to 9, since dh injects the hardened build flags at compat
level 9).

I also needed to make a check to pass LDFLAGS to the linker,
see patch hyla-harden.patch.

The format strings checks unveiled several cases of missing
format strings, for which I have attached hyla-format1.patch
to hyla-format4.patch.

One missing piece of the target hardening flags for Wheezy
if fortified source (-D_FORTIFY_SOURCE=2), which must be
passed as part of CPPFLAGS. Maybe you can fix this up in
the Hylafax buildsystem or contact upstream on this?

Cheers,
        Moritz

diff -aur hylafax-6.1~20111227.harden/debian/compat hylafax-6.1~20111227/debian/compat
--- hylafax-6.1~20111227.harden/debian/compat	2009-12-28 20:05:40.000000000 +0100
+++ hylafax-6.1~20111227/debian/compat	2012-01-16 20:18:11.000000000 +0100
@@ -1 +1 @@
-5
+9
Nur in hylafax-6.1~20111227/debian: compat~.
diff -aur hylafax-6.1~20111227.harden/defs.in hylafax-6.1~20111227/defs.in
--- hylafax-6.1~20111227.harden/defs.in	2009-12-13 21:37:38.000000000 +0100
+++ hylafax-6.1~20111227/defs.in	2012-01-16 20:17:52.000000000 +0100
@@ -262,7 +262,7 @@
 #     then its make file should override the setting of SHDLIBC with a
 #     line such as "SHDLIBC=".
 #
-LDFLAGS		= ${LDOPTS} ${LDLIBS}
+LDFLAGS		= ${LDOPTS} ${LDLIBS} `dpkg-buildflags --get LDFLAGS`
 
 LDOPTS		= ${VLDOPTS} ${LLDOPTS} ${GLDOPTS}
 LDLIBS		= ${VLDLIBS} ${LLDLIBS} ${GLDLIBS}
Nur in hylafax-6.1~20111227: defs.in~.

diff -aur hylafax-6.1~20111227.orig/libhylafax/TextFormat.c++ hylafax-6.1~20111227/libhylafax/TextFormat.c++
--- hylafax-6.1~20111227.orig/libhylafax/TextFormat.c++	2011-12-06 14:59:32.000000000 +0100
+++ hylafax-6.1~20111227/libhylafax/TextFormat.c++	2012-01-09 00:27:24.000000000 +0100
@@ -1371,7 +1371,7 @@
 {
     fxStr emsg;
     if (!decodeFontName(family, fontpath, emsg)) {
-	fprintf(stderr,emsg);
+	fprintf(stderr,"%s", (const char*) emsg);
 	return NULL;
     }
     return Sys::fopen(fontpath, "r");

diff -aur hylafax-6.1~20111227.orig/libhylafax/FaxClient.c++ hylafax-6.1~20111227/libhylafax/FaxClient.c++
--- hylafax-6.1~20111227.orig/libhylafax/FaxClient.c++	2009-12-13 21:37:38.000000000 +0100
+++ hylafax-6.1~20111227/libhylafax/FaxClient.c++	2012-01-09 00:30:30.000000000 +0100
@@ -116,7 +116,7 @@
 void
 FaxClient::vprintWarning(const char* fmt, va_list ap)
 {
-    fprintf(stderr, NLS::TEXT("Warning, "));
+    fprintf(stderr, "%s", NLS::TEXT("Warning, "));
     vfprintf(stderr, fmt, ap);
     fputs("\n", stderr);
 }
Nur in hylafax-6.1~20111227/libhylafax: FaxClient.c++~.

diff -aur hylafax-6.1~20111227.orig/libhylafax/TypeRules.c++ hylafax-6.1~20111227/libhylafax/TypeRules.c++
--- hylafax-6.1~20111227.orig/libhylafax/TypeRules.c++	2011-12-06 14:59:32.000000000 +0100
+++ hylafax-6.1~20111227/libhylafax/TypeRules.c++	2012-01-09 00:33:48.000000000 +0100
@@ -101,7 +101,7 @@
 	    printf(" \"%s\"", value.s);
 	else if (type != ASCII && type != ASCIIESC) {
 	    if (op == ANY)
-		printf(NLS::TEXT(" <any value>"));
+		printf("%s", NLS::TEXT(" <any value>"));
 	    else
 		printf(" %#llx", (long long) value.v);
 	}
@@ -109,7 +109,7 @@
     }
     if (off > (off_t)size) {
 	if (verbose)
-	    printf(NLS::TEXT("failed (offset past data)\n"));
+	    printf("%s", NLS::TEXT("failed (offset past data)\n"));
 	return (false);
     }
     bool ok = false;
@@ -162,7 +162,7 @@
 	    break;
 	}
 	if (verbose)
-	    printf(NLS::TEXT("failed (insufficient data)\n"));
+	    printf("%s", NLS::TEXT("failed (insufficient data)\n"));
 	return (false);
     case LONG:
 	if (off + 4 < (off_t)size) {
@@ -171,7 +171,7 @@
 	    break;
 	}
 	if (verbose)
-	    printf(NLS::TEXT("failed (insufficient data)\n"));
+	    printf("%s", NLS::TEXT("failed (insufficient data)\n"));
 	return (false);
     }
     /*
@@ -195,7 +195,7 @@
 	    printf(NLS::TEXT("success (result %s, rule \"%s\")\n"),
 		resultNames[result], (const char*) cmd);
 	else
-	    printf(NLS::TEXT("failed (comparison)\n"));
+	    printf("%s", NLS::TEXT("failed (comparison)\n"));
     }
     return (ok);
 }
@@ -496,6 +496,6 @@
 	    return (&(*rules)[i + match2(i, data, size, verbose)]);
     }
     if (verbose)
-	printf(NLS::TEXT("no match\n"));
+	printf("%s", NLS::TEXT("no match\n"));
     return (NULL);
 }
Nur in hylafax-6.1~20111227/libhylafax: TypeRules.c++~.

diff -aur hylafax-6.1~20111227.orig/libhylafax/SNPPClient.c++ hylafax-6.1~20111227/libhylafax/SNPPClient.c++
--- hylafax-6.1~20111227.orig/libhylafax/SNPPClient.c++	2009-12-13 21:37:38.000000000 +0100
+++ hylafax-6.1~20111227/libhylafax/SNPPClient.c++	2012-01-16 20:09:27.000000000 +0100
@@ -103,7 +103,7 @@
 void
 SNPPClient::vprintWarning(const char* fmt, va_list ap)
 {
-    fprintf(stderr, NLS::TEXT("Warning, "));
+    fprintf(stderr, "%s", NLS::TEXT("Warning, "));
     vfprintf(stderr, fmt, ap);
     fputs("\n", stderr);
 }
Nur in hylafax-6.1~20111227/libhylafax: SNPPClient.c++~.

Reply via email to