[frozen-bubble] 06/07: Add patch hardening-server to add hardening flags to build.

gregor herrmann gregoa at debian.org
Mon Jun 23 22:05:03 UTC 2014 

This is an automated email from the git hooks/post-receive script.

gregoa pushed a commit to branch master
in repository frozen-bubble.

commit 1f616f53a66268eb7b20e925fdf305018697efc6
Author: gregor herrmann <gregoa at debian.org>
Date:   Tue Jun 24 00:02:12 2014 +0200

    Add patch hardening-server to add hardening flags to build.
    
    Fix a compiler error about unused return values that is triggered by this
    change.
---
 debian/patches/hardening-server | 35 +++++++++++++++++++++++++++++++++++
 debian/patches/series           |  1 +
 2 files changed, 36 insertions(+)

diff --git a/debian/patches/hardening-server b/debian/patches/hardening-server
new file mode 100644
index 0000000..c033462
--- /dev/null
+++ b/debian/patches/hardening-server
@@ -0,0 +1,35 @@
+Description: pass CPPFLAGS to compile flags for server
+ And then the build fails with an unused-return-value error.
+ So let's handle setgid/setuid results.
+Origin: vendor
+Forwarded: no
+Author: gregor herrmann <gregoa at debian.org>
+Last-Update: 2014-06-24
+
+--- a/inc/My/Builder.pm
++++ b/inc/My/Builder.pm
+@@ -127,6 +127,7 @@
+                     '-I' . $server_directory, # does not seem to be necessary
+                     $cbuilder->split_like_shell(`pkg-config glib-2.0 --cflags`),
+                     $cbuilder->split_like_shell(`pkg-config glib-2.0 --libs`),
++                    $ENV{CPPFLAGS},
+                 ],
+             );
+         }
+--- a/server/tools.c
++++ b/server/tools.c
+@@ -261,8 +261,12 @@
+         if (user_to_switch != NULL) {
+                 struct passwd* user = getpwnam(user_to_switch);
+                 if (user) {
+-                        setgid(user->pw_gid);
+-                        setuid(user->pw_uid);
++                        if (setgid(user->pw_gid) < 0) {
++                                l3(OUTPUT_TYPE_ERROR, "Can set gid to %d for user %s: %s", user->pw_gid, user_to_switch, strerror(errno));
++                        }
++                        if (setuid(user->pw_uid) < 0) {
++                                l3(OUTPUT_TYPE_ERROR, "Can set uid to %d for user %s: %s", user->pw_uid, user_to_switch, strerror(errno));
++                        }
+                 } else {
+                         l2(OUTPUT_TYPE_ERROR, "Cannot switch user to %s: %s", user_to_switch, strerror(errno));
+                 }
diff --git a/debian/patches/series b/debian/patches/series
index e1d4a6c..354a481 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@ de_po
 spelling-error-in-manpage.patch
 shorter-nick
 kick-out-accelerometers
+hardening-server

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/frozen-bubble.git

More information about the Pkg-perl-cvs-commits mailing list