Control: reopen -1
Control: found -1 1.8.16-2
Control: tags -1 upstream
Hi,
On Mon, Mar 14, 2016 at 9:23 PM, Debian Bug Tracking System <
ow...@bugs.debian.org> wrote:
> * New debian/patches/0001-Dialect_change.patch (Closes: #816491):
> - Change dialect from c99 to gnu99 to prevend segfaults
> on missing functions.
> - Add autoreconf and remove dh_autotools-dev to/from debian/rules
> and debian/control.
Unfortunately the bug is still present in the version currently in unstable.
We have identified the problem lies with the getpass() and the definition
of _XOPEN_SOURCE.
manpage for getpass() has the following
...
getpass():
Since glibc 2.2.2:
_BSD_SOURCE ||
(_XOPEN_SOURCE >= 500 ||
_XOPEN_SOURCE && _XOPEN_SOURCE_EXTENDED) &&
!(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600)
Before glibc 2.2.2:
none
...
The source on the other hand in file lib/ipmi_main.c: has the definition:
#define _XOPEN_SOURCE 700
which precludes the use of getpass() and results in the following warning
in the build environment here
https://buildd.debian.org/status/fetch.php?pkg=ipmitool&arch=amd64&ver=1.8.16-2&stamp=1457984051
ipmi_main.c: In function 'ipmi_main':
ipmi_main.c:524:15: warning: implicit declaration of function 'getpass'
[-Wimplicit-function-declaration]
tmp_pass = getpass("Password: ");
^
ipmi_main.c:524:13: warning: assignment makes pointer from integer without
a cast [-Wint-conversion]
tmp_pass = getpass("Password: ");
If you disable PIE (Position Independent Executable) the runtime linker
manages to workaround this
and it just works, however the debian package is compiled with -fPIE. Note
that this does not affect the
version in jessie since it has a working definition of _XOPEN_SOURCE.
You could temporarily change the hardening compile options by changing
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
to
export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie
in debian/rules.
Regards,
Stefanos
