Your message dated Thu, 31 May 2012 12:41:33 -0700
with message-id <[email protected]>
and subject line Re: Bug#552688: Please decide how Debian should enable
hardening build flags
has caused the Debian Bug report #552688,
regarding Please decide how Debian should enable hardening build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
552688: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552688
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gcc-4.4
Version: 4.4.2-1
Severity: wishlist
Tags: patch
Hello!
Based on the ubuntu-devel discussions[1], there are no objections yet
from other developers about enabling the hardened compiler defaults in
Debian.
Thanks,
-Kees
[1] http://lists.debian.org/debian-gcc/2009/10/msg00186.html
--
Kees Cook @debian.org
diff -uNrp gcc-4.4-4.4.1/debian~/rules.defs gcc-4.4-4.4.1/debian/rules.defs
--- gcc-4.4-4.4.1/debian~/rules.defs 2009-10-25 10:46:48.000000000 -0700
+++ gcc-4.4-4.4.1/debian/rules.defs 2009-10-25 10:50:13.000000000 -0700
@@ -675,10 +675,8 @@ endif
with_ssp := $(call envfilt, ssp, , , $(with_ssp))
ifeq ($(with_ssp),yes)
- ifneq ($(distribution),Debian)
- ifneq (,$(findstring gcc-4, $(PKGSOURCE)))
- with_ssp_default := yes
- endif
+ ifneq (,$(findstring gcc-4, $(PKGSOURCE)))
+ with_ssp_default := yes
endif
endif
diff -uNrp gcc-4.4-4.4.1/debian~/rules.patch gcc-4.4-4.4.1/debian/rules.patch
--- gcc-4.4-4.4.1/debian~/rules.patch 2009-10-25 10:46:48.000000000 -0700
+++ gcc-4.4-4.4.1/debian/rules.patch 2009-10-25 10:49:47.000000000 -0700
@@ -64,14 +64,12 @@ debian_patches += \
#endif
hardening_patches =
-ifneq ($(distribution),Debian)
- ifneq (,$(findstring gcc-4, $(PKGSOURCE)))
- hardening_patches += gcc-default-format-security \
+ifneq (,$(findstring gcc-4, $(PKGSOURCE)))
+ hardening_patches += gcc-default-format-security \
gcc-default-fortify-source gcc-default-relro \
testsuite-hardening-format \
testsuite-hardening-fortify \
testsuite-hardening-printf-types
- endif
endif
ifeq ($(with_ssp)-$(with_ssp_default),yes-yes)
hardening_patches += gcc-default-ssp
--- End Message ---
--- Begin Message ---
Following discussion of this bug in today's Technical Committee meeting on
IRC, we tentatively decided (assuming no objections from those who
couldn't make it) to decide this is resolved by the dpkg-buildflags work
and to close it without a vote.
If there are any objections, particularly from TC members who couldn't
make the meeting, or if anyone involved in this work feels that it would
be useful for the TC to make a formal decision, please let me know and
I'll reopen.
--
Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>
--- End Message ---
