Your message dated Fri, 06 Jan 2012 00:18:00 +0000
with message-id <[email protected]>
and subject line Bug#654794: fixed in courier 0.66.3-2
has caused the Debian Bug report #654794,
regarding Please enabled hardened build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
654794: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654794
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: courier
Severity: important
Tags: patch
Please enabled hardened build flags through dpkg-buildflags.
Patch attached. The hardened build flags showed several cases
of missing format strings, for which additional patches have
been attached.
Cheers,
Moritz
diff -aur courier-0.66.3.orig/debian/rules courier-0.66.3/debian/rules
--- courier-0.66.3.orig/debian/rules 2012-01-05 20:13:33.000000000 +0100
+++ courier-0.66.3/debian/rules 2012-01-05 20:41:27.000000000 +0100
@@ -72,7 +72,7 @@
chmod +x debian/srcmgr
if [ ! -f srcmgr.list ]; then debian/srcmgr > srcmgr.list; fi
if [ ! -f stamp-build ]; then \
- LINGUAS="de sv" ./configure $(COMMON_CONFOPTS) \
+ LINGUAS="de sv" ./configure $(shell dpkg-buildflags --export=configure) $(COMMON_CONFOPTS) \
--with-postgresql-includes=/usr/include/postgresql \
&& $(MAKE) LIBTOOL=/usr/bin/libtool && touch stamp-build; \
fi
Nur in courier-0.66.3/debian: rules~.
diff -aur courier-0.66.3.orig/maildrop/maildrop.C courier-0.66.3/maildrop/maildrop.C
--- courier-0.66.3.orig/maildrop/maildrop.C 2011-04-04 15:03:46.000000000 +0200
+++ courier-0.66.3/maildrop/maildrop.C 2012-01-05 21:15:47.000000000 +0100
@@ -80,7 +80,7 @@
{
merr << argv[0] << ": " << p << "\n";
#if SYSLOG_LOGGING
- syslog(LOG_INFO, p);
+ syslog(LOG_INFO, "%s", p);
#endif
cleanup();
return (EX_TEMPFAIL);
@@ -90,7 +90,7 @@
{
merr << argv[0] << ": " << p << "\n";
#if SYSLOG_LOGGING
- syslog(LOG_INFO, p);
+ syslog(LOG_INFO, "%s", p);
#endif
cleanup();
return (EX_TEMPFAIL);
Nur in courier-0.66.3/maildrop: maildrop.C~.
diff -aur courier-0.66.3.orig/webmail/pcp.c courier-0.66.3/webmail/pcp.c
--- courier-0.66.3.orig/webmail/pcp.c 2011-04-04 15:03:52.000000000 +0200
+++ courier-0.66.3/webmail/pcp.c 2012-01-05 21:25:07.000000000 +0100
@@ -1518,7 +1518,7 @@
printf("</span></td><td width=\"30\"> </td><td width=\"100%%\"><span class=\"tt\">");
if (p->address && strcmp(p->address, "@"))
{
- printf(getarg("CONFLICTERR2"));
+ printf("%s", getarg("CONFLICTERR2"));
print_safe(p->address);
}
else
Nur in courier-0.66.3/webmail: pcp.c~.
diff -aur courier-0.66.3.orig/webmail/sqwebmail.c courier-0.66.3/webmail/sqwebmail.c
--- courier-0.66.3.orig/webmail/sqwebmail.c 2011-04-04 15:03:52.000000000 +0200
+++ courier-0.66.3/webmail/sqwebmail.c 2012-01-05 21:38:48.000000000 +0100
@@ -1097,7 +1097,7 @@
c=strchr(c, '.');
if (c)
{
- printf(sep);
+ printf("%s", sep);
print_safe(c+1);
}
}
Nur in courier-0.66.3/webmail: sqwebmail.c~.
