thunderbird disables FORTIFY

Bug #301626 reported by Kees Cook
254
Affects Status Importance Assigned to Milestone
thunderbird (Ubuntu)
Fix Released
Medium
Unassigned
Intrepid
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: thunderbird

Thunderbird is still compiled with -U_FORTIFY_SOURCE, which should be removed as xulrunner has been fixed.

# workaround multiple crashes in xulrunner in Intrepid (at least 3 in realpath())
# caused by Intrepid shipping gcc 4.3 with -D_FORTIFY_SOURCE=2 by default
CPPFLAGS=-U_FORTIFY_SOURCE
export CPPFLAGS
$(warning export CPPFLAGS=$(CPPFLAGS))

Kees Cook (kees)
Changed in thunderbird:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Alexander Sack (asac) wrote :

rev 94 on thunderbird.dev branch.

Changed in thunderbird:
status: Confirmed → Fix Committed
Revision history for this message
Alexander Sack (asac) wrote :

we should think about doing this in intrepid security update as well. approving nomination accordingly.

Changed in thunderbird:
importance: Undecided → Medium
milestone: none → intrepid-updates
status: New → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package thunderbird - 2.0.0.19+nobinonly-0ubuntu1

---------------
thunderbird (2.0.0.19+nobinonly-0ubuntu1) jaunty; urgency=low

  * security/stability update 2.0.0.19 (USN-701-1)
  * fix LP: #301626 - thunderbird disables FORTIFY; we add patch required
    to enable fortify and drop CPPFLAGS that disabled it accordingly
    - add debian/patches/412610_attachment_309958.patch
    - update debian/patches/series
    - update debian/rules

 -- Alexander Sack <email address hidden> Sat, 03 Jan 2009 20:36:12 +0100

Changed in thunderbird:
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package thunderbird - 2.0.0.19+nobinonly-0ubuntu0.8.10.1

---------------
thunderbird (2.0.0.19+nobinonly-0ubuntu0.8.10.1) intrepid-security; urgency=low

  * security/stability update 2.0.0.19 (USN-701-1)
  * fix LP: #301626 - thunderbird disables FORTIFY; we add patch required
    to enable fortify and drop CPPFLAGS that disabled it accordingly
    - add debian/patches/412610_attachment_309958.patch
    - update debian/patches/series
    - update debian/rules

 -- Alexander Sack <email address hidden> Mon, 05 Jan 2009 14:21:32 +0100

Changed in thunderbird:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers