Your message dated Fri, 13 Jan 2012 23:02:47 +0000
with message-id <[email protected]>
and subject line Bug#655248: fixed in krb5 1.10+dfsg~beta1-2
has caused the Debian Bug report #655248,
regarding Hardened build flags not fully enabled
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
655248: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655248
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: krb5
Severity: important
Tags: patch
The hardened build flags are not fully enabled for krb5, fortified
source functions are missing. See for example the KDC binary:
root@pisco:~# hardening-check /usr/sbin/krb5kdc
/usr/sbin/krb5kdc:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: no, no protected functions found!
Read-only relocations: yes
Immediate binding: no not found!
The reason is that you're overwriting CPPFLAGS. Attached
patches fixes this.
(dpkg-buildflags abides "noopt" from DEB_BUILD_OPTIONS)
Cheers,
Moritz
diff -aur krb5-1.10+dfsg~alpha2.orig/debian/rules krb5-1.10+dfsg~alpha2/debian/rules
--- krb5-1.10+dfsg~alpha2.orig/debian/rules 2011-12-27 13:43:05.000000000 +0100
+++ krb5-1.10+dfsg~alpha2/debian/rules 2011-11-10 21:16:17.000000000 +0100
@@ -25,17 +25,7 @@
export DEB_HOST_MULTIARCH
-CCOPTS=-g
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
- CCOPTS +=-O0
-else
- CCOPTS +=-O2
-endif
-
-ifneq (,$(filter i486-linux-gnu x86_64-linux-gnu,$(DEB_HOST_GNU_TYPE)))
- CCOPTS +=-D_FORTIFY_SOURCE=2 -fstack-protector
- endif
-FLAGS=$(shell dpkg-buildflags --export=configure ||echo CFLAGS="$(CCOPTS)")
+DEB_CPPFLAGS_MAINT_APPEND=-D_REENTRANT
ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
NUMJOBS = -j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
@@ -63,7 +53,7 @@
| xargs touch
[ ! -f $(DEB_HOST_GNU_TYPE).cache ] \
|| cp $(DEB_HOST_GNU_TYPE).cache build/
- cd build && $(FLAGS) ../src/configure CPPFLAGS=" -D_REENTRANT" \
+ cd build && ../src/configure $(shell dpkg-buildflags --export=configure) \
--prefix=/usr --localstatedir=/etc --mandir=/usr/share/man \
--with-system-et --with-system-ss --disable-rpath \
--enable-shared --with-ldap --without-tcl \
Nur in krb5-1.10+dfsg~alpha2/debian: rules~.
--- End Message ---
--- Begin Message ---
Source: krb5
Source-Version: 1.10+dfsg~beta1-2
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive:
krb5-admin-server_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/krb5-admin-server_1.10+dfsg~beta1-2_amd64.deb
krb5-doc_1.10+dfsg~beta1-2_all.deb
to main/k/krb5/krb5-doc_1.10+dfsg~beta1-2_all.deb
krb5-gss-samples_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/krb5-gss-samples_1.10+dfsg~beta1-2_amd64.deb
krb5-kdc-ldap_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/krb5-kdc-ldap_1.10+dfsg~beta1-2_amd64.deb
krb5-kdc_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/krb5-kdc_1.10+dfsg~beta1-2_amd64.deb
krb5-locales_1.10+dfsg~beta1-2_all.deb
to main/k/krb5/krb5-locales_1.10+dfsg~beta1-2_all.deb
krb5-multidev_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/krb5-multidev_1.10+dfsg~beta1-2_amd64.deb
krb5-pkinit_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/krb5-pkinit_1.10+dfsg~beta1-2_amd64.deb
