Kees Cook writes:
> First of all, in debian/rules:
> # Enable compiler hardening flags.
> export DEB_BUILD_MAINT_OPTIONS = all
> Was this intended to be:
> export DEB_BUILD_MAINT_OPTIONS = hardening=all
> This may cause trouble with the .so's -fPIC bits, so you can probably
> leave the
Hi,
On Fri, Jan 27, 2012 at 07:20:46PM +0100, Moritz Mühlenhoff wrote:
> On Fri, Jan 27, 2012 at 10:00:53AM -0800, Russ Allbery wrote:
> > Russ Allbery writes:
> > > "Cantor, Scott" writes:
> >
> > >> Not that it's necessarily likely here, but with the --silent flag on to
> > >> limit noise, yo
On Fri, Jan 27, 2012 at 10:00:53AM -0800, Russ Allbery wrote:
> Russ Allbery writes:
> > "Cantor, Scott" writes:
>
> >> Not that it's necessarily likely here, but with the --silent flag on to
> >> limit noise, you actually can't tell what the actual compiler command
> >> is. There are libtool b
On 1/27/12 12:28 PM, "Russ Allbery" wrote:
>
>Hm. Well, the xmltooling build system is straightforward Autoconf and
>Automake, and I'm really at a loss as to what the build system could
>possibly be doing that would cause this. You can see from the build log
>that the right flag is being passed
Russ Allbery writes:
> "Cantor, Scott" writes:
>> Not that it's necessarily likely here, but with the --silent flag on to
>> limit noise, you actually can't tell what the actual compiler command
>> is. There are libtool bugs, usually on Solaris one finds, that break
>> the use of some flags. I
"Cantor, Scott" writes:
> On 1/27/12 12:28 PM, "Russ Allbery" wrote:
>> Hm. Well, the xmltooling build system is straightforward Autoconf and
>> Automake, and I'm really at a loss as to what the build system could
>> possibly be doing that would cause this. You can see from the build
>> log th
Moritz Muehlenhoff writes:
> It appears to be an issue in the xmltooling build system:
> $ readelf -sW /usr/lib/x86_64-linux-gnu/libxmltooling-lite.so.5.0.2 | grep
> 'mem[cpy|set]'
> 45: 0 FUNCGLOBAL DEFAULT UND memcmp@GLIBC_2.2.5
> (6)
> 50:
On Thu, Jan 26, 2012 at 02:23:14PM -0800, Russ Allbery wrote:
> Moritz Muehlenhoff writes:
>
> > Please enabled hardened build flags through dpkg-buildflags.
>
> > I've attached a partial patch. It enables a protected stack and
> > read-only relocs.
>
> > Fortified source functions are not prop
Moritz Muehlenhoff writes:
> Please enabled hardened build flags through dpkg-buildflags.
> I've attached a partial patch. It enables a protected stack and
> read-only relocs.
> Fortified source functions are not properly enabled. I haven't debugged
> this further, but it seems as if CPPFLAGS (
Source: xmltooling
Severity: important
Tags: patch
Please enabled hardened build flags through dpkg-buildflags.
I've attached a partial patch. It enables a protected stack and
read-only relocs.
Fortified source functions are not properly enabled. I haven't
debugged this further, but it seems as
10 matches
Mail list logo
