subject:"Bug#656862\: Please enabled hardened build flags"

Bug#656862: Please enabled hardened build flags

2016-06-11 Thread Ola Lundqvist

reopen 656862 j...@inutil.org
tags 656862 - patch
thanks

Hi Moritz

I know this was a long time ago but your suggested patch actually
caused a serious crash described in #827031.
I have reverted this correction now.

Do you happen to remember if you tested the build after the test build?

Thanks

// Ola

On Fri, Apr 6, 2012 at 9:14 PM, Moritz Mühlenhoff  wrote:
> On Wed, Jan 25, 2012 at 09:02:15PM +0100, Ola Lundqvist wrote:
>> Thanks a lot! That you made a test compile is much appriciated.
>> Not all people who submit patches actually do so. :-)
>
> What's the status? Do you plan an upload in the next weeks or
> shall I upload a NMU? I'd like to get this fixed for Wheezy.
>
> Cheers,
>Moritz
>



-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comFolkebogatan 26\
|  o...@debian.org   654 68 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---

Bug#656862: Please enabled hardened build flags

2012-07-29 Thread Ola Lundqvist

Hi Moritz

I'm sorry for not replying on this one. I had missed this mail.

If you want to do an NMU you are welcome to do so.

// Ola

On Fri, Apr 06, 2012 at 09:14:13PM +0200, Moritz Mühlenhoff wrote:
 On Wed, Jan 25, 2012 at 09:02:15PM +0100, Ola Lundqvist wrote:
  Thanks a lot! That you made a test compile is much appriciated.
  Not all people who submit patches actually do so. :-)
 
 What's the status? Do you plan an upload in the next weeks or
 shall I upload a NMU? I'd like to get this fixed for Wheezy.
 
 Cheers,
Moritz
 
 
 

-- 
 - Ola Lundqvist ---
/  o...@debian.org Annebergsslingan 37  \
|  o...@inguza.com  654 65 KARLSTAD  |
|  http://inguza.com/  +46 (0)70-332 1551   |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#656862: Please enabled hardened build flags

2012-04-06 Thread Moritz Mühlenhoff

On Wed, Jan 25, 2012 at 09:02:15PM +0100, Ola Lundqvist wrote:
 Thanks a lot! That you made a test compile is much appriciated.
 Not all people who submit patches actually do so. :-)

What's the status? Do you plan an upload in the next weeks or
shall I upload a NMU? I'd like to get this fixed for Wheezy.

Cheers,
   Moritz



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#656862: Please enabled hardened build flags

2012-01-25 Thread Ola Lundqvist

Thanks a lot! That you made a test compile is much appriciated.
Not all people who submit patches actually do so. :-)

// Ola

On Tue, Jan 24, 2012 at 08:05:46PM +0100, Moritz Muehlenhoff wrote:
 On Tue, Jan 24, 2012 at 07:14:45AM +0100, Ola Lundqvist wrote:
  Thanks a lot for the information. Just a question about the patch.
  Do you know that the package builds after this?
 
 Yes. I made a test-compile of course. You can check, whether
 the hardening options have been properly applied using the
 hardening-check tool from the hardening-includes binary
 package.
 
 Cheers,
 Moritz
 

-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comAnnebergsslingan 37\
|  o...@debian.org   654 65 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#656862: Please enabled hardened build flags

2012-01-24 Thread Moritz Muehlenhoff

On Tue, Jan 24, 2012 at 07:14:45AM +0100, Ola Lundqvist wrote:
 Thanks a lot for the information. Just a question about the patch.
 Do you know that the package builds after this?

Yes. I made a test-compile of course. You can check, whether
the hardening options have been properly applied using the
hardening-check tool from the hardening-includes binary
package.

Cheers,
Moritz



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#656862: Please enabled hardened build flags

2012-01-23 Thread Moritz Muehlenhoff

On Mon, Jan 23, 2012 at 08:28:10AM +0100, Ola Lundqvist wrote:
 Hi Moritz
 
 Thanks for the report and patch. Just to check, what is the purpose of
 this? I have not followed recent discussions so I may need a pointer. :-)

dpkg-buildflags is a new approach to configure a uniform set of default
compiler/preprocessor/linker flags:
http://lists.debian.org/debian-devel-announce/2011/09/msg1.html

The default flags also enable security hardening features in the
toolchain. This is important as it spots security issues and mitigates
/nullifies the impact of security vulnerabilities. More information
can be found in the wiki:
http://wiki.debian.org/Hardening

If you have additional questions, please get back to me.

