Ubuntu
thunderbird package

thunderbird disables FORTIFY

Bug #301626 reported by Kees Cook
254
Affects Status Importance Assigned to Milestone
thunderbird (Ubuntu)
Fix Released
Medium
Unassigned
Intrepid
Fix Released
Medium
Unassigned
Ubuntu intrepid-updates

Bug Description

Binary package hint: thunderbird

Thunderbird is still compiled with -U_FORTIFY_SOURCE, which should be removed as xulrunner has been fixed.

# workaround multiple crashes in xulrunner in Intrepid (at least 3 in realpath())
# caused by Intrepid shipping gcc 4.3 with -D_FORTIFY_SOURCE=2 by default
CPPFLAGS=-U_FORTIFY_SOURCE
export CPPFLAGS
$(warning export CPPFLAGS=$(CPPFLAGS))

Kees Cook (kees)
Changed in thunderbird:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Alexander Sack (asac) wrote :

rev 94 on thunderbird.dev branch.

Changed in thunderbird:
status: Confirmed → Fix Committed
Revision history for this message
Alexander Sack (asac) wrote :

we should think about doing this in intrepid security update as well. approving nomination accordingly.

Changed in thunderbird:
importance: Undecided → Medium
milestone: none → intrepid-updates
status: New → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package thunderbird - 2.0.0.19+nobinonly-0ubuntu1

---------------
thunderbird (2.0.0.19+nobinonly-0ubuntu1) jaunty; urgency=low

  * security/stability update 2.0.0.19 (USN-701-1)
  * fix LP: #301626 - thunderbird disables FORTIFY; we add patch required
    to enable fortify and drop CPPFLAGS that disabled it accordingly
    - add debian/patches/412610_attachment_309958.patch
    - update debian/patches/series
    - update debian/rules

 -- Alexander Sack <email address hidden> Sat, 03 Jan 2009 20:36:12 +0100

Changed in thunderbird:
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package thunderbird - 2.0.0.19+nobinonly-0ubuntu0.8.10.1

---------------
thunderbird (2.0.0.19+nobinonly-0ubuntu0.8.10.1) intrepid-security; urgency=low

  * security/stability update 2.0.0.19 (USN-701-1)
  * fix LP: #301626 - thunderbird disables FORTIFY; we add patch required
    to enable fortify and drop CPPFLAGS that disabled it accordingly
    - add debian/patches/412610_attachment_309958.patch
    - update debian/patches/series
    - update debian/rules

 -- Alexander Sack <email address hidden> Mon, 05 Jan 2009 14:21:32 +0100

Changed in thunderbird:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.