[Bug 1039542] Re: Please re-enable PIE and BIND_NOW
This bug was fixed in the package asterisk - 1:1.8.13.1~dfsg-1ubuntu2 --- asterisk (1:1.8.13.1~dfsg-1ubuntu2) quantal; urgency=low * Build-depend on hardening-wrapper again, reenables pie and bindnow (LP: #1039542) -- Julian Taylor jtay...@ubuntu.com Tue, 09 Oct 2012 21:44:39 +0200 ** Changed in: asterisk (Ubuntu Quantal) Status: Triaged = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/1039542 Title: Please re-enable PIE and BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1039542/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1039542] Re: Please re-enable PIE and BIND_NOW
turns out using buildflags is not so good as it lacks the extra logic to handle pie and pic clashes which hardening wrapper has. sorry for the wrong request. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/1039542 Title: Please re-enable PIE and BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1039542/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1039542] Re: Please re-enable PIE and BIND_NOW
** Branch linked: lp:ubuntu/asterisk -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/1039542 Title: Please re-enable PIE and BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1039542/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1039542] Re: Please re-enable PIE and BIND_NOW
Fyi, on 11.10 we have: $ hardening-check /usr/sbin/asterisk /usr/sbin/asterisk: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes Read-only relocations: yes Immediate binding: yes ** Description changed: On 12.10 asterisk is not compiled with PIE or BIND_NOW. I didn't investigate, but this looks like in 12.04 this was dropped in favor of Debian's packaging: * Changes dropped from Ubuntu delta as no longer applicable: ... - debian/control: Build-depend on hardening-wrapper, now handled by dpkg-buildflags - debian/rules: Make use of hardening-wrapper - Please reenable PIE and BIND_NOW. This needs to be done for 12.04. + Please reenable PIE and BIND_NOW. This needs to be done for 12.04 too. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/1039542 Title: Please re-enable PIE and BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1039542/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1039542] Re: Please re-enable PIE and BIND_NOW
** Tags added: precise quantal -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/1039542 Title: Please re-enable PIE and BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1039542/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1039542] Re: Please re-enable PIE and BIND_NOW
** Changed in: asterisk (Ubuntu Precise) Assignee: (unassigned) = Paul Belanger (pabelanger) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/1039542 Title: Please re-enable PIE and BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1039542/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1039542] Re: Please re-enable PIE and BIND_NOW
** Patch added: asterisk_1.8.10.1~dfsg-1ubuntu1.1.debdiff https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1039542/+attachment/3304252/+files/asterisk_1.8.10.1%7Edfsg-1ubuntu1.1.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/1039542 Title: Please re-enable PIE and BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1039542/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1039542] Re: Please re-enable PIE and BIND_NOW
instead of using the old hardening wrapper we should use the new dpkg-buildflags interface: export DEB_BUILD_MAINT_OPTIONS=hardening=+pie,+bindnow -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/1039542 Title: Please re-enable PIE and BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1039542/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1039542] Re: Please re-enable PIE and BIND_NOW
I don't see pie or bindnow in the old buildlogs, the current version doesn't even build with pie (some library/executable code mixup) so its not a regression. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/1039542 Title: Please re-enable PIE and BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1039542/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1039542] Re: Please re-enable PIE and BIND_NOW
scratch that, the old hardening wrapper does not show the stuff in the buildlog. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/1039542 Title: Please re-enable PIE and BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1039542/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1039542] Re: Please re-enable PIE and BIND_NOW
** Also affects: asterisk (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: asterisk (Ubuntu Quantal) Importance: High Status: Triaged ** Changed in: asterisk (Ubuntu Precise) Status: New = Triaged ** Description changed: On 12.10 asterisk is not compiled with PIE or BIND_NOW. I didn't investigate, but this looks like in 12.04 this was dropped in favor of Debian's packaging: - * Changes dropped from Ubuntu delta as no longer applicable: - ... - - debian/control: Build-depend on hardening-wrapper, now handled - by dpkg-buildflags - - debian/rules: Make use of hardening-wrapper + * Changes dropped from Ubuntu delta as no longer applicable: + ... + - debian/control: Build-depend on hardening-wrapper, now handled + by dpkg-buildflags + - debian/rules: Make use of hardening-wrapper - Please reenable PIE and BIND_NOW. This may need to also be done for - 12.04. + Please reenable PIE and BIND_NOW. This needs to be done for 12.04. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/1039542 Title: Please re-enable PIE and BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1039542/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs