[pkg-firebird-general] Bug#654793: firebird2.5: Hardeneng flags not fully enabled

Damyan Ivanov dmn at debian.org
Tue Jan 10 09:06:04 UTC 2012 

-=| Moritz Muehlenhoff, 07.01.2012 14:13:56 +0100 |=-
> - relro should on "yes" in all cases. That's the case for the 
> binaries I checked, so all seems fine.

Right.

> - The test for a protected stack cannot show that it's activated if 
> the tested code doesn't use arrays on the stack. Since that's the 
> case for a few binaries I tested everything seems fine.

In my tests, I get only one "Stack protected: no, not found!" and that 
is for /usr/sbin/fb_inet_server (firebird2.5-classic package).

This is one of the simplest binaries, as it contains only one object 
and a few lines of code, passing control to a shared library it is 
linked with. This one should be fine indeed.

> - The check for fortified source functions depends on the use of 
> such functions. If none of them are present the error "no 
> protectable libc functions used" is shown. However, there are also 
> results that show "no" (e.g. /usr/bin/fbsvcmgr). As such, there 
> might indeed be a problem with the LDFLAGS being overwritten.

Most of the binaries suffer from this, and in the end the reason 
appears to be missing usage of CPPFLAGS when compiling C++ sources.

The following patch seems to fix the problem:
=======================================================
--- a/builds/posix/make.rules
+++ b/builds/posix/make.rules
@@ -33,7 +33,7 @@
 
 # Please don't use compiler/platform specific flags here - nmcc 02-Nov-2002
 WFLAGS:=-I$(SRC_ROOT)/include/gen -I$(SRC_ROOT)/include -I$(SRC_ROOT)/vulcan \
-       -DNAMESPACE=Vulcan
+       $(CPPFLAGS) -DNAMESPACE=Vulcan
 
 ifeq ($(STD_ICU),false)
   WFLAGS:= $(WFLAGS) -I$(ROOT)/extern/icu/source/common -I$(ROOT)/extern/icu/source/i18n
=======================================================

Alex, is this the right place to plug CPPFLAGS?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-firebird-general/attachments/20120110/9c50b3d3/attachment.pgp>

More information about the pkg-firebird-general mailing list