--- End Message ---
--- Begin Message ---
Source: courier
Source-Version: 0.66.3-2
We believe that the bug you reported is fixed in the latest version of
courier, which is due to be installed in the Debian FTP archive:
courier-base_0.66.3-2_amd64.deb
to main/c/courier/courier-base_0.66.3-2_amd64.deb
courier-doc_0.66.3-2_all.deb
to main/c/courier/courier-doc_0.66.3-2_all.deb
courier-faxmail_0.66.3-2_amd64.deb
to main/c/courier/courier-faxmail_0.66.3-2_amd64.deb
courier-imap-ssl_4.9.3-2_amd64.deb
to main/c/courier/courier-imap-ssl_4.9.3-2_amd64.deb
courier-imap_4.9.3-2_amd64.deb
to main/c/courier/courier-imap_4.9.3-2_amd64.deb
courier-ldap_0.66.3-2_amd64.deb
to main/c/courier/courier-ldap_0.66.3-2_amd64.deb
courier-maildrop_0.66.3-2_amd64.deb
to main/c/courier/courier-maildrop_0.66.3-2_amd64.deb
courier-mlm_0.66.3-2_amd64.deb
to main/c/courier/courier-mlm_0.66.3-2_amd64.deb
courier-mta-ssl_0.66.3-2_amd64.deb
to main/c/courier/courier-mta-ssl_0.66.3-2_amd64.deb
courier-mta_0.66.3-2_amd64.deb
to main/c/courier/courier-mta_0.66.3-2_amd64.deb
courier-pcp_0.66.3-2_amd64.deb
to main/c/courier/courier-pcp_0.66.3-2_amd64.deb
courier-pop-ssl_0.66.3-2_amd64.deb
to main/c/courier/courier-pop-ssl_0.66.3-2_amd64.deb
courier-pop_0.66.3-2_amd64.deb
to main/c/courier/courier-pop_0.66.3-2_amd64.deb
courier-ssl_0.66.3-2_amd64.deb
to main/c/courier/courier-ssl_0.66.3-2_amd64.deb
courier-webadmin_0.66.3-2_amd64.deb
to main/c/courier/courier-webadmin_0.66.3-2_amd64.deb
courier_0.66.3-2.diff.gz
to main/c/courier/courier_0.66.3-2.diff.gz
courier_0.66.3-2.dsc
to main/c/courier/courier_0.66.3-2.dsc
sqwebmail_0.66.3-2_amd64.deb
to main/c/courier/sqwebmail_0.66.3-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Hornburg (Racke) <[email protected]> (supplier of updated courier package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 05 Jan 2012 17:50:33 -0500
Source: courier
Binary: courier-base courier-maildrop courier-mlm courier-mta courier-faxmail
courier-webadmin sqwebmail courier-pcp courier-pop courier-imap courier-ldap
courier-doc courier-ssl courier-mta-ssl courier-pop-ssl courier-imap-ssl
Architecture: source all amd64
Version: 0.66.3-2
Distribution: unstable
Urgency: low
Maintainer: Stefan Hornburg (Racke) <[email protected]>
Changed-By: Stefan Hornburg (Racke) <[email protected]>
Description:
courier-base - Courier mail server - base system
courier-doc - Courier mail server - additional documentation
courier-faxmail - Courier mail server - Fax<->mail gateway
courier-imap - Courier mail server - IMAP server
courier-imap-ssl - Courier mail server - IMAP over SSL
courier-ldap - Courier mail server - LDAP support
courier-maildrop - Courier mail server - mail delivery agent
courier-mlm - Courier mail server - mailing list manager
courier-mta - Courier mail server - ESMTP daemon
courier-mta-ssl - Courier mail server - ESMTP over SSL
courier-pcp - Courier mail server - PCP server
courier-pop - Courier mail server - POP3 server
courier-pop-ssl - Courier mail server - POP3 over SSL
courier-ssl - Courier mail server - SSL/TLS Support
courier-webadmin - Courier mail server - web-based administration frontend
sqwebmail - Courier mail server - webmail server
Closes: 654794
Changes:
courier (0.66.3-2) unstable; urgency=low
.
[Moritz Mühlenhoff]
.
