Your message dated Fri, 13 Jan 2012 22:48:45 +0000
with message-id <[email protected]>
and subject line Bug#655248: fixed in krb5 1.10+dfsg~beta1-1
has caused the Debian Bug report #655248,
regarding Hardened build flags not fully enabled
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
655248: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655248
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: krb5
Severity: important
Tags: patch
The hardened build flags are not fully enabled for krb5, fortified
source functions are missing. See for example the KDC binary:
root@pisco:~# hardening-check /usr/sbin/krb5kdc
/usr/sbin/krb5kdc:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: no, no protected functions found!
Read-only relocations: yes
Immediate binding: no not found!
The reason is that you're overwriting CPPFLAGS. Attached
patches fixes this.
(dpkg-buildflags abides "noopt" from DEB_BUILD_OPTIONS)
Cheers,
Moritz
diff -aur krb5-1.10+dfsg~alpha2.orig/debian/rules krb5-1.10+dfsg~alpha2/debian/rules
--- krb5-1.10+dfsg~alpha2.orig/debian/rules 2011-12-27 13:43:05.000000000 +0100
+++ krb5-1.10+dfsg~alpha2/debian/rules 2011-11-10 21:16:17.000000000 +0100
@@ -25,17 +25,7 @@
export DEB_HOST_MULTIARCH
-CCOPTS=-g
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
- CCOPTS +=-O0
-else
- CCOPTS +=-O2
-endif
-
-ifneq (,$(filter i486-linux-gnu x86_64-linux-gnu,$(DEB_HOST_GNU_TYPE)))
- CCOPTS +=-D_FORTIFY_SOURCE=2 -fstack-protector
- endif
-FLAGS=$(shell dpkg-buildflags --export=configure ||echo CFLAGS="$(CCOPTS)")
+DEB_CPPFLAGS_MAINT_APPEND=-D_REENTRANT
ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
NUMJOBS = -j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
@@ -63,7 +53,7 @@
| xargs touch
[ ! -f $(DEB_HOST_GNU_TYPE).cache ] \
|| cp $(DEB_HOST_GNU_TYPE).cache build/
- cd build && $(FLAGS) ../src/configure CPPFLAGS=" -D_REENTRANT" \
+ cd build && ../src/configure $(shell dpkg-buildflags --export=configure) \
--prefix=/usr --localstatedir=/etc --mandir=/usr/share/man \
--with-system-et --with-system-ss --disable-rpath \
--enable-shared --with-ldap --without-tcl \
Nur in krb5-1.10+dfsg~alpha2/debian: rules~.
--- End Message ---
--- Begin Message ---
Source: krb5
Source-Version: 1.10+dfsg~beta1-1
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive:
krb5-admin-server_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/krb5-admin-server_1.10+dfsg~beta1-1_amd64.deb
krb5-doc_1.10+dfsg~beta1-1_all.deb
to main/k/krb5/krb5-doc_1.10+dfsg~beta1-1_all.deb
krb5-gss-samples_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/krb5-gss-samples_1.10+dfsg~beta1-1_amd64.deb
krb5-kdc-ldap_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/krb5-kdc-ldap_1.10+dfsg~beta1-1_amd64.deb
krb5-kdc_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/krb5-kdc_1.10+dfsg~beta1-1_amd64.deb
krb5-locales_1.10+dfsg~beta1-1_all.deb
to main/k/krb5/krb5-locales_1.10+dfsg~beta1-1_all.deb
krb5-multidev_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/krb5-multidev_1.10+dfsg~beta1-1_amd64.deb
krb5-pkinit_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/krb5-pkinit_1.10+dfsg~beta1-1_amd64.deb
krb5-user_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/krb5-user_1.10+dfsg~beta1-1_amd64.deb
krb5_1.10+dfsg~beta1-1.debian.tar.gz
to main/k/krb5/krb5_1.10+dfsg~beta1-1.debian.tar.gz
krb5_1.10+dfsg~beta1-1.dsc
to main/k/krb5/krb5_1.10+dfsg~beta1-1.dsc
krb5_1.10+dfsg~beta1.orig.tar.gz
to main/k/krb5/krb5_1.10+dfsg~beta1.orig.tar.gz
libgssapi-krb5-2_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/libgssapi-krb5-2_1.10+dfsg~beta1-1_amd64.deb
libgssrpc4_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/libgssrpc4_1.10+dfsg~beta1-1_amd64.deb
libk5crypto3_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/libk5crypto3_1.10+dfsg~beta1-1_amd64.deb
libkadm5clnt-mit8_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/libkadm5clnt-mit8_1.10+dfsg~beta1-1_amd64.deb
libkadm5srv-mit8_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/libkadm5srv-mit8_1.10+dfsg~beta1-1_amd64.deb
libkdb5-6_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/libkdb5-6_1.10+dfsg~beta1-1_amd64.deb
libkrb5-3_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/libkrb5-3_1.10+dfsg~beta1-1_amd64.deb
libkrb5-dbg_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/libkrb5-dbg_1.10+dfsg~beta1-1_amd64.deb
libkrb5-dev_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/libkrb5-dev_1.10+dfsg~beta1-1_amd64.deb
libkrb5support0_1.10+dfsg~beta1-1_amd64.deb
to main/k/krb5/libkrb5support0_1.10+dfsg~beta1-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hartman <[email protected]> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 13 Jan 2012 17:11:39 -0500
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev
libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2
libgssrpc4 libkadm5srv-mit8 libkadm5clnt-mit8 libk5crypto3 libkdb5-6
libkrb5support0 krb5-gss-samples krb5-locales
Architecture: source all amd64
Version: 1.10+dfsg~beta1-1
Distribution: unstable
Urgency: low
Maintainer: Sam Hartman <[email protected]>
Changed-By: Sam Hartman <[email protected]>
Description:
krb5-admin-server - MIT Kerberos master server (kadmind)
krb5-doc - Documentation for MIT Kerberos
krb5-gss-samples - MIT Kerberos GSS Sample applications
krb5-kdc - MIT Kerberos key server (KDC)
krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
krb5-locales - Internationalization support for MIT Kerberos
krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
krb5-pkinit - PKINIT plugin for MIT Kerberos
krb5-user - Basic programs to authenticate using MIT Kerberos
libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
libkadm5clnt-mit8 - MIT Kerberos runtime libraries - Administration Clients
libkadm5srv-mit8 - MIT Kerberos runtime libraries - KDC and Admin Server
libkdb5-6 - MIT Kerberos runtime libraries - Kerberos database
libkrb5-3 - MIT Kerberos runtime libraries
libkrb5-dbg - Debugging files for MIT Kerberos
libkrb5-dev - Headers and development libraries for MIT Kerberos
libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 655248
Changes:
krb5 (1.10+dfsg~beta1-1) unstable; urgency=low
.
* New Upstream version
* Fix hardening flags and pre-dpkg-buildflags support, Closes: #655248
* Update some symbols files for enhanced functions in 1.10
Checksums-Sha1:
5d2e4a0e6857437ce5782989eaf46302423f354e 2315 krb5_1.10+dfsg~beta1-1.dsc
9bafb14b31056fc0cf790374da0dd634d4114dc8 10630100
krb5_1.10+dfsg~beta1.orig.tar.gz
