Your message dated Sat, 17 Dec 2016 09:50:28 +0100
with message-id
<cak0odpyccnyvwwpfyz-yw7ef_jbaazct9jxf5cxnwvqsojn...@mail.gmail.com>
and subject line Re: dpkg: Please add hardened1-linux-amd64 port
has caused the Debian Bug report #812782,
regarding dpkg: Please use ASAN, UBSAN and bindnow on hardened1-linux-amd64
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
812782: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812782
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dpkg
Version: 1.18.4
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: hardened1-linux-amd64
Dear Guillem,
This is the second patch enabling extra flags in dpkg in case the
hardened1-linux-amd64 port is accepted in #812782.
Cheers,
Balint
>From 2f43474201ea50f9b48d2ba80fcdc2ae38cefc84 Mon Sep 17 00:00:00 2001
From: Balint Reczey <[email protected]>
Date: Tue, 26 Jan 2016 13:41:54 +0100
Subject: [PATCH 2/2] Dpkg::Vendor::Debian: Use ASAN, UBSAN and bindnow on
hardened1-* architectures
---
scripts/Dpkg/Vendor/Debian.pm | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm
index db40b2c..2f39d82 100644
--- a/scripts/Dpkg/Vendor/Debian.pm
+++ b/scripts/Dpkg/Vendor/Debian.pm
@@ -177,6 +177,14 @@ sub _add_reproducible_flags {
sub _add_sanitize_flags {
my ($self, $flags) = @_;
+ my $arch = get_host_arch();
+ my ($abi, $os, $cpu) = debarch_to_debtriplet($arch);
+
+ unless (defined $abi and defined $os and defined $cpu) {
+ warning(g_("unknown host architecture '%s'"), $arch);
+ ($abi, $os, $cpu) = ('', '', '');
+ }
+
# Default feature states.
my %use_feature = (
address => 0,
@@ -185,6 +193,13 @@ sub _add_sanitize_flags {
undefined => 0,
);
+ if ($abi =~ /^(?:gnuhardened1)$/) {
+ # Enable address and undefined behavior sanitizers for the
+ # hardened ports
+ $use_feature{address} = 1;
+ $use_feature{undefined} = 1;
+ }
+
# Adjust features based on user or maintainer's desires.
$self->_parse_feature_area('sanitize', \%use_feature);
@@ -251,6 +266,11 @@ sub _add_hardening_flags {
bindnow => 0,
);
+ if ($abi =~ /^(?:gnuhardened1)$/) {
+ # Enable bindnow on hardened ports
+ $use_feature{bindnow} = 1;
+ }
+
# Adjust features based on user or maintainer's desires.
$self->_parse_feature_area('hardening', \%use_feature);
--
2.1.4
--- End Message ---
--- Begin Message ---
Control: notfound -1 1.18.4
Development on this port is stalled thus I close this bug for the time
there is no progress to help managing the dpkg bug count.
I'll reopen the bug when the hardened port makes some progress again.
Thanks.
Balint
--- End Message ---