* Apply patch for enable hardening options and missing format strings
(Closes: #654794)
Checksums-Sha1:
72698351fb4f7cfdaafb0819916eb94834139db8 2149 courier_0.66.3-2.dsc
e292a1d0916373f25dd5c92ba1a80d027df6f804 104795 courier_0.66.3-2.diff.gz
9e7c8187ec79ee208c16a8b67ce9074e331c1728 365216 courier-doc_0.66.3-2_all.deb
830c28782abc1cf5f11d4d57413766e3fba8e4ba 259486 courier-base_0.66.3-2_amd64.deb
0d7cd4648a5b7a809b3b5039a6cf0f7a561b556e 297878
courier-maildrop_0.66.3-2_amd64.deb
74025a7b862e29fb561f29babddcd98fa45b6f4c 376468 courier-mlm_0.66.3-2_amd64.deb
9e1425af804080f639d896f66e0f03e0116d78dc 851768 courier-mta_0.66.3-2_amd64.deb
d07b15fed7c76a289c9eab0c2d13174839efeb8b 37150
courier-faxmail_0.66.3-2_amd64.deb
9f9af84caaed591580efd1dc4802cfcadb5d6bb5 48308
courier-webadmin_0.66.3-2_amd64.deb
9df393d48ea9eb51ce7693b62c9b8513730122a1 566178 sqwebmail_0.66.3-2_amd64.deb
a4a4c803f38a398b4114c2b5241bfa1b41762945 74360 courier-pcp_0.66.3-2_amd64.deb
7c1fdcb74579678eb140b671b9bd1a335ce86b41 62526 courier-pop_0.66.3-2_amd64.deb
4aec31ae94f6b6bd6909355f61f23fb35f6d70e7 42112 courier-ldap_0.66.3-2_amd64.deb
2f549628cf85dc7f266302dadee1dd9075fc0657 67064 courier-ssl_0.66.3-2_amd64.deb
d297caf455d07b60fef777a56dd9df2521dd8766 28286
courier-mta-ssl_0.66.3-2_amd64.deb
88ef88f818e23638cbb4f3d9850c9118e8f8509e 30912
courier-pop-ssl_0.66.3-2_amd64.deb
109aae57f1f94b597fd630322931601d61fcfb0b 272654 courier-imap_4.9.3-2_amd64.deb
4df5c50c9dbd4787ee2464040eb42de4227e62ff 31036
courier-imap-ssl_4.9.3-2_amd64.deb
Checksums-Sha256:
9c878d5678391d2aaba1771355f3a3d7ead485b8f77b757cb90f94e23fa1fdd1 2149
courier_0.66.3-2.dsc
028864606c00ad693090701fa06d5e24d9f0b49a61f177bd5966051afeb3c6ae 104795
courier_0.66.3-2.diff.gz
1b61e1394b7ea85d06c1bd25302778d024278e72ca933510e02f8aadd29f17a4 365216
courier-doc_0.66.3-2_all.deb
e20de4f8504d89ac08f7a67998c2484dc25414baa33266e6b6157410bbca86dd 259486
courier-base_0.66.3-2_amd64.deb
4d5cd895becdf12358ee3d7435210178c7b6c4e3cd350cb2310b14bf251da057 297878
courier-maildrop_0.66.3-2_amd64.deb
13271414a06dd249ff60bbd87597864ca1db009b615a6448f86b18c350adc674 376468
courier-mlm_0.66.3-2_amd64.deb
712f88bbdd98896ccd84338c1a9c6ac6797796354adbf74d4d487912765e5750 851768
courier-mta_0.66.3-2_amd64.deb
ff549c35d73d215a4560955bb6df4163821fb0bd0adb8db931e514b5b01d8297 37150
courier-faxmail_0.66.3-2_amd64.deb
d635e7ff57a98dd087a209128ad36aa099a05d5a2f8e4708ad8648882a4d7135 48308
courier-webadmin_0.66.3-2_amd64.deb
04ace0d0824b782b013249f718fbc9aaaf688103503819b1e5d6afbd317b1516 566178
