subject:"Bug#667939\: last\-align\: Hardening flags missing"

Bug#667939: last-align: Hardening flags missing

2012-05-07 Thread Martin Frith

Hi Charles and all,

thanks again: Debian is teaching me how to do these things better.

I used part of your patch in LASTv199.  (I didn't include the += changes,
because I think the purpose of those flag variables is to let you override
them if you want to.  You might consider including -O3 in your override.)

By the way, in your rules file, I think clean is no longer needed (now
in the upstream makefile), nor is --directory src (there is now a
top-level makefile).

Please let me know if I misunderstood something.

Have a nice day,
Martin
http://www.cbrc.jp/~martin/

On Mon, Apr 30, 2012 at 11:16 AM, Charles Plessy ple...@debian.org wrote:

 Hi Martin,

 please consider the patch below for the makefile of LAST.  It
 allows to set the compiler, preprocessor and linker separately,
 which is the way Debian follows when passing 'hardening' flags
 (see below).

 Cheers,

 -- Charles

 Le Sat, Apr 07, 2012 at 06:47:11PM +0200, Simon Ruderich a écrit :
  Package: last-align
  Version: 198-1
  Severity: important
  Tags: patch
 
  Dear Maintainer,
 
  The hardening flags are missing because the build system ignores
  them.
 
  The attached patch fixes the issue, if possible it should be sent
  to upstream.
 
  To check if all flags were correctly enabled you can use
  `hardening-check` from the hardening-includes package and check
  the build log (hardening-check doesn't catch everything):
 
  $ hardening-check /usr/bin/lastdb /usr/bin/lastal
  /usr/bin/lastdb:
   Position Independent Executable: no, normal executable!
   Stack protected: yes
   Fortify Source functions: no, only unprotected functions found!
   Read-only relocations: yes
   Immediate binding: no not found!
  /usr/bin/lastal:
   Position Independent Executable: no, normal executable!
   Stack protected: yes
   Fortify Source functions: yes (some protected functions found)
   Read-only relocations: yes
   Immediate binding: no not found!
 
  (Position Independent Executable and Immediate binding is not
  enabled by default.)
 
  Use find -type f \( -executable -o -name \*.so\* \) -exec
  hardening-check {} + on the build result to check all files.
 
  Regards,
  Simon
 
  [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
  [2]: https://wiki.debian.org/HardeningWalkthrough
  [3]: https://wiki.debian.org/Hardening
  --
  + privacy is necessary
  + using gnupg http://gnupg.org
  + public key id: 0x92FEFDB7E44C32F9

 Description: Use build flags from environment (dpkg-buildflags).
  Necessary for hardening flags.
 Author: Simon Ruderich si...@ruderich.org
 Last-Update: 2012-04-07

 --- last-align-198.orig/makefile
 +++ last-align-198/makefile
 @@ -1,4 +1,4 @@
 -CXXFLAGS = -O3
 +CXXFLAGS += -O3
  all:
@cd src  $(MAKE) CXXFLAGS=$(CXXFLAGS)

 --- last-align-198.orig/src/makefile
 +++ last-align-198/src/makefile
 @@ -1,12 +1,12 @@
  CXX = g++
  CC  = gcc

 -CXXFLAGS = -O3 -Wall -Wextra -Wcast-qual -Wswitch-enum -Wundef \
 +CXXFLAGS += -O3 -Wall -Wextra -Wcast-qual -Wswitch-enum -Wundef\
  -Wcast-align -Wno-long-long -ansi -pedantic
  # -Wconversion
  # -fomit-frame-pointer ?

 -CFLAGS = -Wall
 +CFLAGS += -Wall

  DBSRC = Alphabet.cc MultiSequence.cc CyclicSubsetSeed.cc   \
  SubsetSuffixArray.cc LastdbArguments.cc io.cc fileMap.cc   \
 @@ -50,16 +50,16 @@ OBJ = lambda_calculator.o
  all: lastdb lastal lastex

  lastdb: $(DBSRC) $(DBINC) makefile
 -   $(CXX) $(CXXFLAGS) -o $@ $(DBSRC)
 +   $(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) -o $@ $(DBSRC)

  lastal: $(ALSRC) $(ALINC) makefile $(OBJ)
 -   $(CXX) $(CXXFLAGS) -o $@ $(ALSRC) $(OBJ)
 +   $(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) -o $@ $(ALSRC) $(OBJ)

  lastex: $(EXSRC) $(EXINC) makefile
 -   $(CXX) -Igumbel_params $(CXXFLAGS) -o $@ $(EXSRC)
 +   $(CXX) -Igumbel_params $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) -o $@
 $(EXSRC)