119e0f9749aaafe9515659dbbe84b5beeaf20409 113131
krb5_1.10+dfsg~beta1-1.debian.tar.gz
2807c4ef866ef2fd15ca03bad44807186e9f46f5 2664438
krb5-doc_1.10+dfsg~beta1-1_all.deb
4f85f41fe586538216b5b6e2a5e6b87f6c933013 1498590
krb5-locales_1.10+dfsg~beta1-1_all.deb
e829f12ba7bd7a07568a9403b9b7ef2478d69b78 151022
krb5-user_1.10+dfsg~beta1-1_amd64.deb
109246ebbcba66d41be7f9dbc5299cea30adf0e5 222506
krb5-kdc_1.10+dfsg~beta1-1_amd64.deb
be153944b9ac635b91750919ce4af519454b16aa 119160
krb5-kdc-ldap_1.10+dfsg~beta1-1_amd64.deb
b319c3c602e5b8f23e60f1f228452ab138d50c72 119988
krb5-admin-server_1.10+dfsg~beta1-1_amd64.deb
45dedd68b7ce12cc59ba6fc80737b3fea1996446 152656
krb5-multidev_1.10+dfsg~beta1-1_amd64.deb
f84527cfc156917a64dfb75a969b5f8ce7bdf352 39072
libkrb5-dev_1.10+dfsg~beta1-1_amd64.deb
f0512426ddf772ae0486fcf6a2eda0b5f21cdaf6 1648946
libkrb5-dbg_1.10+dfsg~beta1-1_amd64.deb
2434bd267b2708c8fd015eef90e1d2e3ad91cd08 80946
krb5-pkinit_1.10+dfsg~beta1-1_amd64.deb
9d46900f07df7f523d625ca9318c5648d8514e7a 388036
libkrb5-3_1.10+dfsg~beta1-1_amd64.deb
3904255458476cebb83be7a10b73d5122eb66537 146492
libgssapi-krb5-2_1.10+dfsg~beta1-1_amd64.deb
2547252606bf797bcc457fcd200e29c820eebf27 86236
libgssrpc4_1.10+dfsg~beta1-1_amd64.deb
e00210210688fd2b5a22a8e80e47cf6d56156d0a 83238
libkadm5srv-mit8_1.10+dfsg~beta1-1_amd64.deb
0709b4ca92f9513879f162c94c6de7b310776a43 66332
libkadm5clnt-mit8_1.10+dfsg~beta1-1_amd64.deb
896c9f3b06cd6e78cfd04bcf86cb9dc9b68e977e 107810
libk5crypto3_1.10+dfsg~beta1-1_amd64.deb
861a93a18732a2841c1580beca55b73da416cda9 65218
libkdb5-6_1.10+dfsg~beta1-1_amd64.deb
28517ef4b16157960e376f23c3449781ad042d44 48498
libkrb5support0_1.10+dfsg~beta1-1_amd64.deb
f58e5f06460187a2228c424f5bab9b3e7f429e41 50646
krb5-gss-samples_1.10+dfsg~beta1-1_amd64.deb
Checksums-Sha256:
53bfcc47b552b1cec626880612221049ee8fd4486f81dde4e961bfb2b3477fdc 2315
krb5_1.10+dfsg~beta1-1.dsc
a2d5367618d5a4c8ae89f7a2f7eb908494fd39ae55cd4e30e753c9a092541b3a 10630100
krb5_1.10+dfsg~beta1.orig.tar.gz
2ea14ca55b1cfe7d5036253c32df7f6301387e8183e381f0821ca1ae190dfd14 113131
krb5_1.10+dfsg~beta1-1.debian.tar.gz
10d46c768dd73abada31e8c910c53c24aae9234248b9918208e90697a1153891 2664438
krb5-doc_1.10+dfsg~beta1-1_all.deb
c1e5b9ec5b7f4b84cbc4fa00229f6fd01a5bb3415b76ea7db5d15b567c96b24f 1498590
krb5-locales_1.10+dfsg~beta1-1_all.deb
8a62fef42dc7c78fb876429805533b42a8d366c5dbb0c07b464cbbe0665dc6f2 151022
krb5-user_1.10+dfsg~beta1-1_amd64.deb
52ef312768c5134edf32ea9b2cb31217e14f4366f620493a5b31be56c47aa016 222506
krb5-kdc_1.10+dfsg~beta1-1_amd64.deb
5d2d0a5e752c718b73b684418da28f8d797915dcff9bc97dad98fd86100a64c9 119160
krb5-kdc-ldap_1.10+dfsg~beta1-1_amd64.deb
fe844c3e472d015947daf9a24c6250a038ef55c497abd61c5d7e01b6963a888c 119988
krb5-admin-server_1.10+dfsg~beta1-1_amd64.deb
2d8005d19eb94a919596b729f65f4113e79e26a9899d6a7512f20948c6cd41ef 152656
krb5-multidev_1.10+dfsg~beta1-1_amd64.deb
a6311b795c3f2c3b78d17324fc9044bb26101396dffb7fd528f79eb0e1e637a5 39072
libkrb5-dev_1.10+dfsg~beta1-1_amd64.deb
5318abbbefb34a020e02414d042109be5d9d42168b707323bfd4f21fb925882e 1648946
libkrb5-dbg_1.10+dfsg~beta1-1_amd64.deb
179ee0819900816cee9a57a9f44a4ca4325d9131acd04b8566a9b535f3a9f28c 80946
krb5-pkinit_1.10+dfsg~beta1-1_amd64.deb
