Ubuntu
asterisk package

Please re-enable PIE and BIND_NOW

Bug #1039542 reported by Jamie Strandboge on 2012-08-21

10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	asterisk (Ubuntu)	Fix Released	High	Unassigned
	Precise	Won't Fix	Undecided	Paul Belanger
	Quantal	Fix Released	High	Unassigned

Bug Description

On 12.10 asterisk is not compiled with PIE or BIND_NOW. I didn't investigate, but this looks like in 12.04 this was dropped in favor of Debian's packaging:
  * Changes dropped from Ubuntu delta as no longer applicable:
    ...
    - debian/control: Build-depend on hardening-wrapper, now handled
      by dpkg-buildflags
    - debian/rules: Make use of hardening-wrapper

Please reenable PIE and BIND_NOW. This needs to be done for 12.04 too.

See original description

Tags:

Related branches

lp:ubuntu/quantal/asterisk

Jamie Strandboge (jdstrand) on 2012-08-21

Changed in asterisk (Ubuntu Precise):
status:	New → Triaged
description:	updated

Revision history for this message

Paul Belanger (pabelanger) wrote on 2012-09-09:

#2

asterisk_1.8.10.1~dfsg-1ubuntu1.1.debdiff Edit (1.7 KiB, text/plain)

Changed in asterisk (Ubuntu Precise):
assignee:	nobody → Paul Belanger (pabelanger)

Revision history for this message

Julian Taylor (jtaylor) wrote on 2012-09-09:

#3

instead of using the old hardening wrapper we should use the new dpkg-buildflags interface:
export DEB_BUILD_MAINT_OPTIONS=hardening=+pie,+bindnow

Revision history for this message

Julian Taylor (jtaylor) wrote on 2012-09-09:

#4

I don't see pie or bindnow in the old buildlogs, the current version doesn't even build with pie (some library/executable code mixup)
so its not a regression.

Revision history for this message

Julian Taylor (jtaylor) wrote on 2012-09-09:

#5

scratch that, the old hardening wrapper does not show the stuff in the buildlog.

Kate Stewart (kate.stewart) on 2012-09-13

tags:

added: precise quantal

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-09-25:

#6

Fyi, on 11.10 we have:
$ hardening-check /usr/sbin/asterisk
/usr/sbin/asterisk:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes

description:

updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-10-09:

#7

This bug was fixed in the package asterisk - 1:1.8.13.1~dfsg-1ubuntu2

---------------
asterisk (1:1.8.13.1~dfsg-1ubuntu2) quantal; urgency=low

* Build-depend on hardening-wrapper again,
reenables pie and bindnow (LP: #1039542)
-- Julian Taylor <email address hidden> Tue, 09 Oct 2012 21:44:39 +0200

Changed in asterisk (Ubuntu Quantal):
status:	Triaged → Fix Released

Revision history for this message

Julian Taylor (jtaylor) wrote on 2012-10-09:

#8

turns out using buildflags is not so good as it lacks the extra logic to handle pie and pic clashes which hardening wrapper has.
sorry for the wrong request.

Revision history for this message

Steve Langasek (vorlon) wrote on 2021-10-14:

#9

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in asterisk (Ubuntu Precise):
status:	Triaged → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

asterisk_1.8.10.1~dfsg-1ubuntu1.1.debdiff Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.