sqwebmail_0.66.3-2_amd64.deb
5914e73c4096470e8534a40249794df28472ad764f358f5f10b14af3e3ce0bdf 74360
courier-pcp_0.66.3-2_amd64.deb
08f82c098dd3fa53172d2b6da93271306193572dcd8740d57b13272c4cdd0fa7 62526
courier-pop_0.66.3-2_amd64.deb
499f6d7dfc4160ae4580bb1e4130f2ca546d2f711588a52f48ae0f327b0405e2 42112
courier-ldap_0.66.3-2_amd64.deb
3e4a8d3e2c870f0afc6caaeb438815507dd694d314ca6ea9fa66004a1c8e7741 67064
courier-ssl_0.66.3-2_amd64.deb
3f2ea49e0dd3babee9ed88a7e1394ab9faf8fc0ba5039a1f33f0da239eb8380c 28286
courier-mta-ssl_0.66.3-2_amd64.deb
b7f1d6d8b2795841c514b7eadde6849804f4033d3e4072a4d4038559788315de 30912
courier-pop-ssl_0.66.3-2_amd64.deb
7bb76f0988199679abf9af87af0db87295b3c97d220ae5baaadfa2daf574751a 272654
courier-imap_4.9.3-2_amd64.deb
0c8cfd0ad7aaf7a7bb8d98e07f9e3720664fce53215f33b2a1a2fcac18048916 31036
courier-imap-ssl_4.9.3-2_amd64.deb
Files:
f060a2ba125e4f45b05cee0224abf1b8 2149 mail optional courier_0.66.3-2.dsc
0e0b85c25cffd04a6f4066d993524711 104795 mail optional courier_0.66.3-2.diff.gz
7b51feb69dcc052c9114cda325fd729d 365216 doc optional
courier-doc_0.66.3-2_all.deb
bb88363bd77872a20dc039f1a3b1de0d 259486 mail optional
courier-base_0.66.3-2_amd64.deb
b00d58bdda7a627e89ddd1ec6fddf987 297878 mail optional
courier-maildrop_0.66.3-2_amd64.deb
f7835ed75f9acb3ee446ed35b784cf0f 376468 mail optional
courier-mlm_0.66.3-2_amd64.deb
7e30f9ba7730426bb1b3b0eab9cc3f27 851768 mail extra
courier-mta_0.66.3-2_amd64.deb
ae4a67df6245001e9d40e94fb9895146 37150 mail optional
courier-faxmail_0.66.3-2_amd64.deb
b9f9d29920a91323570bf72589eee81f 48308 mail optional
courier-webadmin_0.66.3-2_amd64.deb
7d8e074871fec2fd6118865fd237166d 566178 mail optional
sqwebmail_0.66.3-2_amd64.deb
7db10a23c432b6bb9c448c819e6536c0 74360 mail optional
courier-pcp_0.66.3-2_amd64.deb
c94c31710b16d5f0af46c61c391d7007 62526 mail extra
courier-pop_0.66.3-2_amd64.deb
34e0116b0b39ef523203fd4302ae63a7 42112 mail optional
courier-ldap_0.66.3-2_amd64.deb
befb03b92323a8c3763c1bd69757dedb 67064 mail optional
courier-ssl_0.66.3-2_amd64.deb
0a868371186da02463f37fd2b3a82c0e 28286 mail extra
courier-mta-ssl_0.66.3-2_amd64.deb
d8e7ad1141be8aedc0ca3b1ae23a7a07 30912 mail optional
courier-pop-ssl_0.66.3-2_amd64.deb
d0b38a1f3d83ff4f80d180e09d889b0a 272654 mail extra
courier-imap_4.9.3-2_amd64.deb
c1962e27b8a99be316986a69c2b656c0 31036 mail extra
courier-imap-ssl_4.9.3-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk8GOygACgkQjgVfE5tya3Fb5ACePqTagDr3pIlo4MUo13vnZZw8
FuEAoMMA8vpcVnI5Rw+tRPT+BnXgXAcP
=wvWR
-----END PGP SIGNATURE-----
--- End Message ---
