Package: ircd-hybrid
Version: 1:7.2.2.dfsg.2-6.3
Severity: important
Tags: patch
Please enable hardened build flags through dpkg-buildflags.
Patch attached. (dpkg-buildflags abides "noopt" from DEB_BUILD_OPTIONS)
The hardened build flags exposed a missing format string, for which
I have attached a patch as well.
Cheers,
Moritz
diff -aur ircd-hybrid-7.2.2.dfsg.2.harden/debian/rules ircd-hybrid-7.2.2.dfsg.2/debian/rules
--- ircd-hybrid-7.2.2.dfsg.2.harden/debian/rules 2012-01-26 21:51:08.000000000 +0100
+++ ircd-hybrid-7.2.2.dfsg.2/debian/rules 2012-01-26 21:52:07.000000000 +0100
@@ -31,12 +31,6 @@
I_DOC = $(I)/usr/share/doc/ircd-hybrid
I_ETC = $(I)/etc/ircd-hybrid
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -O0
-else
- CFLAGS += -O2
-endif
-
buildtype := $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
hosttype := $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
@@ -75,7 +69,6 @@
dpkg-checkbuilddeps
endif
dh_testdir
- CFLAGS= \
./configure $(crossflags) $(sslflags) \
--with-nicklen=$(NICKLEN) \
--with-topiclen=$(TOPICLEN) \
@@ -89,6 +82,7 @@
--libdir=/usr/lib/ircd-hybrid \
$(configure_options) \
--with-maxclients=$(MAXCLIENTS) \
+ $(shell dpkg-buildflags --export=configure) \
--enable-halfops
touch $@
Nur in ircd-hybrid-7.2.2.dfsg.2/debian: rules~.
diff -aur ircd-hybrid-7.2.2.dfsg.2.harden/src/restart.c ircd-hybrid-7.2.2.dfsg.2/src/restart.c
--- ircd-hybrid-7.2.2.dfsg.2.harden/src/restart.c 2006-07-17 08:31:26.000000000 +0200
+++ ircd-hybrid-7.2.2.dfsg.2/src/restart.c 2012-01-26 21:54:08.000000000 +0100
@@ -79,7 +79,7 @@
sendto_one(target_p, ":%s ERROR :%s", me.name, buffer);
}
- ilog(L_NOTICE, buffer);
+ ilog(L_NOTICE, "%s", buffer);
send_queued_all();
close_fds(NULL);
Nur in ircd-hybrid-7.2.2.dfsg.2/src: restart.c~.