@mitya57, you're looking for -fPIE, but keep in mind that can only be
used for executables (or objects statically linked into executables),
not for libraries.
Anyhow, based on the above ACKs, and my own quick review, I'm going to
promote these three and close the bug.
--
You received this bug
Override component to main
qtserialport-opensource-src 5.2.1-1 in trusty: universe/misc - main
qtx11extras-opensource-src 5.2.1-1 in trusty: universe/misc - main
Override [y|N]? y
2 publications overridden.
Override component to main
pyqt5 5.2.1+dfsg-1ubuntu1 in trusty: universe/misc - main
I'd appreciate another look at the package hardening; the pyqt5 build
logs show that fortify is requested for 584 compilations (give or take
grep mistakes), the stack protector for 584 compilations, PIE and pie
for 72 to 74 compilations, and there's 790-ish compilations total. But
hardening-check
Am 04.04.2014 09:07, schrieb Seth Arnold:
I'd appreciate another look at the package hardening; the pyqt5 build
logs show that fortify is requested for 584 compilations (give or take
grep mistakes), the stack protector for 584 compilations, PIE and pie
for 72 to 74 compilations, and there's
On Fri, Apr 4, 2014 at 11:07 AM, Seth Arnold wrote:
- 2 executables are not compiled PIE
According to lintian, this is because of fopen(). I can patch it to
use fopen64() if needed.
I would like to know why the 25 object files don't have Fortify source
turned on, and why 53 of 56 object files
I reviewed pyqt5 version 5.2.1+dfsg-1ubuntu1 as checked into trusty. This
is not a full security audit, but only a quick gauge of maintainability.
- pyqt5 provides python bindings for the qt library
- Build-Depends: dpkg-dev, debhelper, fdupes, libdbus-1-dev,
libglib2.0-dev,
doko, mitya57, thanks for double-checking the hardening checks. It
really would be nice to get PIE for the executables, please do make the
change if you can. (I believe we're strongly interested in turning on
PIE for all executables for Trustry+1, perhaps just for !x86, so getting
this fixed will
I reviewed qtserialport-opensource-src version 5.2.1-1 as checked into
trusty. This should not be considered a full security audit but rather a
quick gauge of maintainability.
- This package provides Qt bindings for using serial ports
- Build-Depends: debhelper, libudev-dev, pkg-kde-tools,
There's so little code to qtx11extras-opensource-src that I didn't fill
out the usual review form; it all looked pretty straightforward.
Security team ACK for qtx11extras-opensource-src.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
Am 04.04.2014 14:16 schrieb Dmitry Shachnev mity...@gmail.com:
According to lintian, this is because of fopen(). I can patch it to
use fopen64() if needed.
I was wrong, fopen() relates to large file support, not PIE.
What do I need to add for PIE support? Is that the same as -fPIC which is
There *is* a pyqt4 webkit module (it's just not split out), and the
pyqt5 webkit module is important for me (retext uses it).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1301108
Title:
[MIR]
Oh, indeed, I had assumed that qt4 webkit wasn't in main but, look at
that, we currently have qt4webkit, qt5webkit, *and* oxide-qt in main and
even in ubuntu-desktop. Well done, us.
So, I can see why there'd be an urge to not make this situation any
worse. Maybe the path of least resistance at
Can we just copy it to backports and then forward copy it when U opens if we
have to back it out? We'll want to be able to build all of the Qt5 based KDE
products on trusty as they are released over the next year, so we'll need this
one way or another and for infrastructure like this, I'd
FYI, we are doing the work to get qt5webkit out of main-- we have
developed oxide and anything in main that needs a web engine should use
it. Upstream has abandoned qt5webkit for qtwebengine and qt5webkit is
falling out of maintenance soon (though to be fair, security updates
came in the form of
On Wednesday, April 02, 2014 14:55:48 Jamie Strandboge ja...@ubuntu.com
wrote:
That said, I doubt all the work to get qt5webkit (or webkit-gtk) out for
14.04-- we'll probably have to add a release note or something this time
that it isn't supported.
On that basis, would you be OK with
Duping the other two MIRs to this one, as they're only needed as deps of
pyqt5.
** Also affects: qtx11extras-opensource-src (Ubuntu)
Importance: Undecided
Status: New
** Also affects: qtserialport-opensource-src (Ubuntu)
Importance: Undecided
Status: New
--
You received
23:40 infinity Anyhow, there's no pyqt4 webkit plugin, so maybe
disabling the pyqt5 one (or making it work with oxide?) would work...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1301108
Title:
17 matches
Mail list logo
