Package: ircd-hybrid
Version: 1:7.2.2.dfsg.2-6.3
Severity: important
Tags: patch

Please enable hardened build flags through dpkg-buildflags.

Patch attached. (dpkg-buildflags abides "noopt" from DEB_BUILD_OPTIONS)

The hardened build flags exposed a missing format string, for which
I have attached a patch as well.

Cheers,
        Moritz
diff -aur ircd-hybrid-7.2.2.dfsg.2.harden/debian/rules ircd-hybrid-7.2.2.dfsg.2/debian/rules
--- ircd-hybrid-7.2.2.dfsg.2.harden/debian/rules	2012-01-26 21:51:08.000000000 +0100
+++ ircd-hybrid-7.2.2.dfsg.2/debian/rules	2012-01-26 21:52:07.000000000 +0100
@@ -31,12 +31,6 @@
 I_DOC = $(I)/usr/share/doc/ircd-hybrid
 I_ETC = $(I)/etc/ircd-hybrid
 
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-	CFLAGS += -O0
-else
-	CFLAGS += -O2
-endif
-
 buildtype := $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
 hosttype := $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
 
@@ -75,7 +69,6 @@
 	dpkg-checkbuilddeps
 endif
 	dh_testdir
-	CFLAGS= \
 	./configure	$(crossflags) $(sslflags) \
 			--with-nicklen=$(NICKLEN) \
 			--with-topiclen=$(TOPICLEN) \
@@ -89,6 +82,7 @@
 			--libdir=/usr/lib/ircd-hybrid \
 			$(configure_options) \
 			--with-maxclients=$(MAXCLIENTS) \
+			$(shell dpkg-buildflags --export=configure) \
 			--enable-halfops
 	touch $@
 
Nur in ircd-hybrid-7.2.2.dfsg.2/debian: rules~.
diff -aur ircd-hybrid-7.2.2.dfsg.2.harden/src/restart.c ircd-hybrid-7.2.2.dfsg.2/src/restart.c
--- ircd-hybrid-7.2.2.dfsg.2.harden/src/restart.c	2006-07-17 08:31:26.000000000 +0200
+++ ircd-hybrid-7.2.2.dfsg.2/src/restart.c	2012-01-26 21:54:08.000000000 +0100
@@ -79,7 +79,7 @@
     sendto_one(target_p, ":%s ERROR :%s", me.name, buffer);
   }
 
-  ilog(L_NOTICE, buffer);
+  ilog(L_NOTICE, "%s", buffer);
 
   send_queued_all();
   close_fds(NULL);
Nur in ircd-hybrid-7.2.2.dfsg.2/src: restart.c~.

Reply via email to