Cheers,
Moritz



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#656862: Please enabled hardened build flags

2012-01-23 Thread Ola Lundqvist

Thanks a lot for the information. Just a question about the patch.
Do you know that the package builds after this?

// Ola

On Mon, Jan 23, 2012 at 06:18:51PM +0100, Moritz Muehlenhoff wrote:
 On Mon, Jan 23, 2012 at 08:28:10AM +0100, Ola Lundqvist wrote:
  Hi Moritz
  
  Thanks for the report and patch. Just to check, what is the purpose of
  this? I have not followed recent discussions so I may need a pointer. :-)
 
 dpkg-buildflags is a new approach to configure a uniform set of default
 compiler/preprocessor/linker flags:
 http://lists.debian.org/debian-devel-announce/2011/09/msg1.html
 
 The default flags also enable security hardening features in the
 toolchain. This is important as it spots security issues and mitigates
 /nullifies the impact of security vulnerabilities. More information
 can be found in the wiki:
 http://wiki.debian.org/Hardening
 
 If you have additional questions, please get back to me.
 
 Cheers,
 Moritz
 
 
 

-- 
 - Ola Lundqvist ---
/  o...@debian.org Annebergsslingan 37  \
|  o...@inguza.com  654 65 KARLSTAD  |
|  http://inguza.com/  +46 (0)70-332 1551   |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#656862: Please enabled hardened build flags

2012-01-22 Thread Moritz Muehlenhoff

Source: vnc4
Severity: important
Tags: patch

Please enabled hardened build flags through dpkg-buildflags.

Patch attached. (dpkg-buildflags abides noopt from DEB_BUILD_OPTIONS)

Cheers,
Moritz
diff -aur vnc4-4.1.1+X4.3.0.harden/debian/rules vnc4-4.1.1+X4.3.0/debian/rules
--- vnc4-4.1.1+X4.3.0.harden/debian/rules	2012-01-21 18:54:33.0 +0100
+++ vnc4-4.1.1+X4.3.0/debian/rules	2012-01-21 18:56:29.0 +0100
@@ -16,24 +16,19 @@
 # This has to be exported to make some magic below work.
 export DH_OPTIONS
 
-
-
-CFLAGS = -Wall -g
-CXXFLAGS = -Wall -g
-
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-	CFLAGS += -O0
-	CXXFLAGS += -O0
-else
-	CFLAGS += -O2
-endif
+CFLAGS = `dpkg-buildflags --get CFLAGS`
+CFLAGS += -Wall
+CXXFLAGS = `dpkg-buildflags --get CXXFLAGS`
+CXXFLAGS += -Wall
+LDFLAGS = `dpkg-buildflags --get LDFLAGS`
+CPPFLAGS = `dpkg-buildflags --get CPPFLAGS`
 
 configure: configure-unix-stamp configure-common-stamp
 
 configure-common-stamp:
 	dh_testdir
 	# Add here commands to configure the package.
-	(cd common; CFLAGS=$(CFLAGS) CXXFLAGS=$(CXXFLAGS) ./configure \
+	(cd common; CFLAGS=$(CFLAGS) CXXFLAGS=$(CXXFLAGS) CPPFLAGS=$(CPPFLAGS) LDFLAGS=$(LDFLAGS) ./configure \
 		--host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \
 		--prefix=/usr --mandir=\$${prefix}/share/man \
 		--infodir=\$${prefix}/share/info \
@@ -43,7 +38,7 @@
 configure-unix-stamp:
 	dh_testdir
 	# Add here commands to configure the package.
-	(cd unix; CFLAGS=$(CFLAGS) CXXFLAGS=$(CXXFLAGS) ./configure \
+	(cd unix; CFLAGS=$(CFLAGS) CXXFLAGS=$(CXXFLAGS) CPPFLAGS=$(CPPFLAGS) LDFLAGS=$(LDFLAGS) ./configure \
 		--host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \
 		--prefix=/usr --mandir=\$${prefix}/share/man \
 		--infodir=\$${prefix}/share/info \
Nur in vnc4-4.1.1+X4.3.0/debian: rules~.