krb5-user_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/krb5-user_1.10+dfsg~beta1-2_amd64.deb
krb5_1.10+dfsg~beta1-2.debian.tar.gz
to main/k/krb5/krb5_1.10+dfsg~beta1-2.debian.tar.gz
krb5_1.10+dfsg~beta1-2.dsc
to main/k/krb5/krb5_1.10+dfsg~beta1-2.dsc
libgssapi-krb5-2_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/libgssapi-krb5-2_1.10+dfsg~beta1-2_amd64.deb
libgssrpc4_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/libgssrpc4_1.10+dfsg~beta1-2_amd64.deb
libk5crypto3_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/libk5crypto3_1.10+dfsg~beta1-2_amd64.deb
libkadm5clnt-mit8_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/libkadm5clnt-mit8_1.10+dfsg~beta1-2_amd64.deb
libkadm5srv-mit8_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/libkadm5srv-mit8_1.10+dfsg~beta1-2_amd64.deb
libkdb5-6_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/libkdb5-6_1.10+dfsg~beta1-2_amd64.deb
libkrb5-3_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/libkrb5-3_1.10+dfsg~beta1-2_amd64.deb
libkrb5-dbg_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/libkrb5-dbg_1.10+dfsg~beta1-2_amd64.deb
libkrb5-dev_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/libkrb5-dev_1.10+dfsg~beta1-2_amd64.deb
libkrb5support0_1.10+dfsg~beta1-2_amd64.deb
to main/k/krb5/libkrb5support0_1.10+dfsg~beta1-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hartman <[email protected]> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 13 Jan 2012 17:39:34 -0500
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev
libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2
libgssrpc4 libkadm5srv-mit8 libkadm5clnt-mit8 libk5crypto3 libkdb5-6
libkrb5support0 krb5-gss-samples krb5-locales
Architecture: source all amd64
Version: 1.10+dfsg~beta1-2
Distribution: unstable
Urgency: low
Maintainer: Sam Hartman <[email protected]>
Changed-By: Sam Hartman <[email protected]>
Description:
krb5-admin-server - MIT Kerberos master server (kadmind)
krb5-doc - Documentation for MIT Kerberos
krb5-gss-samples - MIT Kerberos GSS Sample applications
krb5-kdc - MIT Kerberos key server (KDC)
krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
krb5-locales - Internationalization support for MIT Kerberos
krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
krb5-pkinit - PKINIT plugin for MIT Kerberos
krb5-user - Basic programs to authenticate using MIT Kerberos
libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
libkadm5clnt-mit8 - MIT Kerberos runtime libraries - Administration Clients
libkadm5srv-mit8 - MIT Kerberos runtime libraries - KDC and Admin Server
libkdb5-6 - MIT Kerberos runtime libraries - Kerberos database
libkrb5-3 - MIT Kerberos runtime libraries
libkrb5-dbg - Debugging files for MIT Kerberos
libkrb5-dev - Headers and development libraries for MIT Kerberos
libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 655248
Changes:
krb5 (1.10+dfsg~beta1-2) unstable; urgency=low
.
* Oops, actually fix build flags, Closes: #655248
Checksums-Sha1:
fde88bb666744488b1e0e4fe3ba0ecba8c9df623 2315 krb5_1.10+dfsg~beta1-2.dsc
530f7c1c94ffbdd164fbf33cf2d10cf8f5b2ebbb 113230
