Bug#644402: marked as done (tcsh: please enable hardening options)

[Debian Bug Tracking System]

Your message dated Tue, 14 Feb 2012 13:34:48 +0000
with message-id <e1rxiwu-0007gv...@franck.debian.org>
and subject line Bug#644402: fixed in tcsh 6.18.01-1
has caused the Debian Bug report #644402,
regarding tcsh: please enable hardening options
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
644402: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644402
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: tcsh
Severity: normal
Tags: patch
User: debian...@lists.debian.org
Usertags: hardening

Hardening options is a proposed release goal for Wheezy [1].

Having important package compiled with the hardening options will add
various protections against issues such as stack smashing, predictable
locations of values in memory, etc.

I have rebuilt the package with hardening options enabled and there was
no error (during build, or at runtime).

The attached patch adds a minimal modification to the debian/rules file
to add support for hardening flags (other methods are available).
Note that PIE and bindnow are not enabled by default, and that you can
decide to enable this options for additional features (see the following
link for details).

You can control and enable/disable each hardening flag independently,
see
http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html
for details.

Thanks,
Pierre

diff -ruN tcsh-6.17.06.orig/debian/rules tcsh-6.17.06/debian/rules
--- tcsh-6.17.06.orig/debian/rules	2011-10-05 16:18:33.000000000 +0200
+++ tcsh-6.17.06/debian/rules	2011-10-05 16:13:23.000000000 +0200
@@ -3,6 +3,9 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
+-include /usr/share/dpkg/buildflags.mk
+export CPPFLAGS CFLAGS LDFLAGS
+
 CFLAGS += -D_FILE_OFFSET_BITS=64
 
 %:

--- End Message ---

--- Begin Message ---

Source: tcsh
Source-Version: 6.18.01-1

We believe that the bug you reported is fixed in the latest version of
tcsh, which is due to be installed in the Debian FTP archive:

tcsh_6.18.01-1.diff.gz
  to main/t/tcsh/tcsh_6.18.01-1.diff.gz
tcsh_6.18.01-1.dsc
  to main/t/tcsh/tcsh_6.18.01-1.dsc
tcsh_6.18.01-1_amd64.deb
  to main/t/tcsh/tcsh_6.18.01-1_amd64.deb
tcsh_6.18.01.orig.tar.gz
  to main/t/tcsh/tcsh_6.18.01.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 644...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Lange <la...@debian.org> (supplier of updated tcsh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 14 Feb 2012 14:05:09 +0100
Source: tcsh
Binary: tcsh
Architecture: source amd64
Version: 6.18.01-1
Distribution: unstable
Urgency: low
Maintainer: Thomas Lange <la...@debian.org>
Changed-By: Thomas Lange <la...@debian.org>
Description: 
 tcsh       - TENEX C Shell, an enhanced version of Berkeley csh
Closes: 628960 644402 645238
Changes: 
 tcsh (6.18.01-1) unstable; urgency=low
 .
   * new upstream version Closes: #645238
   * rules: enable hardening options Closes: #644402
   * control: update to 3.9.2, no changes needed, remove package versions
     from build-depends
   * patches/co-completion: remove -co* completion Closes: #628960
   * watch: use passive mode for ftp
Checksums-Sha1: 
 883c681f0b834e2bb42de542292892ef0ada02f4 1155 tcsh_6.18.01-1.dsc
 eee2035645737197ff8059c84933a75d23cd76f9 926872 tcsh_6.18.01.orig.tar.gz
 71bd143d412cd9d9b71408719511fc2873d5664c 22346 tcsh_6.18.01-1.diff.gz
 d44af06b49abf392400e1e17a738a78a28a9cf6c 577602 tcsh_6.18.01-1_amd64.deb
Checksums-Sha256: 
 80a810075ed25abce81e8cfe9abb2417531a419ad98fc57fa4917fd8a984cf0a 1155 
tcsh_6.18.01-1.dsc
 d81ca27851f3e8545666399b4bcf25433e602a195113b3f7c73886fef84c9fa8 926872 
tcsh_6.18.01.orig.tar.gz
 a9976fbdf92250c701a78c899226b35f6b20c670b13b6c3574ada0b2a73cedbe 22346 
tcsh_6.18.01-1.diff.gz
 bdb1fb22d35f2c0ee46cbe0f2abfd5db99b98e353af441db7b3a3e42229ed351 577602 
tcsh_6.18.01-1_amd64.deb
Files: 
 88b748be239efc02a010f9d9a3a96341 1155 shells optional tcsh_6.18.01-1.dsc
 6eed09dbd4223ab5b6955378450d228a 926872 shells optional 
tcsh_6.18.01.orig.tar.gz
 446806152f9d075914e63262d79808f7 22346 shells optional tcsh_6.18.01-1.diff.gz
 2e5dcd4f4aec42668cc2583921f0690d 577602 shells optional 
tcsh_6.18.01-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPOl+v3BPlTqubZv0RAiY9AJ4gwTSQJ5SkrJVSzvn3yY3Q8e4LbwCgs3Ds
m7KkoT9hAsE+ZwlbxjIuGaY=
=UXpF
-----END PGP SIGNATURE-----

--- End Message ---