Bug#759751: libutempter: Please enable hardening compiler flags

Fri, 29 Aug 2014 16:07:30 -0700 

Source: libutempter
Version: 1.1.5-4
Severity: normal
Tags: patch

Hello,

libutempter provides a setgid binary and therefore should enable
all possible compiler hardening options.

The attached patch enables compat=9 to automatically use
hardening flags from dpkg-buildpackage. However the build system
has a bug which drops compiler flags from the environment and
therefore the second attached patch is also necessary. It should
be sent upstream.

Regards
Simon
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

diff -Nru libutempter-1.1.5/debian/compat libutempter-1.1.5/debian/compat
--- libutempter-1.1.5/debian/compat	2010-04-22 13:18:45.000000000 +0200
+++ libutempter-1.1.5/debian/compat	2014-08-30 00:57:19.000000000 +0200
@@ -1 +1 @@
-7
+9
diff -Nru libutempter-1.1.5/debian/rules libutempter-1.1.5/debian/rules
--- libutempter-1.1.5/debian/rules	2010-04-22 13:28:17.000000000 +0200
+++ libutempter-1.1.5/debian/rules	2014-08-30 00:57:57.000000000 +0200
@@ -1,5 +1,7 @@
 #!/usr/bin/make -f
 
+export DEB_BUILD_MAINT_OPTIONS := hardening=+all
+
 %:
 	dh $@ --parallel --list-missing
 

Description: Use build flags from environment (dpkg-buildflags).
 Necessary for hardening flags.
Author: Simon Ruderich <si...@ruderich.org>
Last-Update: 2014-08-30

TODO: This patch should be sent upstream!

Index: libutempter-1.1.5/Makefile
===================================================================
--- libutempter-1.1.5.orig/Makefile
+++ libutempter-1.1.5/Makefile
@@ -40,8 +40,8 @@ WARNINGS = -W -Wall -Waggregate-return -
        -Wmissing-format-attribute -Wmissing-noreturn \
        -Wmissing-prototypes -Wpointer-arith -Wredundant-decls \
        -Wshadow -Wstrict-prototypes -Wwrite-strings
-CPPFLAGS = -std=gnu99 $(WARNINGS) -DLIBEXECDIR=\"$(libexecdir)\"
-CFLAGS = $(RPM_OPT_FLAGS)
+CPPFLAGS := -std=gnu99 $(WARNINGS) -DLIBEXECDIR=\"$(libexecdir)\" $(CPPFLAGS)
+CFLAGS := $(RPM_OPT_FLAGS) $(CFLAGS)
 LDLIBS =
 
 all: $(TARGETS)
@@ -53,7 +53,7 @@ $(PROJECT): utempter.c
        $(LINK.c) -Wl,-z,now,-stats $(LDLIBS) $< $(OUTPUT_OPTION)
 
 $(SHAREDLIB): iface.os $(MAP)
-       $(LINK.o) -shared \
+       $(LINK.o) $(LDFLAGS) -shared \
                -Wl,-soname,$(SONAME),--version-script=$(MAP),-z,defs,-stats \
                -lc $< $(OUTPUT_OPTION)

Attachment: signature.asc
Description: Digital signature

Reply via email to