On Sun, Sep 13, 2015 at 05:27:11PM -0430, Dhionel Díaz wrote: > Package: xorp > Version: 1.8.5-4.1 > Severity: normal > Tags: patch > Usertags: goal-hardening > > > Dear Maintainer, > > The attached patch enables hardened build flags, adds a missing > dh_shlibdeps argument and corrects a typo in a error message. Some > limited testing has been performed in a production router. > > I hope it can be useful.
Thank you for your work. In the next weeks I will review your work and prepare a new package. > > Regards, > Kind regards Jose M Calhariz > > -- System Information: > Debian Release: 8.2 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) > Locale: LANG=es_VE.UTF-8, LC_CTYPE=es_VE.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages xorp depends on: > ii adduser 3.113+nmu3 > ii init-system-helpers 1.22 > ii libc6 2.19-18+deb8u1 > ii libgcc1 1:4.9.2-10 > ii libncurses5 5.9+20140913-1+b1 > ii libpcap0.8 1.6.2-2 > ii libssl1.0.0 1.0.1k-3+deb8u1 > ii libstdc++6 4.9.2-10 > ii libsystemd0 215-17+deb8u2 > ii libtinfo5 5.9+20140913-1+b1 > > Versions of packages xorp recommends: > ii iputils-ping 3:20121221-5+b2 > ii iputils-tracepath 3:20121221-5+b2 > ii traceroute 1:2.0.20-2+b1 > > xorp suggests no packages. > > -- Configuration Files: > /etc/default/xorp changed [not included] > /etc/xorp/config.boot changed [not included] > > -- no debconf information > > > diff -u xorp-1.8.5/debian/patches/series xorp-1.8.5/debian/patches/series > --- xorp-1.8.5/debian/patches/series > +++ xorp-1.8.5/debian/patches/series > @@ -13,0 +14,2 @@ > +rtrmgr_fix_typo.path > +hardening.patch > diff -u xorp-1.8.5/debian/rules xorp-1.8.5/debian/rules > --- xorp-1.8.5/debian/rules > +++ xorp-1.8.5/debian/rules > @@ -57,11 +57,12 @@ > sysconfdir=/etc \ > with-olsr=true \ > disable_fw=true \ > - CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS='-Wl,-z,defs' > + CPPFLAGS="$(CPPFLAGS)" CFLAGS="$(CFLAGS)" > CXXFLAGS="$(CXXFLAGS)" LINKFLAGS="$(LDFLAGS)" > > #SCONSFLAGS += CC=gcc-4.6 CXX=g++-4.6 > > -CFLAGS = -Wall -g > +#LDFLAGS = -Wl,-z,defs > +CFLAGS = -Wall -g > GXXVERSION = $(shell g++ --version | head -1 | cut -f 4 -d ' ' | cut -b 1-3) > #ifeq ($(GXXVERSION),4.6) > # CXXFLAGS += -Wno-error=unused-but-set-variable > @@ -91,6 +92,11 @@ > > include /usr/share/quilt/quilt.make > > +CPPFLAGS += $(shell dpkg-buildflags --get CPPFLAGS) > +CFLAGS += $(shell dpkg-buildflags --get CFLAGS) > +CXXFLAGS += $(shell dpkg-buildflags --get CXXFLAGS) > +LDFLAGS += $(shell dpkg-buildflags --get LDFLAGS) > + > config.status: debian/stamp-patched > dh_testdir > # Add here commands to configure the package. > @@ -173,7 +179,7 @@ > dh_fixperms > dh_makeshlibs > dh_installdeb > - dh_shlibdeps > + dh_shlibdeps -l/usr/lib/xorp/lib > dh_gencontrol > dh_md5sums > dh_builddeb > only in patch2: > unchanged: > --- xorp-1.8.5.orig/debian/patches/hardening.patch > +++ xorp-1.8.5/debian/patches/hardening.patch > @@ -0,0 +1,15 @@ > +Description: Add further support to hardening flags > +Author: Dhionel D??az <[email protected]> > +Last-Update: 2015-09-11 > + > +--- > +--- a/SConstruct > ++++ b/SConstruct > +@@ -568,6 +568,7 @@ > + if not env.GetOption('clean') and \ > + not env.GetOption('help'): > + > ++ env.AppendUnique( CPPFLAGS = Split(ARGUMENTS.get('CPPFLAGS', '')) ) > + env.AppendUnique( CFLAGS = Split(ARGUMENTS.get('CFLAGS', '')) ) > + env.AppendUnique( CXXFLAGS = Split(ARGUMENTS.get('CXXFLAGS', '')) ) > + env.AppendUnique( LINKFLAGS = Split(ARGUMENTS.get('LINKFLAGS', '')) ) > only in patch2: > unchanged: > --- xorp-1.8.5.orig/debian/patches/rtrmgr_fix_typo.path > +++ xorp-1.8.5/debian/patches/rtrmgr_fix_typo.path > @@ -0,0 +1,16 @@ > +Description: Fix typo in a rtrmgr error message > +Author: Dhionel D??az <[email protected]> > +Last-Update: 2015-09-11 > + > +--- > +--- a/rtrmgr/master_conf_tree_node.cc > ++++ b/rtrmgr/master_conf_tree_node.cc > +@@ -431,7 +431,7 @@ > + error_msg = "Something went wrong.\n"; > + error_msg += c_format("The problem was with > \"%s\"\n", > + path().c_str()); > +- error_msg += "WARNING: Partially commited changes > exist\n"; > ++ error_msg += "WARNING: Partially committed changes > exist\n"; > + XLOG_WARNING("%s\n", error_msg.c_str()); > + return false; > + } > > -- -- Ser pobre não é crime mas ajuda muito a chegar lá. --Millôr Fernandes Retirado de http://www.uol.com.br/millor
signature.asc
Description: Digital signature
