[Evolution] Bug#662981: evolution: Please enable hardened build flags properly
Florent Daigniere
nextgens at freenetproject.org
Wed Mar 7 18:49:42 UTC 2012
Package: evolution
Version: 3.2.2-1
Severity: important
Tags: patch
Dear Maintainer,
It seems like the current debian/rules file attempts to enable some hardening
flags... but it's not working at all.
root at neutron:/tmp/ev2# dpkg -l evolution
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii evolution 3.2.2-1 groupware suite with mail client and organiz
$hardening-check /usr/bin/evolution
/usr/bin/evolution:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: unknown, no protectable libc functions used
Read-only relocations: no, not found!
Immediate binding: no not found!
I have attached a patch (working for me) which would fix the above and #484369
For some reason stack canaries are still not enabled though.
$hardening-check /usr/bin/evolution
/usr/bin/evolution:
Position Independent Executable: yes
Stack protected: no, not found!
Fortify Source functions: unknown, no protectable libc functions used
Read-only relocations: yes
Immediate binding: yes
More information can be found at:
http://wiki.debian.org/Hardening
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages evolution depends on:
ii dbus 1.4.18-1
ii debconf [debconf-2.0] 1.5.41
ii evolution-common 3.2.2-1
ii evolution-data-server 3.2.2-1
ii gconf-service 3.2.3-3
ii gconf2 3.2.3-3
ii gnome-icon-theme 3.2.1.2-1
ii libatk1.0-0 2.2.0-2
ii libc6 2.13-27
ii libcairo-gobject2 1.10.2-7
ii libcairo2 1.10.2-7
ii libcamel-1.2-29 3.2.2-1
ii libcanberra-gtk3-0 0.28-3
ii libcanberra0 0.28-3
ii libclutter-1.0-0 1.8.4-1
ii libclutter-gtk-1.0-0 1.0.4-1
ii libcogl-pango0 1.8.2-1
ii libcogl5 1.8.2-1
ii libdrm2 2.4.30-1
ii libebackend-1.2-1 3.2.2-1
ii libebook-1.2-12 3.2.2-1
ii libecal-1.2-10 3.2.2-1
ii libedataserver-1.2-15 3.2.2-1
ii libedataserverui-3.0-1 3.2.2-1
ii libenchant1c2a 1.6.0-7
ii libevolution 3.2.2-1
ii libfontconfig1 2.8.0-3.1
ii libfreetype6 2.4.8-1
ii libgail-3-0 3.2.3-1
ii libgconf-2-4 3.2.3-3
ii libgdata13 0.10.1-2
ii libgdk-pixbuf2.0-0 2.24.1-1
ii libgl1-mesa-glx [libgl1] 7.11.2-1
ii libglib2.0-0 2.30.2-6
ii libgnome-desktop-3-2 3.2.1-3
ii libgtk-3-0 3.2.3-1
ii libgtkhtml-4.0-0 4.2.2-1
ii libgtkhtml-editor-4.0-0 4.2.2-1
ii libgweather-3-0 3.2.1-1
ii libical0 0.44-3
ii libjson-glib-1.0-0 0.14.2-1
ii libmx-1.0-2 1.4.2-1
ii libnotify4 0.7.4-1
ii libnspr4-0d 4.9-1
ii libnss3-1d 3.13.3-1
ii libpango1.0-0 1.29.4-2
ii libsoup-gnome2.4-1 2.36.1-1
ii libsoup2.4-1 2.36.1-1
ii libsqlite3-0 3.7.10-1
ii libx11-6 2:1.4.4-4
ii libxcomposite1 1:0.4.3-2
ii libxdamage1 1:1.1.3-2
ii libxext6 2:1.3.0-3
ii libxfixes3 1:5.0-4
ii libxi6 2:1.4.5-1
ii libxml2 2.7.8.dfsg-7
ii psmisc 22.16-1
Versions of packages evolution recommends:
ii bogofilter 1.2.2+dfsg1-1
ii evolution-plugins 3.2.2-1
ii evolution-webcal 2.32.0-2
ii yelp 3.2.1+dfsg-1+b1
Versions of packages evolution suggests:
ii evolution-dbg <none>
ii evolution-exchange 3.2.1-2
ii evolution-plugins-experimental <none>
ii gnupg 1.4.12-3
ii network-manager 0.9.2.0-2
-- debconf information excluded
-------------- next part --------------
A non-text attachment was scrubbed...
Name: evolution-hardening.patch
Type: text/x-diff
Size: 860 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-evolution-maintainers/attachments/20120307/e20e14b7/attachment.patch>
More information about the Pkg-evolution-maintainers
mailing list