Riku Voipio wrote:
> Package: sendmail
> Version: 8.14.1-10
> Severity: serious
> Tags: patch
>
> Debugging the latest sendmail FTBFS on arm:
>
> http://buildd.debian.org/fetch.cgi?pkg=sendmail;ver=8.14.1-10;arch=arm;stamp=1191538384
>
> Turned out gcc-4.2 on arm does not work with -fstack-protector-all,
> which sendmail build sets on by default. On arm/armel A simple hello
> world will seggault if compiled with -fstack-protector-all, and thus
> configure does not believe the compiler works.
>
> Gcc manual puts -fstack-protector-all and -fstack-protector under the
> following section:
>
> This section includes experimental options that may produce broken code.
>
> Thus, I think it's appropriate to exlude arm cpu from this flag.
No, work is under way to build as many packages (starting with highly security
relevant ones) as possible with security hardening features enabled by default
for Lenny.
Some vulnerabilities will become irrelevant with these features enabled, so
disabling it would be left vulnerable.
Please file a minimal test case for gcc-4.2 (preferably upstream), so that this
can be fixed.
(fstack-protector-all isn't that experimental anyway, it's the default in
SuSE and Fedora/Red Hat these days.)
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
