[pkg-firebird-general] Bug#654793: firebird2.5: Hardeneng flags not fully enabled
dmn at debian.org
Tue Jan 10 09:06:04 UTC 2012
-=| Moritz Muehlenhoff, 07.01.2012 14:13:56 +0100 |=-
> - relro should on "yes" in all cases. That's the case for the
> binaries I checked, so all seems fine.
> - The test for a protected stack cannot show that it's activated if
> the tested code doesn't use arrays on the stack. Since that's the
> case for a few binaries I tested everything seems fine.
In my tests, I get only one "Stack protected: no, not found!" and that
is for /usr/sbin/fb_inet_server (firebird2.5-classic package).
This is one of the simplest binaries, as it contains only one object
and a few lines of code, passing control to a shared library it is
linked with. This one should be fine indeed.
> - The check for fortified source functions depends on the use of
> such functions. If none of them are present the error "no
> protectable libc functions used" is shown. However, there are also
> results that show "no" (e.g. /usr/bin/fbsvcmgr). As such, there
> might indeed be a problem with the LDFLAGS being overwritten.
Most of the binaries suffer from this, and in the end the reason
appears to be missing usage of CPPFLAGS when compiling C++ sources.
The following patch seems to fix the problem:
@@ -33,7 +33,7 @@
# Please don't use compiler/platform specific flags here - nmcc 02-Nov-2002
WFLAGS:=-I$(SRC_ROOT)/include/gen -I$(SRC_ROOT)/include -I$(SRC_ROOT)/vulcan \
+ $(CPPFLAGS) -DNAMESPACE=Vulcan
WFLAGS:= $(WFLAGS) -I$(ROOT)/extern/icu/source/common -I$(ROOT)/extern/icu/source/i18n
Alex, is this the right place to plug CPPFLAGS?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the pkg-firebird-general