Bug#905455: RFS: dmidecode/3.1-2
Em 05-08-2018 16:14, Andrey Rahmatullin escreveu: On Sun, Aug 05, 2018 at 03:54:23PM -0300, Herbert Fortes wrote: Sorry, but can you please add to debian/rules: export DEB_LDFLAGS_MAINT_APPEND = -fPIE -pie export DEB_CFLAGS_MAINT_APPEND = -fPIE Why? Becauso of 'blhc --all' I'm sorry but that's not a valid reason. Can you tell me why not? Sure. First of all, you should never do some change because some static analyzer told you. You need to understand what did it tell you, why, and why it thinks you should do that change. blhc just analyzes build logs to make sure all expected flags are passed. "--all Force check for all +all (+pie, +bindnow) hardening flags. By default it's auto detected." So if you use --all you either know that the package should pass the flags for both pie and bindnow or must ignore the respective blhc warnings. dpkg-buildflags(1) says that the pie hardening option has no effect on most architectures, as it's enabled in gcc, so no flags are passed. In such situations you need to check the result, in this case check whether the binary has PIE enabled, not just blindly follow an incorrectly used static analyzer (and even then you need to find out the problem and not just pass some compiler/linker flags). Ok. Thanks.
Bug#905455: RFS: dmidecode/3.1-2
On Sun, Aug 05, 2018 at 03:54:23PM -0300, Herbert Fortes wrote: > > > > > Sorry, but can you please add to debian/rules: > > > > > > > > > > export DEB_LDFLAGS_MAINT_APPEND = -fPIE -pie > > > > > export DEB_CFLAGS_MAINT_APPEND = -fPIE > > > > Why? > > > Becauso of 'blhc --all' > > I'm sorry but that's not a valid reason. > Can you tell me why not? Sure. First of all, you should never do some change because some static analyzer told you. You need to understand what did it tell you, why, and why it thinks you should do that change. blhc just analyzes build logs to make sure all expected flags are passed. "--all Force check for all +all (+pie, +bindnow) hardening flags. By default it's auto detected." So if you use --all you either know that the package should pass the flags for both pie and bindnow or must ignore the respective blhc warnings. dpkg-buildflags(1) says that the pie hardening option has no effect on most architectures, as it's enabled in gcc, so no flags are passed. In such situations you need to check the result, in this case check whether the binary has PIE enabled, not just blindly follow an incorrectly used static analyzer (and even then you need to find out the problem and not just pass some compiler/linker flags). > > What I know is just 'blhc' is enough. But why not > use '--all'? > > I do not know much about that and I can learn new > if you say a bit more. > > -- WBR, wRAR signature.asc Description: PGP signature
Bug#905455: RFS: dmidecode/3.1-2
On Sun, Aug 05, 2018 at 03:23:33PM -0300, Herbert Fortes wrote: > > > Sorry, but can you please add to debian/rules: > > > > > > export DEB_LDFLAGS_MAINT_APPEND = -fPIE -pie > > > export DEB_CFLAGS_MAINT_APPEND = -fPIE > > Why? > > > > Becauso of 'blhc --all' Actually, I think using blhc with --all is wrong by itself. -- WBR, wRAR signature.asc Description: PGP signature
Bug#905455: RFS: dmidecode/3.1-2
Em 05-08-2018 15:47, Andrey Rahmatullin escreveu: On Sun, Aug 05, 2018 at 03:23:33PM -0300, Herbert Fortes wrote: Sorry, but can you please add to debian/rules: export DEB_LDFLAGS_MAINT_APPEND = -fPIE -pie export DEB_CFLAGS_MAINT_APPEND = -fPIE Why? Becauso of 'blhc --all' I'm sorry but that's not a valid reason. Can you tell me why not? What I know is just 'blhc' is enough. But why not use '--all'? I do not know much about that and I can learn new if you say a bit more.
