Bug#1054583: dpkg-dev: really enable -fstack-clash-protection on armhf/armel

Thu, 26 Oct 2023 03:57:30 -0700 

Hi!

On Thu, 2023-10-26 at 11:40:53 +0200, Emanuele Rocca wrote:
> Package: dpkg-dev
> Version: 1.22.0
> Severity: normal

> -fstack-clash-protection is supposed to be enabled by default on amd64,
> arm64, armhf, and armel since dpkg 1.22.0:
> https://git.dpkg.org/cgit/dpkg/dpkg.git/diff/?id=11efff1bf
> 
> However, due to an issue in the following conditional in
> scripts/Dpkg/Vendor/Debian.pm, the flag is only on for amd64 and arm64:
> 
>   if (none { $cpu eq $_ } qw(amd64 arm64 armhf armel)) {
> 
> The value of $cpu is "arm" for both armhf and armel. Please change the
> line above to:
> 
>   if (none { $cpu eq $_ } qw(amd64 arm64 arm)) {

Ah, nice catch, and sorry! I think this happened due to copy pasting
and modifying one of the surrounding lines. The intention was to use
$arch here, to avoid enabling this on all arm-based arches which might
not support this. I've queued the attached patch for my next push.

I'll try to get a release out during the weekend.

Thanks,
Guillem

From 59234629857aa5910e27d0fadb3dfe29fbb3996d Mon Sep 17 00:00:00 2001
From: Guillem Jover <guil...@debian.org>
Date: Thu, 26 Oct 2023 12:48:21 +0200
Subject: [PATCH] Dpkg::Vendor::Debian: Fix stackclash condition to enable the
 feature

We were using the cpu to check where to enable this feature, but this
should have been the arch, as that's what the names we match against
are. We used these specific names to avoid enabling this feature on
all arm based architectures where this feature might not be supported,
and instead only enable it on new ones.

Closes: #1054583
---
 scripts/Dpkg/Vendor/Debian.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm
index 000f7e7f5..49935c9d7 100644
--- a/scripts/Dpkg/Vendor/Debian.pm
+++ b/scripts/Dpkg/Vendor/Debian.pm
@@ -337,7 +337,7 @@ sub set_build_features {
 	#   compiler supports it incorrectly (leads to SEGV)
 	$use_feature{hardening}{stackprotector} = 0;
     }
-    if (none { $cpu eq $_ } qw(amd64 arm64 armhf armel)) {
+    if (none { $arch eq $_ } qw(amd64 arm64 armhf armel)) {
         # Stack clash protector only available on amd64 and arm.
         $use_feature{hardening}{stackclash} = 0;
     }
-- 
2.42.0

Reply via email to