[SRU] Missing frame pointers on Noble
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ipvsadm (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Noble |
New
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
ipvsadm was not built with frame pointers in Noble. In fact, because
its build scripts are overriding the flags from package building framework, it's also
not built with hardening.
Having frame pointers was one of the things we delivered with Noble and this is one
of the packages that are missing it.
Note that this is already fixed in Debian and in Oracular.
I pulled 3 commits from Debian for this SRU:
1) patch Makefiles to support build-flags
https:/
2) let dh manage build-flags
https:/
3) pass HAVE_NL=1 to make to enable libnl support
https:/
[ Test Plan ]
Unfortunately ipvsadm doesn't have any autopkgtests. I'm checking if it's still working
by running commands from its manual and checking they were installed.
Here's how I tested it:
Added a bunch of rules as found in ipvsadm(8)
ipvsadm -A -t 207.175.44.110:80 -s rr
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.1:80 -m
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.2:80 -m
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.3:80 -m
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.4:80 -m
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.5:80 -m
ipvsadm -A -f 1 -s rr
ipvsadm -a -f 1 -r 192.168.10.1:0 -m
ipvsadm -a -f 1 -r 192.168.10.2:0 -m
ipvsadm -a -f 1 -r 192.168.10.3:0 -m
ipvsadm -a -f 1 -r 192.168.10.4:0 -m
ipvsadm -a -f 1 -r 192.168.10.5:0 -m
ipvsadm -A -t [2001:db8::80]:80 -s rr
ipvsadm -a -t [2001:db8::80]:80 -r [2001:db8::a0a0]:80 -m
Check they were installed:
ipvsadm -L -n
Dump them to disk:
ipvsadm-save -n > save
Drop all the rules:
ipvsadm -C
Restore from disk:
cat save | ipvsadm-restore
Check again if they were installed:
ipvsadm -L -n
[ Where problems could occur ]
No source changes were made. Although, as it's now being built with hardening flags, such as
-fstack-
any issues, such as buffer overflows, that were not causing crashes before, they will probably cause a
crash now. I don't see any bug report from Debian mentioning this kind of problem though.
[ Other Info ]
A PPA is provided here https:/
Build logs are attached.
---- Old bug description
The compiler flags are being overwritten in the package Makefiles and it's not being built with none of $(dpkg-buildflags).
This problem is already fixed in Oracular though.
This package doesn't install any shared libraries.
Related upstream fixes:
https:/
https:/
Related branches
- Lukas Märdian (community): Approve
- git-ubuntu import: Pending requested
-
Diff: 147 lines (+110/-7)4 files modifieddebian/changelog (+12/-0)
debian/patches/fix-build-flags.patch (+92/-0)
debian/patches/series (+1/-0)
debian/rules (+5/-7)
description: | updated |
Thanks Danilo, it seems the fix from debian is pretty straightforward.
Would you like to do the SRU for this package?