  $(OBJ): CA_code/*.c CA_code/*.h makefile
 -   $(CC) $(CFLAGS) -c CA_code/lambda_calculator.c
 +   $(CC) $(CPPFLAGS) $(CFLAGS) -c CA_code/lambda_calculator.c

  clean:
rm -f lastdb lastal lastex $(OBJ)

Bug#667939: last-align: Hardening flags missing

2012-04-29 Thread Simon Ruderich

reopen 667939
thanks

Hello Charles,

The hardening flags are not working because the build system
ignores them - which is why I opened this bug report for 198-1.

Please apply the patch - and if possible sent it to upstream to
fix their build system.

Regards,
Simon
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9


signature.asc
Description: Digital signature

Bug#667939: last-align: Hardening flags missing

2012-04-29 Thread Charles Plessy

Hi Martin,

please consider the patch below for the makefile of LAST.  It
allows to set the compiler, preprocessor and linker separately,
which is the way Debian follows when passing 'hardening' flags
(see below).

Cheers,

-- Charles

Le Sat, Apr 07, 2012 at 06:47:11PM +0200, Simon Ruderich a écrit :
 Package: last-align
 Version: 198-1
 Severity: important
 Tags: patch
 
 Dear Maintainer,
 
 The hardening flags are missing because the build system ignores
 them.
 
 The attached patch fixes the issue, if possible it should be sent
 to upstream.
 
 To check if all flags were correctly enabled you can use
 `hardening-check` from the hardening-includes package and check
 the build log (hardening-check doesn't catch everything):
 
 $ hardening-check /usr/bin/lastdb /usr/bin/lastal
 /usr/bin/lastdb:
  Position Independent Executable: no, normal executable!
  Stack protected: yes
  Fortify Source functions: no, only unprotected functions found!
  Read-only relocations: yes
  Immediate binding: no not found!
 /usr/bin/lastal:
  Position Independent Executable: no, normal executable!
  Stack protected: yes
  Fortify Source functions: yes (some protected functions found)
  Read-only relocations: yes
  Immediate binding: no not found!
 
 (Position Independent Executable and Immediate binding is not
 enabled by default.)
 
 Use find -type f \( -executable -o -name \*.so\* \) -exec
 hardening-check {} + on the build result to check all files.
 
 Regards,
 Simon
 
 [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
 [2]: https://wiki.debian.org/HardeningWalkthrough
 [3]: https://wiki.debian.org/Hardening
 -- 
 + privacy is necessary
 + using gnupg http://gnupg.org
 + public key id: 0x92FEFDB7E44C32F9

Description: Use build flags from environment (dpkg-buildflags).
 Necessary for hardening flags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-04-07

--- last-align-198.orig/makefile
+++ last-align-198/makefile
@@ -1,4 +1,4 @@
-CXXFLAGS = -O3
+CXXFLAGS += -O3
 all:
@cd src  $(MAKE) CXXFLAGS=$(CXXFLAGS)
 
--- last-align-198.orig/src/makefile
+++ last-align-198/src/makefile
@@ -1,12 +1,12 @@
 CXX = g++
 CC  = gcc
 
-CXXFLAGS = -O3 -Wall -Wextra -Wcast-qual -Wswitch-enum -Wundef \
+CXXFLAGS += -O3 -Wall -Wextra -Wcast-qual -Wswitch-enum -Wundef\
 -Wcast-align -Wno-long-long -ansi -pedantic
 # -Wconversion
 # -fomit-frame-pointer ?
 
-CFLAGS = -Wall
+CFLAGS += -Wall
 
 DBSRC = Alphabet.cc MultiSequence.cc CyclicSubsetSeed.cc   \
 SubsetSuffixArray.cc LastdbArguments.cc io.cc fileMap.cc   \
@@ -50,16 +50,16 @@ OBJ = lambda_calculator.o
 all: lastdb lastal lastex
 
 lastdb: $(DBSRC) $(DBINC) makefile
-   $(CXX) $(CXXFLAGS) -o $@ $(DBSRC)
+   $(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) -o $@ $(DBSRC)
 
 lastal: $(ALSRC) $(ALINC) makefile $(OBJ)
-   $(CXX) $(CXXFLAGS) -o $@ $(ALSRC) $(OBJ)
+   $(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) -o $@ $(ALSRC) $(OBJ)
 
 lastex: $(EXSRC) $(EXINC) makefile
-   $(CXX) -Igumbel_params $(CXXFLAGS) -o $@ $(EXSRC)
+   $(CXX) -Igumbel_params $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) -o $@ $(EXSRC)
 
 $(OBJ): CA_code/*.c CA_code/*.h makefile
-   $(CC) $(CFLAGS) -c CA_code/lambda_calculator.c
+   $(CC) $(CPPFLAGS) $(CFLAGS) -c CA_code/lambda_calculator.c
 
 clean:
rm -f lastdb lastal lastex $(OBJ)



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#667939: last-align: Hardening flags missing

2012-04-07 Thread Simon Ruderich

Package: last-align
Version: 198-1
Severity: important
Tags: patch

Dear Maintainer,

The hardening flags are missing because the build system ignores
them.

The attached patch fixes the issue, if possible it should be sent
to upstream.

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):

$ hardening-check /usr/bin/lastdb /usr/bin/lastal
/usr/bin/lastdb:
 Position Independent Executable: no, normal executable!
 Stack protected: yes
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: yes
 Immediate binding: no not found!
/usr/bin/lastal:
 Position Independent Executable: no, normal executable!
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: no not found!

(Position Independent Executable and Immediate binding is not
enabled by default.)

Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
Description: Use build flags from environment (dpkg-buildflags).
 Necessary for hardening flags.
Author: Simon Ruderich si...@ruderich.org
Last-Update: 2012-04-07

--- last-align-198.orig/makefile
+++ last-align-198/makefile
@@ -1,4 +1,4 @@
-CXXFLAGS = -O3
+CXXFLAGS += -O3
 all:
 	@cd src  $(MAKE) CXXFLAGS=$(CXXFLAGS)
 
--- last-align-198.orig/src/makefile
+++ last-align-198/src/makefile
@@ -1,12 +1,12 @@
 CXX = g++
 CC  = gcc
 
-CXXFLAGS = -O3 -Wall -Wextra -Wcast-qual -Wswitch-enum -Wundef	\
+CXXFLAGS += -O3 -Wall -Wextra -Wcast-qual -Wswitch-enum -Wundef	\
 -Wcast-align -Wno-long-long -ansi -pedantic
 # -Wconversion
 # -fomit-frame-pointer ?
 
-CFLAGS = -Wall
+CFLAGS += -Wall
 
 DBSRC = Alphabet.cc MultiSequence.cc CyclicSubsetSeed.cc	\
 SubsetSuffixArray.cc LastdbArguments.cc io.cc fileMap.cc	\
@@ -50,16 +50,16 @@ OBJ = lambda_calculator.o
 all: lastdb lastal lastex
 
 lastdb: $(DBSRC) $(DBINC) makefile
-	$(CXX) $(CXXFLAGS) -o $@ $(DBSRC)
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) -o $@ $(DBSRC)
 
 lastal: $(ALSRC) $(ALINC) makefile $(OBJ)
-	$(CXX) $(CXXFLAGS) -o $@ $(ALSRC) $(OBJ)
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) -o $@ $(ALSRC) $(OBJ)
 
 lastex: $(EXSRC) $(EXINC) makefile
-	$(CXX) -Igumbel_params $(CXXFLAGS) -o $@ $(EXSRC)
+	$(CXX) -Igumbel_params $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) -o $@ $(EXSRC)
 
 $(OBJ): CA_code/*.c CA_code/*.h makefile
-	$(CC) $(CFLAGS) -c CA_code/lambda_calculator.c
+	$(CC) $(CPPFLAGS) $(CFLAGS) -c CA_code/lambda_calculator.c
 
 clean:
 	rm -f lastdb lastal lastex $(OBJ)


signature.asc
Description: Digital signature

Bug#667939: last-align: Hardening flags missing

Bug#667939: last-align: Hardening flags missing

Bug#667939: last-align: Hardening flags missing

Bug#667939: last-align: Hardening flags missing

4 matches

Site Navigation

Mail list logo

Footer information