Bug 972967
Summary: | Build up-imapproxy with PIE support | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Harald Reindl <h.reindl> | ||||
Component: | up-imapproxy | Assignee: | Chris Adams <linux> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 18 | CC: | manuel.wolfshant, rakesh.pandit, rpm | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-08-08 04:20:23 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Harald Reindl
2013-06-10 23:43:51 UTC
can someone explain why there is no feedback and http://fedoraproject.org/wiki/Packaging:Guidelines is ignored? "MUST enable" is pretty clear and no opt-in the "Partial RELRO" should also be "FULL RELRO" http://www.exploit-db.com/papers/13203/ > If your package meets any of the following criteria you MUST enable > the PIE compiler flags: > Your package is long running. This means it's likely > to be started and keep running until the machine is rebooted, > not start on demand and quit on idle [root@testserver:~]$ checksec --file /usr/sbin/in.imapproxyd RELRO STACK CANARY NX PIE RPATH RUNPATH FILE Partial RELRO Canary found NX enabled No PIE No RPATH No RUNPATH /usr/sbin/in.imapproxyd Harald, thank you for your report and your assistance in making Fedora better. Clearly this package is important to you, so if the primary maintainer is not being as responsive as you would be able to be, please consider offering to take over or co-maintain the package. I am not the maintainer of the up-imapproxy branch in Fedora, however this is interesting to me as the maintainer of the EPEL5 branch too. It seems from your comment that was posted in bug #465859 that you have built packages that fix this and other issues. Please elaborate, for example by posting a working spec file. I just tried very briefly to build with _hardened_build on F17 (yes, need to try on a newer version) but got: gcc: fatal error: /usr/lib/rpm/redhat/redhat-hardened-cc1: attempt to rename spec 'cc1_options' to already defined spec 'rh_cc1_options_old' Created attachment 781033 [details]
my personal spec-file attached
sorry, but i have no free time to deal with the fedora build-systems and package-guidelines and my personal builds of any server-software we use does not ship any configurations for good reasons
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. *** This bug has been marked as a duplicate of bug 955448 *** |