[pkg-firebird-general] Bug#663914: firebird2.5: Hardening flags partially missing

Damyan Ivanov dmn at debian.org
Mon Mar 26 17:44:32 UTC 2012 

severity 663914 minor
retitle 663914 firebird2.5: Hardening flags missing in intermediate binaries
thanks

-=| Simon Ruderich, 13.03.2012 23:48:33 +0100 |=-
> The hardening flags are partially missing because the build
> system ignores them.
> 
> The attached patch fixes the issue.

Thanks, but…

> Index: firebird2.5-2.5.2~svn+53897.ds4/builds/posix/Makefile.in.firebird
> ===================================================================
> --- firebird2.5-2.5.2~svn+53897.ds4.orig/builds/posix/Makefile.in.firebird	2012-03-13 21:56:23.000000000 +0100
> +++ firebird2.5-2.5.2~svn+53897.ds4/builds/posix/Makefile.in.firebird	2012-03-13 22:25:42.069673662 +0100
> @@ -444,7 +444,7 @@
>  MAKE_HEADER_Bin = ./makeHeader
>  
>  $(INCLUDE_DEST)/ibase.h: $(SRC_IBASE_ExtraFiles)
> -	$(STATICEXE_LINK) -o $(MAKE_HEADER_Bin) $(MAKE_HEADER_Src)
> +	$(STATICEXE_LINK) $(CPPFLAGS) $(LINK_OPTS) -o $(MAKE_HEADER_Bin) $(MAKE_HEADER_Src)
>  	$(CP) $^ .
>  	$(MAKE_HEADER_Bin) <ibase.h >$@
>  	$(RM) -f ibase.h
> Index: firebird2.5-2.5.2~svn+53897.ds4/extern/btyacc/Makefile
> ===================================================================
> --- firebird2.5-2.5.2~svn+53897.ds4.orig/extern/btyacc/Makefile	2012-03-13 21:56:23.000000000 +0100
> +++ firebird2.5-2.5.2~svn+53897.ds4/extern/btyacc/Makefile	2012-03-13 21:56:23.000000000 +0100
> @@ -12,7 +12,7 @@
>  # across all of our supported compilers/platforms.
>  
>  # Vanilla CFLAGS
> -CFLAGS=
> +CFLAGS?=
>  
>  # No LDFLAGS
>  #LDFLAGS=

The two binaries that the patch fixes are used only during the build 
process and aren't shipped in the resulting binary packages. The first 
part of the patch is about the program that creates ibase.h header 
file, and the other is the custom-built syntax parser that is later 
used during the build.

Both of these never see user input or any external data. Their only 
input is what the build system gives them.

Is there any proof that the missing hardening flags are a real 
problem?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-firebird-general/attachments/20120326/5cf1688f/attachment.pgp>

More information about the pkg-firebird-general mailing list