krb5_1.10+dfsg~beta1-2.debian.tar.gz
5d1824039ae6b083405749ee5c1dc9f9db137155 2664478
krb5-doc_1.10+dfsg~beta1-2_all.deb
4c4e9860730313ec4eeea1e9e4f22a02a0a4c1df 1498610
krb5-locales_1.10+dfsg~beta1-2_all.deb
ca6efb8b93ceb75b3991c0fc9ddd27fef7c37d3f 152864
krb5-user_1.10+dfsg~beta1-2_amd64.deb
9ddb6d01eb84c1feb1f6675915cef10cc207d2d6 223770
krb5-kdc_1.10+dfsg~beta1-2_amd64.deb
d2757ae95852cbe4888e97d1449a0f3236895a96 119572
krb5-kdc-ldap_1.10+dfsg~beta1-2_amd64.deb
579bd74c7f15e97420d8a8b7b6c792239ce3bc10 120796
krb5-admin-server_1.10+dfsg~beta1-2_amd64.deb
b6ca14b31bae9518db3b6c824dd4415d73d361de 152666
krb5-multidev_1.10+dfsg~beta1-2_amd64.deb
acaa18067ab852b414438e45aed873c27f6c673f 39090
libkrb5-dev_1.10+dfsg~beta1-2_amd64.deb
5e216c89be879ea997cc8815264810133aea0ffc 1741532
libkrb5-dbg_1.10+dfsg~beta1-2_amd64.deb
4050ee62e3e3af8f267585f988903db7a5b9531f 81498
krb5-pkinit_1.10+dfsg~beta1-2_amd64.deb
92e97fbd578c25a7d95c4808587e5fa877be853a 389116
libkrb5-3_1.10+dfsg~beta1-2_amd64.deb
2b4b98820782b25f1f4e1b8fb2a71b35244d38b6 146972
libgssapi-krb5-2_1.10+dfsg~beta1-2_amd64.deb
6b92888bf5289cdd7e771f3b0dae7d88189cc270 86794
libgssrpc4_1.10+dfsg~beta1-2_amd64.deb
2601fcf736fb16fd034d93063b2a3534a0d1b5de 83486
libkadm5srv-mit8_1.10+dfsg~beta1-2_amd64.deb
bc0c72bdea6d4a397aa7e4acf5f408893d5f2f88 66698
libkadm5clnt-mit8_1.10+dfsg~beta1-2_amd64.deb
6e38b20e20c386073a4927d17b25245e6b665fba 108726
libk5crypto3_1.10+dfsg~beta1-2_amd64.deb
f1c3012861923e36f8c5ae22543724156ae1d34d 65346
libkdb5-6_1.10+dfsg~beta1-2_amd64.deb
683a15443d8500d0f64f899c883393b75ce310e2 48594
libkrb5support0_1.10+dfsg~beta1-2_amd64.deb
a0f9bdfb0080183abcb3711593ee4a740e6b6ae1 50880
krb5-gss-samples_1.10+dfsg~beta1-2_amd64.deb
Checksums-Sha256:
b636a1b75277b4829b658d6b5539590d460dcb4ec03a92fb47858e5b308149ba 2315
krb5_1.10+dfsg~beta1-2.dsc
760a216c00579860f500bafa7c709c4786c621571887d484e98cffcef051fc6b 113230
krb5_1.10+dfsg~beta1-2.debian.tar.gz
30a6a85e9221b2c500ce6da58b50ed7cdb4dbc157bc2ede5891402a47d04a15e 2664478
krb5-doc_1.10+dfsg~beta1-2_all.deb
94dee65950ba38b829352b0e0c5b4da3d476136f6ca5be8912545951a5011153 1498610
krb5-locales_1.10+dfsg~beta1-2_all.deb
de2c72f93c1ead26e81485a81f6e90544fb3078306a2befc538c7d76c764eb2e 152864
krb5-user_1.10+dfsg~beta1-2_amd64.deb
7e2663894fcd38fb12e86c1bfcf69e280f7876ffd70797d6d62b18af8893958a 223770
krb5-kdc_1.10+dfsg~beta1-2_amd64.deb
889adbcc4045a7d1569769a2e95702c0b56135f0d6f17b1427c97092fe99e819 119572
krb5-kdc-ldap_1.10+dfsg~beta1-2_amd64.deb
7466589dcafec7b14cc26fc8b3a5fd30e1885e3c9463294216d45d811650ebcf 120796
krb5-admin-server_1.10+dfsg~beta1-2_amd64.deb
d7d6bb0932ce6ed0e1589133164f9705b2489767724906034f71e4e0cf56b9a8 152666
krb5-multidev_1.10+dfsg~beta1-2_amd64.deb
dfbc40501182c132a4af77791f802c97a322e6c567cb8df7b881b1d51bdceea4 39090
libkrb5-dev_1.10+dfsg~beta1-2_amd64.deb
d9d057da91bb897b5a02d4a4b3037fed28b49095336b1a86410cceb43893a8ad 1741532
libkrb5-dbg_1.10+dfsg~beta1-2_amd64.deb
c4206f3616c47802f021265c88a9cc0ff35f2d125ea93965427d3dc8b65911e7 81498
krb5-pkinit_1.10+dfsg~beta1-2_amd64.deb
23399e95d047ea5895f8dca41573dea20978d549288756ac38d0ce27fa6e3042 389116
