[Bug 1820798] Re: hardening-check: add support for detecting stack clash protected binaries

Launchpad Bug Tracker 1820798 at bugs.launchpad.net
Wed Jul 31 04:43:02 UTC 2019 

This bug was fixed in the package devscripts - 2.19.6

---------------
devscripts (2.19.6) unstable; urgency=medium

  [ Christoph Berg ]
  * origtargz:
    + Support unpacking tarballs where the files are in /.

  [ Alex Murray ]
  * hardening-check:
    + Add support for detecting binaries compiled with
      -fstack-clash-protection.  LP: #1820798; MR: !121
    + Add detection for -fcf-protection.  MR: !127

  [ laokz ]
  * uscan:
    + Fix typo in documentation.  MR: !125
    + Remove redundant, misleading  string in a debug message.  MR: !126

  [ Thomas Goirand ]
  * debchange:
    + Target buster-backports with --bpo.  Closes: #931614

  [ Paul Wise ]
  * Devscripts::Config:
    + Improve handling (prevent code execution and errors with spaces and
      newlines) of the configuration files.  MR: !124
      - Move String::ShellQuote from Recommends to Depends.

  [ Xavier Guimard ]
  * Reformat code following the changes in the new perltify 20181102.  MR: !129
  * debi:
    + Replace dpkg + apt-get by "apt-get install" on .change file.
      Closes: #810294; MR: !45
  * salsa:
    + Add "join" command.  Closes: #921314;  MR: !108
    + Add "push" command.  MR: !108
    + Update doc: completion for aliases.  MR: !108
  * uscan:
    + Ignore --download-version when component is marked as "ignore".  MR: !130
    + Fix download when <base> tag is relative.  Closes: #932399; MR: !133

  [ Mattia Rizzolo ]
  * d/control:
    + Bump Standards-Version to 4.4.0, no changes needed.

  [ Nick Gerow ]
  * debchange:
    + Make sure to escape special characters in the maintainer name.  MR: !128

  [ Simon McVittie ]
  * uscan:
    + Don't recurse into directories named .git when searching for
      Debian packages.  MR: !132

  [ Unit 193 ]
  * dcmd:
    + Consider .asc files as part of the upstream orig files.
    + Also add .zst as an allowed extension for upstream orig files.

  [ Sean Whitton ]
  * git-deborig:
    + New --just-print-tag-names option.  Closes: #931180; MR: !131

 -- Mattia Rizzolo <mattia at debian.org>  Sat, 20 Jul 2019 10:43:35 +0200

** Changed in: devscripts (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to devscripts in Ubuntu.
https://bugs.launchpad.net/bugs/1820798

Title:
  hardening-check: add support for detecting stack clash protected
  binaries

Status in devscripts package in Ubuntu:
  Fix Released

Bug description:
  The security team is in the process of making -fstack-clash-protection
  enabled by default in gcc-8/9 for 19.10 / 20.04. To support this it is
  useful to be able to detect binaries which include this new feature
  via hardening-check. Unlike previous features this can only be
  detected by looking for the sequence of instructions which perform
  this feature in the disassembly output via objdump.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/devscripts/+bug/1820798/+subscriptions

More information about the foundations-bugs mailing list