Bug#659194: openttd: Hardening CPPFLAGS missing

Simon Ruderich Wed, 08 Feb 2012 16:18:18 -0800

Package: openttd
Version: 1.1.5-1
Severity: important
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Dear Maintainer,

The hardening CPPFLAGS are missing from the current build; which
includes -D_FORTIFY_SOURCE=2. The following patch enables them.

diff -Nru openttd-1.1.5/debian/rules openttd-1.1.5/debian/rules
- --- openttd-1.1.5/debian/rules        2012-02-08 15:05:58.000000000 +0100
+++ openttd-1.1.5/debian/rules  2012-02-09 00:27:25.000000000 +0100
@@ -29,7 +29,7 @@
 # to be explicit about the dependencies, in case we're not running in a
 # clean build root.
 override_dh_auto_configure:
- -     ./configure $(CROSS) --prefix-dir=/usr --install-dir=debian/tmp 
--without-allegro --with-zlib --with-sdl --with-png --with-freetype 
--with-fontconfig --with-icu --with-liblzo2 --with-liblzma --without-iconv 
--disable-strip CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)"
+       ./configure $(CROSS) --prefix-dir=/usr --install-dir=debian/tmp 
--without-allegro --with-zlib --with-sdl --with-png --with-freetype 
--with-fontconfig --with-icu --with-liblzo2 --with-liblzma --without-iconv 
--disable-strip CFLAGS="$(CFLAGS) $(CPPFLAGS)" LDFLAGS="$(LDFLAGS)"
 
 # Do some extra installation
 override_dh_auto_install:

The build system seems to ignores CPPFLAGS so I added them to
CFLAGS.

Adding export VERBOSE=1 to debian/rules would it make a little
easier to spot the missing flags.

Please use `hardening-check` from the hardening-includes package
to verify all necessary hardening are present - that's how I
detected the missing flags:

    $ hardening-check /usr/games/openttd
    [...]
     Fortify Source functions: no, only unprotected functions found!
    [...]

Regards,
Simon

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openttd depends on:
ii  libc6            2.13-26
ii  libfontconfig1   2.8.0-3.1
ii  libfreetype6     2.4.8-1
ii  libgcc1          1:4.6.2-12
ii  libicu48         4.8.1.1-3
ii  liblzma5         5.1.1alpha+20110809-3
ii  liblzo2-2        2.06-1
ii  libpng12-0       1.2.46-4
ii  libsdl1.2debian  1.2.15-1
ii  libstdc++6       4.6.2-12
ii  openttd-data     1.1.5-1
ii  zlib1g           1:1.2.3.4.dfsg-3

Versions of packages openttd recommends:
ii  openttd-opengfx  0.3.7-1
ii  openttd-openmsx  0.3.1-1
ii  timidity         2.13.2-40
ii  x11-utils        7.6+4

Versions of packages openttd suggests:
ii  openttd-opensfx  0.2.3-2

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJPMxAKAAoJEJL+/bfkTDL5mUoP/3IMpVdgqw13wpMDiDdA3wkM
zJSE2g0FfqAi5mHcVPoq9p5NXfLWdtP0XIKbHDLjZHa7hWMtXBMe5LkYlGf7N7CP
6OW1IvI7WWRJJtRDxzR4VUX2XkPxp/qJ3pLZ1xMeRK/MqW3haavEygtm1fbCwPud
FBF1ZjogPYh8Fzq0XVqyC76mRdFyU6s+mk+Oeif90cse9AskSFu+/5zPCyxF9Stc
SGQeYXRJ58qHdHyfjI9BvXiqZKA37HYMJkuEwbPYS6G/aQz/BFctjyoE9zmXJ84/
PpGReBcEjnRv31Ca0A5qrCQCSU6I7iW0wsZ3wkWCBaibA2SjMwCEGHeL4S3TGrTF
wQgVeVeXQ5Pj0/LLray0UMXCnlYyVyUFwDRn6tZCcQcm+CBHN/yX88D/R0T2BDDP
7HKhXhcureYjvgtvyBmS9SDoRFsFrFGUX7qNbZ3RLmV1CE8Rb25ulS7c6LHtLN1O
Q9cmRajINF2yncP7MF15pCzsOZWZKw/TFLafhmKExqU7NXJMicVYugdtSaWvAc+L
lHPDX7EgfKWX4/yx1QJhHA2flyU2SPIsEgS1j/bghIoewfzVhHY9+XVfyiR00v0u
Fu9JpAYb9aAPu6y4TF2rchDt81bpbuWKarzXbKqwir5cQ5hQQtXXehG9I8aBl/0Z
OrC7WzHJDG59wV0QC1Ur
=tZnS
-----END PGP SIGNATURE-----



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#659194: openttd: Hardening CPPFLAGS missing

Reply via email to