Ubuntu
authbind package

frame pointers are not enabled on authbind

Bug #2071841 reported by Olivier Gayot
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
authbind (Debian)
New
Unknown
authbind (Ubuntu)
Fix Released
Undecided
Olivier Gayot

Bug Description

It looks like frame pointers are not enabled for authbind. After a brief look at the package, it does not use debhelper and the upstream makefile overrides CFLAGS.

Revision history for this message
Olivier Gayot (ogayot) wrote :

Adding debdiff. The packaging is ancient and apparently native (no d/source/format and a single tarball), so I modified the upstream Makefile directly.

Built in PPA ogayot/oracular-proposed:

https://launchpadlibrarian.net/737833603/buildlog_ubuntu-oracular-amd64.authbind_2.1.3ubuntu1~ppa3_BUILDING.txt.gz

which shows presence of frame-pointer related flags.

x86_64-linux-gnu-gcc -g -O2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/<<PKGBUILDDIR>>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/<<PKGBUILDDIR>>=/usr/src/authbind-2.1.3ubuntu1~ppa3 -Wall -Wwrite-strings -Wpointer-arith -Wimplicit -Wnested-externs -Wmissing-prototypes -Wstrict-prototypes -DMAJOR_VER='"1"' -DMINOR_VER='"0"' -DLIBAUTHBIND='"/usr/lib/authbind/libauthbind.so.1"' -DHELPER='"/usr/lib/authbind/helper"' -DCONFIGDIR='"/etc/authbind"' -D_GNU_SOURCE -c -o authbind.o authbind.c
x86_64-linux-gnu-gcc -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -specs=/usr/share/dpkg/elf-package-metadata.specs authbind.o -o authbind
x86_64-linux-gnu-gcc -g -O2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/<<PKGBUILDDIR>>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/<<PKGBUILDDIR>>=/usr/src/authbind-2.1.3ubuntu1~ppa3 -Wall -Wwrite-strings -Wpointer-arith -Wimplicit -Wnested-externs -Wmissing-prototypes -Wstrict-prototypes -DMAJOR_VER='"1"' -DMINOR_VER='"0"' -DLIBAUTHBIND='"/usr/lib/authbind/libauthbind.so.1"' -DHELPER='"/usr/lib/authbind/helper"' -DCONFIGDIR='"/etc/authbind"' -D_GNU_SOURCE -c -o helper.o helper.c
x86_64-linux-gnu-gcc -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -specs=/usr/share/dpkg/elf-package-metadata.specs helper.o -o helper
x86_64-linux-gnu-gcc -D_REENTRANT -g -O2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/<<PKGBUILDDIR>>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/<<PKGBUILDDIR>>=/usr/src/authbind-2.1.3ubuntu1~ppa3 -Wall -Wwrite-strings -Wpointer-arith -Wimplicit -Wnested-externs -Wmissing-prototypes -Wstrict-prototypes -DMAJOR_VER='"1"' -DMINOR_VER='"0"' -DLIBAUTHBIND='"/usr/lib/authbind/libauthbind.so.1"' -DHELPER='"/usr/lib/authbind/helper"' -DCONFIGDIR='"/etc/authbind"' -D_GNU_SOURCE -c -o libauthbind.o -fPIC libauthbind.c

Revision history for this message
Olivier Gayot (ogayot) wrote (last edit ):

Adding v2 where the makefile is not directly modified. Instead the relevant variables are passed on the `make` CLI.

PPA build: https://launchpadlibrarian.net/737840117/buildlog_ubuntu-oracular-amd64.authbind_2.1.3ubuntu1~ppa4_BUILDING.txt.gz

Revision history for this message
Olivier Gayot (ogayot) wrote :

Note that the debdiff does not only ensure that the CFLAGS variable is not overwritten, it also ensures that the LDFLAGS variable is not overwritten.

If that change is not wanted, I'm happy to drop it.

Changed in authbind (Ubuntu):
assignee: nobody → Olivier Gayot (ogayot)
status: New → In Progress
Bug Watch Updater (bug-watch-updater)
Changed in authbind (Debian):
status: Unknown → New
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks, Olivier.

I've sponsored the upload now. While you're at it, something else you might want to add is:

export DEB_BUILD_MAINT_OPTIONS = hardening=+all

before importing /usr/share/dpkg/buildflags.mk in order to enable some hardening flags. But that's something you can do in Debian and then sync back to Ubuntu.

Cheers.

Changed in authbind (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package authbind - 2.1.3ubuntu1

---------------
authbind (2.1.3ubuntu1) oracular; urgency=medium

  * Do not override CFLAGS & LDFLAGS set by the maintainer. This allows one to
    control the presence of frame-pointers (LP: #2071841) and also enable LTO.

 -- Olivier Gayot <email address hidden> Wed, 03 Jul 2024 17:42:33 +0200

Changed in authbind (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.