[libembperl-perl] 01/04: Opt out of bindow (closes: #837562)
Florian Schlichting
fsfs at moszumanska.debian.org
Fri Oct 21 23:46:03 UTC 2016
This is an automated email from the git hooks/post-receive script.
fsfs pushed a commit to branch master
in repository libembperl-perl.
commit 541b0e9c6d9f88c7ca1929866d2e7effd13c388f
Author: Florian Schlichting <fsfs at debian.org>
Date: Sat Oct 22 00:42:49 2016 +0200
Opt out of bindow (closes: #837562)
quoting Niko from the bug:
My understanding is that the Apache module parts (mod_embperl) get
compiled into Embperl.so, but don't get used unless the thing is loaded
by Apache. The 'bindnow' hardening is incompatible with this scheme;
from the ld(1) documentation for '-z now':
When generating an executable or shared library, mark it to tell the
dynamic linker to resolve all symbols when the program is started, or
when the shared library is linked to using dlopen, instead of deferring
function call resolution to the point when the function is first called.
So when perl dlopens Embperl.so without Apache, the ap_* functions
aren't needed but still get loaded (unsuccessfully).
---
debian/rules | 2 ++
1 file changed, 2 insertions(+)
diff --git a/debian/rules b/debian/rules
index 3576476..0e971e7 100755
--- a/debian/rules
+++ b/debian/rules
@@ -8,6 +8,8 @@ POD2TEXT = Changes Config Faq Features FeaturesD \
ARCHLIB := $(shell perl -MConfig -e 'print $$Config{vendorarch}')
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-bindnow
+
%: %.pod
pod2text < $< > $@
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libembperl-perl.git
More information about the Pkg-perl-cvs-commits
mailing list