Menu

#2191 Add flags to makefiles to enable hardening

Bug
closed-fixed
nobody
scintilla (604) scite (196) gtk (103) make (4)
5
2020-09-11
2020-07-29
Andreas Rönnquist
No

Please include the following patches which fixes hardening - See these two lintian tags:

https://lintian.debian.org/tags/hardening-no-fortify-functions.html
https://lintian.debian.org/tags/hardening-no-bindnow.html

(The patches simply adds CPPFLAGS and LDFLAGS to the build and linker commands).

2 Attachments
hardeinng_scite.diff
hardening_scintilla.diff

Discussion

  • Neil Hodgson

    Neil Hodgson - 2020-07-29

    The patch files use spaces, not just for indentation in contextual text, but for some added and subtracted lines so fail to apply over the original files which use tabs. It is particularly important that makefiles use tabs instead of spaces as otherwise you may see:

    makefile:111: *** missing separator.  Stop.
     

  • Andreas Rönnquist

    Andreas Rönnquist - 2020-07-29

    Sorry about that - Try these version of the diffs instead.

     
    hardening_scintilla.diff
    hardening_scite.diff

  • Neil Hodgson

    Neil Hodgson - 2020-07-30
    • labels: --> scintilla, scite, gtk, make
    • status: open --> open-fixed
     

  • Neil Hodgson

    Neil Hodgson - 2020-07-30

    Committed with [5d1347] , [6b23fe].

     

    Related

    Commit: [6b23fe]
    Commit: [5d1347]

  • Anonymous

    Anonymous - 2020-08-23

    I'm pretty sure the second instance of CPPFLAGS in Scintilla's makefile is wrong. I think it should be CFLAGS. Otherwise, you can submit potentially unrecognized or incorrect C++ flags to the C compiler.

     

  • Neil Hodgson

    Neil Hodgson - 2020-09-11
    • status: open-fixed --> closed-fixed
     

  • Neil Hodgson

    Neil Hodgson - 2020-09-11

    Committed with [5d1347] , [6b23fe].

     

    Related

    Commit: [6b23fe]
    Commit: [5d1347]

Log in to post a comment.