Bug#905455: RFS: dmidecode/3.1-2
On Sun, Aug 05, 2018 at 03:23:33PM -0300, Herbert Fortes wrote: > > > Sorry, but can you please add to debian/rules: > > > > > > export DEB_LDFLAGS_MAINT_APPEND = -fPIE -pie > > > export DEB_CFLAGS_MAINT_APPEND = -fPIE > > Why? > > > > Becauso of 'blhc --all' I'm sorry but that's not a valid reason. -- WBR, wRAR signature.asc Description: PGP signature
Bug#905455: RFS: dmidecode/3.1-2
Em 05-08-2018 15:27, Jörg Frings-Fürst escreveu: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello Herbert, thanks for your review. Am Sonntag, den 05.08.2018, 15:02 -0300 schrieb Herbert Fortes: Hi, -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "dmidecode" Package name: dmidecode Version : 3.1-2 Upstream Author : dmidecode-de...@nongnu.org URL : https://nongnu.org/dmidecode/ License : GPL-2+ Section : utils It builds those binary packages: dmidecode - SMBIOS/DMI table decoder dmidecode-udeb - SMBIOS/DMI table decoder (udeb) (udeb) Sorry, but can you please add to debian/rules: export DEB_LDFLAGS_MAINT_APPEND = -fPIE -pie export DEB_CFLAGS_MAINT_APPEND = -fPIE It is just a copy and paste :) Blame on me :-( Added, tested and uploaded again. thanks for your patience Jörg Uploaded. Regards, Herbert
Bug#905455: RFS: dmidecode/3.1-2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello Herbert, thanks for your review. Am Sonntag, den 05.08.2018, 15:02 -0300 schrieb Herbert Fortes: > Hi, > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA512 > > > > Package: sponsorship-requests > > Severity: normal > > > > Dear mentors, > > > >I am looking for a sponsor for my package "dmidecode" > > > > Package name: dmidecode > > Version : 3.1-2 > > Upstream Author : dmidecode-de...@nongnu.org > > URL : https://nongnu.org/dmidecode/ > > License : GPL-2+ > > Section : utils > > > >It builds those binary packages: > > > > dmidecode - SMBIOS/DMI table decoder > > dmidecode-udeb - SMBIOS/DMI table decoder (udeb) (udeb) > > > > Sorry, but can you please add to debian/rules: > > export DEB_LDFLAGS_MAINT_APPEND = -fPIE -pie > export DEB_CFLAGS_MAINT_APPEND = -fPIE > > It is just a copy and paste :) > Blame on me :-( Added, tested and uploaded again. > > > Regards, > Herbert CU Jörg - -- New: GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D GPG key (long) : 09F89F3C8CA1D25D GPG Key: 8CA1D25D CAcert Key S/N : 0E:D4:56 Old pgp Key: BE581B6E (revoked since 2014-12-31). Jörg Frings-Fürst D-54470 Lieser git: https://jff.email/cgit/ Threema: SYR8SJXB Wire: @joergfringsfuerst Skype:joergpenguin Ring: jff Telegram: @joergfringsfuerst My wish list: - Please send me a picture from the nature at your home. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAltnQYgACgkQCfifPIyh 0l12Bw/8D6xKtjAKzcZz7+2WEAv4WoeR3H3Fi3pdkXvazD4gyTV8jRtQwmed7HKR L9+8yhrPKnkg3Rb3ALA+9zZVbjpvnEpvEgULLREX3fpFuHoGHJ+gFakAEb2mptj0 6XI5yksJid7lfJFXGyNScZyW3Ogz/Is5PgBcD2cOq5jALPqas9KEGjFg1/VT3UFY Eu/bLZ/r4lEL4mOu2X9WcuWau+EHYbES7UeTjghv7xI+kXm25rPm5nERihiNm+eW hRJ+1JrbOQWO3FmqE4bHX+jYY/QsZIrYm7A4290r48v6SLxoKa8AfmQSLxHGpWsp VClfvgj0WUzBbpL7hyko2UGRABm9CqlOOJ7SxTFM/f6Cv94T1TuQiWgtx9c2vsw3 uiEPEKFhSexsHDRe8uQ8hKxVxYNFaXH5opGYbnd+OdLXLOdc4kWD4nzefx5hDi3p kJI3Au7G0Bn+Tgi3Kozg9rbQ7CGqK9G2ErNhkqbjWI7yaSbOKZ5yRmoFmLJjjVvX 9bzvhiTzN+RKAxK/8MctwW8gWJKnzY4KW4kwQ4MUtp6U7orXMn9fl0M85HgPNV7R Sppk4bOpHUn/GL4i/KJrP4J0soHfiToaSQS9CENyRZQkdgzCDIWUIWPVuaJ594IC SRuCum+iXx/LI5EN/QqfTZ2pof86pZEHChhndQoZFxe48QxlR1s= =P0z5 -END PGP SIGNATURE-
Bug#905455: RFS: dmidecode/3.1-2