5a2f360fd3ea7a2ed47b7c17c093ecc385260084bdc9bb003bd15950f886c1a5 388036
libkrb5-3_1.10+dfsg~beta1-1_amd64.deb
1a119cd940993c0ff62382de544b6bc38a52a4bdffcc4fdf64ec818f2e8230fe 146492
libgssapi-krb5-2_1.10+dfsg~beta1-1_amd64.deb
717d9a17f272e1192daae0de4116ccbb0eb9619412727753578bc1c1edcfbfc3 86236
libgssrpc4_1.10+dfsg~beta1-1_amd64.deb
4772aad33fe5d44bc3e5f61e08e9dab588f5a1cab4f97292f6aca41e8fa33a24 83238
libkadm5srv-mit8_1.10+dfsg~beta1-1_amd64.deb
991c0e0d5a42192aafc8e0984215f3453f3e7111013f31085ef2cd84200a1d8e 66332
libkadm5clnt-mit8_1.10+dfsg~beta1-1_amd64.deb
021b840b1f85ccc4f226b2b505ac811039cc988628cc7756bb8ed4be3a195cb7 107810
libk5crypto3_1.10+dfsg~beta1-1_amd64.deb
6f6946108e9cf471507302db3b1e70b9507292a62a77682a7741c03751bfeb3a 65218
libkdb5-6_1.10+dfsg~beta1-1_amd64.deb
c3a69d912b4ce84895b0c8faa3455eea91c589290f3aa6b32d1c50fe60522b3a 48498
libkrb5support0_1.10+dfsg~beta1-1_amd64.deb
e43e539feb832319e914cf2ac24d5f55053b4b2bfe91e6802b7a9067b0b28cbf 50646
krb5-gss-samples_1.10+dfsg~beta1-1_amd64.deb
Files:
4167926a2b98628726911ec7a2178230 2315 net standard krb5_1.10+dfsg~beta1-1.dsc
48dc776c389c724100589e0a8c72c43c 10630100 net standard
krb5_1.10+dfsg~beta1.orig.tar.gz
70899713b8622b0e281d93bdd159615c 113131 net standard
krb5_1.10+dfsg~beta1-1.debian.tar.gz
159ff3e65f583f86ab6445288d3aa23f 2664438 doc optional
krb5-doc_1.10+dfsg~beta1-1_all.deb
9fb3402f0086b930b0866168cd73be0a 1498590 localization standard
krb5-locales_1.10+dfsg~beta1-1_all.deb
101b1c8be71c8b0fe7b5121d0c39fb02 151022 net optional
krb5-user_1.10+dfsg~beta1-1_amd64.deb
f468bdd985ac55012ea5f70150b4bc4f 222506 net optional
krb5-kdc_1.10+dfsg~beta1-1_amd64.deb
6a689ff8a07e6b2c2f91f762356879a5 119160 net extra
krb5-kdc-ldap_1.10+dfsg~beta1-1_amd64.deb
2815afc86d98e2185ee1fb6476dec0ee 119988 net optional
krb5-admin-server_1.10+dfsg~beta1-1_amd64.deb
528efb1776a50f8b66f8a546eaa2b221 152656 libdevel optional
krb5-multidev_1.10+dfsg~beta1-1_amd64.deb
a2b4554071c34055c6f9a51cf22fc407 39072 libdevel extra
libkrb5-dev_1.10+dfsg~beta1-1_amd64.deb
f3ea1e6581c20d2243d5c052b507d458 1648946 debug extra
libkrb5-dbg_1.10+dfsg~beta1-1_amd64.deb
9b4ea4bc567d8281e9cf71ce9ff0f52d 80946 net extra
krb5-pkinit_1.10+dfsg~beta1-1_amd64.deb
09fb184937aced25aa8bd8ad0d2b781c 388036 libs standard
libkrb5-3_1.10+dfsg~beta1-1_amd64.deb
9b031ff6d3e11a6d6227a3a43880ce93 146492 libs standard
libgssapi-krb5-2_1.10+dfsg~beta1-1_amd64.deb
391a1a931e017a68488743de7cf4bc6e 86236 libs standard
libgssrpc4_1.10+dfsg~beta1-1_amd64.deb
a5bc09db06c727f058c596d816e53b5e 83238 libs standard
libkadm5srv-mit8_1.10+dfsg~beta1-1_amd64.deb
11b7fb1da670a5423682a09466166a13 66332 libs standard
libkadm5clnt-mit8_1.10+dfsg~beta1-1_amd64.deb
a120a4397cdb0bd786d1ed1b784f4ed9 107810 libs standard
libk5crypto3_1.10+dfsg~beta1-1_amd64.deb
beef13267f1ddd2976a64a19fe7b6772 65218 libs standard
libkdb5-6_1.10+dfsg~beta1-1_amd64.deb
0a1f0f601ebc7a2a96b53a0b662ded2b 48498 libs standard
libkrb5support0_1.10+dfsg~beta1-1_amd64.deb
9f18321ead24409453650159ad0c95a6 50646 net extra
krb5-gss-samples_1.10+dfsg~beta1-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk8Qr2sACgkQ/I12czyGJg9IPQCgkYtIFMimm1iEmc2aSPjHaXWD
C2oAoMvLWN3Fq5Uj1CwTaEb0V135WSpV
=4TAW
-----END PGP SIGNATURE-----
--- End Message ---
