Your message dated Thu, 25 Feb 2010 13:14:05 +0100
with message-id <[email protected]>
and subject line ipsec-tools: Enable to build with -D_FORTIFY_SOURCE=2
has caused the Debian Bug report #486919,
regarding ipsec-tools: Enable to build with -D_FORTIFY_SOURCE=2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
486919: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486919
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ipsec-tools
Version: 1:0.7-2.1
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu intrepid ubuntu-patch
In Ubuntu, we've applied the attached patch to achieve the following:
* Enable build with hardened options:
- src/libipsec/policy_token.c: don't check return code of fwrite.
- src/setkey/setkey.c: stop scanning stdin if fgets fails.
Starting from intrepid, hardening options have been enabled by default
in the toolchain [1]. That lead to a build failure for ipsec-tool due to
-D_FORTIFY_SOURCE=2. Attached is a patch that fixes this.
[1]: https://wiki.ubuntu.com/CompilerFlags
-- System Information:
Debian Release: lenny/sid
APT prefers hardy-updates
APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-19-server (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
only in patch2:
unchanged:
--- ipsec-tools-0.7.orig/src/setkey/setkey.c
+++ ipsec-tools-0.7/src/setkey/setkey.c
@@ -314,7 +314,8 @@
#else
char rbuf[1024];
rbuf[0] = '\0';
- fgets (rbuf, sizeof(rbuf), stdin);
+ if (!fgets (rbuf, sizeof(rbuf), stdin))
+ break;
if (!rbuf[0])
break;
if (rbuf[strlen(rbuf)-1] == '\n')
only in patch2:
unchanged:
--- ipsec-tools-0.7.orig/src/libipsec/policy_token.c
+++ ipsec-tools-0.7/src/libipsec/policy_token.c
@@ -625,7 +625,7 @@
/* This used to be an fputs(), but since the string might contain NUL's,
* we now use fwrite().
*/
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
+#define ECHO if (fwrite( yytext, yyleng, 1, yyout )) {}
#endif
/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
--- End Message ---
--- Begin Message ---
thanks for your patch. As this got already changed in upstream
source - it is no longer required.
stefan
--
Stefan Bauer -----------------------------------------
PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34
-------- plzk.de - Linux - because it works ----------
--- End Message ---