libkrb5-3_1.10+dfsg~beta1-2_amd64.deb
882fdee0c48c682f3be57e33afac1ac895a5921ecd90f0159132d288e79334fd 146972
libgssapi-krb5-2_1.10+dfsg~beta1-2_amd64.deb
43f5cd755841fa64dd4f4cb9a618caca893417ffae21a8f6cef81b75ef41d23d 86794
libgssrpc4_1.10+dfsg~beta1-2_amd64.deb
c47d11a97583c48c6b54794ad405688b16149f764a8fd2b820d3971f8fd11d0b 83486
libkadm5srv-mit8_1.10+dfsg~beta1-2_amd64.deb
313f1ec8a8727f529f8c9f94179198d0d4d4a429a0a38ec61145c905eddfcdfb 66698
libkadm5clnt-mit8_1.10+dfsg~beta1-2_amd64.deb
2d5ffb7ddba230e502e3dbff26e1b831b5770502e6311af09c0b4216af6f1dc1 108726
libk5crypto3_1.10+dfsg~beta1-2_amd64.deb
c2cc9e9b8b103b6b5359d123d89f5fba4495d3cef27fb04b9e9c26166334a591 65346
libkdb5-6_1.10+dfsg~beta1-2_amd64.deb
a6ce5ad3f16f422ce092baf91885e1d8bc9029d1b853e7263502f030e192123d 48594
libkrb5support0_1.10+dfsg~beta1-2_amd64.deb
28fa9862b165eec3f2389f60e6499e6d263cd12467a6a294ac76705cc3d1384e 50880
krb5-gss-samples_1.10+dfsg~beta1-2_amd64.deb
Files:
9ee59111944f471b7bac13e2e1676178 2315 net standard krb5_1.10+dfsg~beta1-2.dsc
14f30591bda33a6ffb48619040c6d79e 113230 net standard
krb5_1.10+dfsg~beta1-2.debian.tar.gz
e3d04e2f67b624660809bbcf631c47b0 2664478 doc optional
krb5-doc_1.10+dfsg~beta1-2_all.deb
dcbb8c5312f28942f4e4f617828eb07d 1498610 localization standard
krb5-locales_1.10+dfsg~beta1-2_all.deb
5178c07601523c609915289ab7ab9ab2 152864 net optional
krb5-user_1.10+dfsg~beta1-2_amd64.deb
e46368013d1e0523fd82fe9a1d17834e 223770 net optional
krb5-kdc_1.10+dfsg~beta1-2_amd64.deb
d4cd6c49ab824396bb95c99f441fe76b 119572 net extra
krb5-kdc-ldap_1.10+dfsg~beta1-2_amd64.deb
c6237fdf2c5278f89259fe287fc3bce4 120796 net optional
krb5-admin-server_1.10+dfsg~beta1-2_amd64.deb
bf394f9417e626259d9e40ae1c9347ee 152666 libdevel optional
krb5-multidev_1.10+dfsg~beta1-2_amd64.deb
2193c39e40fd2f7bbcb8878fe9b1668f 39090 libdevel extra
libkrb5-dev_1.10+dfsg~beta1-2_amd64.deb
b3e1d335daaa3e35a30ac68c539b6ffa 1741532 debug extra
libkrb5-dbg_1.10+dfsg~beta1-2_amd64.deb
f9620baff32f231150133493071cc8b7 81498 net extra
krb5-pkinit_1.10+dfsg~beta1-2_amd64.deb
37c0ae8dcd6b3c7e3f5ca84011687d6d 389116 libs standard
libkrb5-3_1.10+dfsg~beta1-2_amd64.deb
5ffad10f38520c6e3b2605649ee3b67e 146972 libs standard
libgssapi-krb5-2_1.10+dfsg~beta1-2_amd64.deb
637bcff4f86121ebc3827b28b707043d 86794 libs standard
libgssrpc4_1.10+dfsg~beta1-2_amd64.deb
01d7b46cae7fc68135aa0f9e273a2190 83486 libs standard
libkadm5srv-mit8_1.10+dfsg~beta1-2_amd64.deb
a9321ff69c22169cc86d5bf94436a3f7 66698 libs standard
libkadm5clnt-mit8_1.10+dfsg~beta1-2_amd64.deb
e7eae79e8eb9a82d8cdd6b9e43d33c21 108726 libs standard
libk5crypto3_1.10+dfsg~beta1-2_amd64.deb
4cbbc55d7da6bacd48f5ee3a350ae35c 65346 libs standard
libkdb5-6_1.10+dfsg~beta1-2_amd64.deb
ed16316bbbe015f9cce10ce0175ebad3 48594 libs standard
libkrb5support0_1.10+dfsg~beta1-2_amd64.deb
99a729295a3913f532d2287b5e378f07 50880 net extra
krb5-gss-samples_1.10+dfsg~beta1-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEUEARECAAYFAk8QtGEACgkQ/I12czyGJg9GAQCYx2oEB+8DGV9sVMNuL+EQN2bs
jACgtxqv9Yn2b900rB8gvk3eBdqGOGA=
=eXTC
-----END PGP SIGNATURE-----
--- End Message ---
