Your message dated Thu, 26 Jan 2012 21:18:20 +0000
with message-id <[email protected]>
and subject line Bug#656656: fixed in xmltooling 1.4.2-2
has caused the Debian Bug report #656656,
regarding Please enabled hardened build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
656656: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656656
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: xmltooling
Severity: important
Tags: patch
Please enabled hardened build flags through dpkg-buildflags.
I've attached a partial patch. It enables a protected stack and
read-only relocs.
Fortified source functions are not properly enabled. I haven't
debugged this further, but it seems as if CPPFLAGS (-D_FORTIFY_SOURCE=2)
isn't properly propagated in the upstream build system. You might
want to take this upstream or clone the bug.
Cheers,
Moritz
diff -aur xmltooling-1.4.2.harden/debian/rules xmltooling-1.4.2/debian/rules
--- xmltooling-1.4.2.harden/debian/rules 2011-07-26 00:44:18.000000000 +0200
+++ xmltooling-1.4.2/debian/rules 2012-01-20 18:49:26.000000000 +0100
@@ -9,7 +9,7 @@
endif
override_dh_auto_configure:
- dh_auto_configure -- --disable-dependency-tracking $(DEBUG)
+ dh_auto_configure -- --disable-dependency-tracking $(DEBUG) $(shell dpkg-buildflags --export=configure)
override_dh_installdocs:
dh_installdocs -A doc/NOTICE.txt
Nur in xmltooling-1.4.2/debian: rules~.
--- End Message ---
--- Begin Message ---
Source: xmltooling
Source-Version: 1.4.2-2
We believe that the bug you reported is fixed in the latest version of
xmltooling, which is due to be installed in the Debian FTP archive:
libxmltooling-dev_1.4.2-2_i386.deb
to main/x/xmltooling/libxmltooling-dev_1.4.2-2_i386.deb
libxmltooling-doc_1.4.2-2_all.deb
to main/x/xmltooling/libxmltooling-doc_1.4.2-2_all.deb
libxmltooling5_1.4.2-2_i386.deb
to main/x/xmltooling/libxmltooling5_1.4.2-2_i386.deb
xmltooling-schemas_1.4.2-2_all.deb
to main/x/xmltooling/xmltooling-schemas_1.4.2-2_all.deb
xmltooling_1.4.2-2.debian.tar.gz
to main/x/xmltooling/xmltooling_1.4.2-2.debian.tar.gz
xmltooling_1.4.2-2.dsc
to main/x/xmltooling/xmltooling_1.4.2-2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Russ Allbery <[email protected]> (supplier of updated xmltooling package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 26 Jan 2012 12:58:17 -0800
Source: xmltooling
Binary: libxmltooling5 libxmltooling-dev xmltooling-schemas libxmltooling-doc
Architecture: source i386 all
Version: 1.4.2-2
Distribution: unstable
Urgency: low
Maintainer: Debian Shib Team <[email protected]>
Changed-By: Russ Allbery <[email protected]>
Description:
libxmltooling-dev - C++ XML parsing library with encryption support
(development)
libxmltooling-doc - C++ XML parsing library with encryption support (API docs)
libxmltooling5 - C++ XML parsing library with encryption support (runtime)
xmltooling-schemas - XML schemas for XMLTooling
Closes: 656656
Changes:
xmltooling (1.4.2-2) unstable; urgency=low
.
* Update to debhelper compatibility level V9.
- Enable hardening build flags. (Closes: #656656)
- Enable multiarch support.
* Use the latest directory in debian/watch instead of the versioned
directories.
* Update the upstream homepage.
* Update the upstream download location in debian/copyright.
* Minor format updates to debian/copyright for the new DEP-5.
Checksums-Sha1:
a04d9e111821df86fd0faa7503d24ae2fd58da76 1989 xmltooling_1.4.2-2.dsc
4ae62b8b984fe08440f43b426f74c2a141fb201d 8611 xmltooling_1.4.2-2.debian.tar.gz
72dd833316aa4e17d5669db1504e8e31c1d274a0 860228 libxmltooling5_1.4.2-2_i386.deb
7cb5811e2e1720cd6ad85b42e39c67d63967184e 81030
libxmltooling-dev_1.4.2-2_i386.deb
41ae65802ac4dc92e018bd5644ffcdee31f776c0 15324
xmltooling-schemas_1.4.2-2_all.deb
c940592c96bcc08a7acb65c92fa4078581e0277a 5473316
libxmltooling-doc_1.4.2-2_all.deb
Checksums-Sha256:
8d98172dc18d94e96d21ea8ab6d9558a27b57b07b07fa2a94eccd46cb47bdc6b 1989
xmltooling_1.4.2-2.dsc
cd41c4257162314d325ce6fcc73bbb05c3c05849167e46ac9d6aa433fa8e9925 8611
xmltooling_1.4.2-2.debian.tar.gz
b8177223313793b42f9181f7a1578f72b7fd59ef630c3fbbebde6f6beb4a96fc 860228
libxmltooling5_1.4.2-2_i386.deb
14c4fbc464567bb942d9a4e925e94ef31fa3a5c5fbdc6a5a4c83814a0ab2e0bf 81030
libxmltooling-dev_1.4.2-2_i386.deb
44025f87febe6a229c891ec8f7e97142cbf031960fe1e4cd01c6d1bb2a147884 15324
xmltooling-schemas_1.4.2-2_all.deb
86dee1c4aefee85944d396fc9fb8022ab6a12a80a20c9352973f4358ec4ad362 5473316
libxmltooling-doc_1.4.2-2_all.deb
Files:
735a3cce0b8551d5b629bf264f07cb54 1989 libs extra xmltooling_1.4.2-2.dsc
8b37758fe454e97ea1c31379a9ac61ac 8611 libs extra
xmltooling_1.4.2-2.debian.tar.gz
ebd7a663891e4f68148e99e46a612dba 860228 libs extra
libxmltooling5_1.4.2-2_i386.deb
07a8b07088b310becc557c85dba8ee26 81030 libdevel extra
libxmltooling-dev_1.4.2-2_i386.deb
57f9788aa9b4f440ef73bb07f207117e 15324 text extra
xmltooling-schemas_1.4.2-2_all.deb
2a55a050065f1d00eac8ae7798a61887 5473316 doc extra
libxmltooling-doc_1.4.2-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBCAAGBQJPIcGXAAoJEH2AMVxXNt51XjoH/0DAWwtzb6fJjtyUvFd1CFhu
41Y11TOx5DuSRSPzlGolusC+62DN/tP35hAM5x/Xqj0Oshp3U34d7i69tSH0c23T
vkM9GOnBye61AXmh/arnfREjgIAhP8DOCFi/oxFiymtG8tEUY/5NDd3cRBHftY5Q
jrlAGMFj94MuEVr2EEmCn7yGKbIL9hWBDDoR0mMK3NFAxOM/gJ6SOYIlXxJZjYhG
vJFXgeN3HYqKk+HMKb6LPBv2PDKm1ff8YNXoyo0tZNaB2gpNIzMB58tCVf9sRMiM
VSi8eTa7i1r9t+ME8HOm/jydXmKhGoin4RxEFwbIaueXU86PvBKAoUkmC9pB5S0=
=BMRx
-----END PGP SIGNATURE-----
--- End Message ---
