Your message dated Sat, 03 Mar 2012 16:35:29 +0000
with message-id <[email protected]>
and subject line Bug#662016: fixed in tcpdump 4.2.1-3
has caused the Debian Bug report #662016,
regarding tcpdump: CPPFLAGS hardening flags missing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
662016: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662016
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tcpdump
Severity: important
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
The hardening flags from CPPFLAGS are missing.
The problem is that configure.in doesn't correctly restore
CPPFLAGS in a test - which clears CPPFLAGS. The attached patch
fixes this issue (two typos). If possible it should also be send
to upstream to fix their configure.in.
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package:
$ hardening-check /usr/sbin/tcpdump
/usr/sbin/tcpdump:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes
For more information please have a look at [1], [2] and [3].
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPUjuHAAoJEJL+/bfkTDL5mk8QALmn7E+R8rmExuvSQcYWAF9c
ABeCXiBxYm9sunYE+vtC4y/4Fq8yLFRIGVjIRlywCvP5gzbWrxkALZ/mcJKoA6eq
QUq6VjERh0nWaMmK9utZDvRMf4232GAsCL5tbdzmvjvDt999sawVvq/ElvXOurRz
i+YopjDOKbmZsgDTEh6fs4eS8gyFEr8AFiWvs22MFF2XZ+pyAx9wlTTv/7mozi3I
CZU1aS0GqYKRbbGdmhFjoI+1kMHlivgNAT2lZgrH/oe7oyvHajQcoltpimzNDqTh
Toz26SQ3R97b/9Ab8zVYjmnlyl8zu+aQPO/Cto2n0N4dzIp1XrXrS8kShQsZAiLs
as9zlnbdLYQGLsO8bceMG1xI0c6dTH7GWDDAkTvx8Mbu+tYIRBqbBtapuBMjRY/4
QQghmKY2HFe4TcznvRMaZnjOSW9ScW0h5BPPkRS6k5pGjISAX0ZWgxMIWKFWUukQ
czN1ooXfXQPWocYSFQfW/hgVhrR67SCon9x4ve1UaS3BE+/HTT0FxRhbEqgzWyaX
CQtt/jUDkfXsFurkcxCko6TT9Yyys+pf+OAzLhbu5NXNOIYX1QK/L1FltjvN7B3y
Maygt5/resS2pvLprFSYZrWqZV1qNiBYGcsZr/rYIWYdboNUOiBjYNdXSQV0AJDl
mA2guYDBTIEh0Hdvqpsq
=vQ2q
-----END PGP SIGNATURE-----
Description: Fix incorrect restore of CPPFLAGS in configure.in.
Author: Simon Ruderich <[email protected]>
Last-Update: 2012-03-03
Index: tcpdump-4.2.1/configure.in
===================================================================
--- tcpdump-4.2.1.orig/configure.in 2012-03-03 16:28:48.000000000 +0100
+++ tcpdump-4.2.1/configure.in 2012-03-03 16:33:56.000000000 +0100
@@ -732,7 +732,7 @@
dnl Check for Mac OS X, which may ship pcap.h from 0.6 but libpcap may
dnl be 0.8; this means that lib has pcap_findalldevs but header doesn't
dnl have pcap_if_t.
- savedppflags="$CPPLAGS"
+ savedcppflags="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS $V_INCLS"
AC_CHECK_TYPES(pcap_if_t, , , [#include <pcap.h>])
CPPFLAGS="$savedcppflags"
--- End Message ---
--- Begin Message ---
Source: tcpdump
Source-Version: 4.2.1-3
We believe that the bug you reported is fixed in the latest version of
tcpdump, which is due to be installed in the Debian FTP archive:
tcpdump_4.2.1-3.debian.tar.gz
to main/t/tcpdump/tcpdump_4.2.1-3.debian.tar.gz
tcpdump_4.2.1-3.dsc
to main/t/tcpdump/tcpdump_4.2.1-3.dsc
tcpdump_4.2.1-3_amd64.deb
to main/t/tcpdump/tcpdump_4.2.1-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Romain Francoise <[email protected]> (supplier of updated tcpdump package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 03 Mar 2012 17:11:48 +0100
Source: tcpdump
Binary: tcpdump
Architecture: source amd64
Version: 4.2.1-3
Distribution: unstable
Urgency: low
Maintainer: Romain Francoise <[email protected]>
Changed-By: Romain Francoise <[email protected]>
Description:
tcpdump - command-line network traffic analyzer
Closes: 662016
Changes:
tcpdump (4.2.1-3) unstable; urgency=low
.
* Fix CPPFLAGS handling in upstream configure.in to avoid losing
hardening flags, patch by Simon Ruderich <[email protected]>
(closes: #662016).
* Fix some misspellings pointed out by lintian.
* debian/control: Set Standards-Version to 3.9.3.
Checksums-Sha1:
679169cc1236374b29fc4588bafda8343fd3518f 1267 tcpdump_4.2.1-3.dsc
27051b06653707b7b8a634e947eefd3f6fbb05c7 13160 tcpdump_4.2.1-3.debian.tar.gz
b0f0909db96d5524b053e953583fcf4307e26726 416432 tcpdump_4.2.1-3_amd64.deb
Checksums-Sha256:
8f01cf4927873f39faa4918c9e9100db673092f786d9afadb2586c74d21de4f2 1267
tcpdump_4.2.1-3.dsc
b741ffd015681a019d759937646f70014b5179b8e2047b275823759e5b09a184 13160
tcpdump_4.2.1-3.debian.tar.gz
5b73acad9504a99195929f0cf61b530cc51e4a5ef17d77c067175b985f1afa4b 416432
tcpdump_4.2.1-3_amd64.deb
Files:
df713a994a98624b8610565608f8bee1 1267 net optional tcpdump_4.2.1-3.dsc
c0807d5b549226e7604c1828d31242df 13160 net optional
tcpdump_4.2.1-3.debian.tar.gz
cf06fe5739262cd5d129d4929e7985b3 416432 net optional tcpdump_4.2.1-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFPUkSzogN2vsA8Vt8RAu5uAJwObojL/2bj5EZTXlegb2XiuXAQigCfZJS4
zUGMOM7uBUlG+cY9LaFowug=
=n+JO
-----END PGP SIGNATURE-----
--- End Message ---