Bug#656862: Please enabled hardened build flags

2012-01-22 Thread Ola Lundqvist

Hi Moritz

Thanks for the report and patch. Just to check, what is the purpose of
this? I have not followed recent discussions so I may need a pointer. :-)

// Ola

On Sun, Jan 22, 2012 at 03:13:26PM +0100, Moritz Muehlenhoff wrote:
 Source: vnc4
 Severity: important
 Tags: patch
 
 Please enabled hardened build flags through dpkg-buildflags.
 
 Patch attached. (dpkg-buildflags abides noopt from DEB_BUILD_OPTIONS)
 
 Cheers,
 Moritz

 diff -aur vnc4-4.1.1+X4.3.0.harden/debian/rules vnc4-4.1.1+X4.3.0/debian/rules
 --- vnc4-4.1.1+X4.3.0.harden/debian/rules 2012-01-21 18:54:33.0 
 +0100
 +++ vnc4-4.1.1+X4.3.0/debian/rules2012-01-21 18:56:29.0 +0100
 @@ -16,24 +16,19 @@
  # This has to be exported to make some magic below work.
  export DH_OPTIONS
  
 -
 -
 -CFLAGS = -Wall -g
 -CXXFLAGS = -Wall -g
 -
 -ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
 - CFLAGS += -O0
 - CXXFLAGS += -O0
 -else
 - CFLAGS += -O2
 -endif
 +CFLAGS = `dpkg-buildflags --get CFLAGS`
 +CFLAGS += -Wall
 +CXXFLAGS = `dpkg-buildflags --get CXXFLAGS`
 +CXXFLAGS += -Wall
 +LDFLAGS = `dpkg-buildflags --get LDFLAGS`
 +CPPFLAGS = `dpkg-buildflags --get CPPFLAGS`
  
  configure: configure-unix-stamp configure-common-stamp
  
  configure-common-stamp:
   dh_testdir
   # Add here commands to configure the package.
 - (cd common; CFLAGS=$(CFLAGS) CXXFLAGS=$(CXXFLAGS) ./configure \
 + (cd common; CFLAGS=$(CFLAGS) CXXFLAGS=$(CXXFLAGS) 
 CPPFLAGS=$(CPPFLAGS) LDFLAGS=$(LDFLAGS) ./configure \
   --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \
   --prefix=/usr --mandir=\$${prefix}/share/man \
   --infodir=\$${prefix}/share/info \
 @@ -43,7 +38,7 @@
  configure-unix-stamp:
   dh_testdir
   # Add here commands to configure the package.
 - (cd unix; CFLAGS=$(CFLAGS) CXXFLAGS=$(CXXFLAGS) ./configure \
 + (cd unix; CFLAGS=$(CFLAGS) CXXFLAGS=$(CXXFLAGS) 
 CPPFLAGS=$(CPPFLAGS) LDFLAGS=$(LDFLAGS) ./configure \
   --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \
   --prefix=/usr --mandir=\$${prefix}/share/man \
   --infodir=\$${prefix}/share/info \
 Nur in vnc4-4.1.1+X4.3.0/debian: rules~.
 
 


-- 
 - Ola Lundqvist ---
/  o...@debian.org Annebergsslingan 37  \
|  o...@inguza.com  654 65 KARLSTAD  |
|  http://inguza.com/  +46 (0)70-332 1551   |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#656862: Please enabled hardened build flags

Bug#656862: Please enabled hardened build flags

Bug#656862: Please enabled hardened build flags

Bug#656862: Please enabled hardened build flags

Bug#656862: Please enabled hardened build flags

Bug#656862: Please enabled hardened build flags

Bug#656862: Please enabled hardened build flags

Bug#656862: Please enabled hardened build flags

Bug#656862: Please enabled hardened build flags

9 matches

Site Navigation

Mail list logo

Footer information