Em 05-08-2018 15:10, Andrey Rahmatullin escreveu: On Sun, Aug 05, 2018 at 03:02:39PM -0300, Herbert Fortes wrote: Sorry, but can you please add to debian/rules: export DEB_LDFLAGS_MAINT_APPEND = -fPIE -pie export DEB_CFLAGS_MAINT_APPEND = -fPIE Why? Becauso of 'blhc --all'
Bug#905455: RFS: dmidecode/3.1-2
On Sun, Aug 05, 2018 at 03:02:39PM -0300, Herbert Fortes wrote: > Sorry, but can you please add to debian/rules: > > export DEB_LDFLAGS_MAINT_APPEND = -fPIE -pie > export DEB_CFLAGS_MAINT_APPEND = -fPIE Why? -- WBR, wRAR signature.asc Description: PGP signature
Bug#905455: RFS: dmidecode/3.1-2
Hi, -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "dmidecode" Package name: dmidecode Version : 3.1-2 Upstream Author : dmidecode-de...@nongnu.org URL : https://nongnu.org/dmidecode/ License : GPL-2+ Section : utils It builds those binary packages: dmidecode - SMBIOS/DMI table decoder dmidecode-udeb - SMBIOS/DMI table decoder (udeb) (udeb) Sorry, but can you please add to debian/rules: export DEB_LDFLAGS_MAINT_APPEND = -fPIE -pie export DEB_CFLAGS_MAINT_APPEND = -fPIE It is just a copy and paste :) Regards, Herbert
Bug#905455: RFS: dmidecode/3.1-2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "dmidecode" Package name: dmidecode Version : 3.1-2 Upstream Author : dmidecode-de...@nongnu.org URL : https://nongnu.org/dmidecode/ License : GPL-2+ Section : utils It builds those binary packages: dmidecode - SMBIOS/DMI table decoder dmidecode-udeb - SMBIOS/DMI table decoder (udeb) (udeb) To access further information about this package, please visit the following URL: https://mentors.debian.net/package/dmidecode Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/d/dmidecode/dmidecode_3.1-2.dsc Changes since the last upload: * debian/control: - Change to my new email address. - Use secure homepage URI. - Switch Vcs-* to new location (Closes: #902259). * debian/copyright: - Change to my new email address. - Use secure copyright format URI. - Add year 2018 to debian/*. * debian/watch: - Use secure URI. * Declare compliance with Debian Policy 4.1.5 (No changes needed). * Migrate to debhelper 11: - Change debian/compat to 11. - Bump minimum debhelper version in debian/control to >= 11. Regards, Jörg Frings-Fürst - -- New: GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D GPG key (long) : 09F89F3C8CA1D25D GPG Key: 8CA1D25D CAcert Key S/N : 0E:D4:56 Old pgp Key: BE581B6E (revoked since 2014-12-31). Jörg Frings-Fürst D-54470 Lieser git: https://jff.email/cgit/ Threema: SYR8SJXB Wire: @joergfringsfuerst Skype:joergpenguin Ring: jff Telegram: @joergfringsfuerst My wish list: - Please send me a picture from the nature at your home. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAltmCDIACgkQCfifPIyh 0l1uPhAAksoWic6EK6xIjD285Nh3vfFLdymBD4HbfjtqI0cmnnQ3mHM3CElO9YJG 503DEkrDyLDMxRyakntpRTjMbqn1QbPvX7Yxj7iUoHr9n/nOT8ErPLVLCdtua7Mo serSm9p2VpYQJ/hWyGy/FxvMPU/8yso8ZYgFhplsD2xUfnj85Hnoqi/hP+nTwwGt wujtC8Rz23x66tY7QtTAdfFuqm5nIvCc9TpIwXy1bVD+D0GKk0N/FSivbqrT0wo4 b5QazTb7AjIjh69QSGe5pvIDf+KJyjGtniUP1VYg3Aj1HiBHDgNMy767IlpFA7Fd FNFnyBBxqVLpa2AMqaVa51pebpN0jZ/AzFgM2n8V0e/H0Pcae2xq6iok9hZ7edA8 cbTSHGE3qlevSsvzN8UNfTtwKeGVJSjN7oI/lmMwR0UjDDk7lb+1OxS6zizmMxTr +DW758xKMIXobab5XvR9dhDc77V6R58Xfqi7K9JtPO76bO1hQXB20g1+tD/qER+1 CoC7Y+Nk8zkTOPRZi7d38SwXTG3zayafKbyMrwlT2ToizXSrp7jtt30MIHDK914c /ljpp4ry3tc3DFcKLchtnqxsY7eOPR2OPoyNd3db9IbskiYpOge+GSmISpmxdrxV 58OonWnLfiA8oDLQTTtdju4M8kwJBO8zV+a4/TzaJCzxjncz4tY= =RGEn -END PGP SIGNATURE-