Your message dated Fri, 09 Mar 2012 12:32:29 +0000
with message-id <[email protected]>
and subject line Bug#663013: fixed in isoqlog 2.2.1-7
has caused the Debian Bug report #663013,
regarding isoqlog: Please enable hardening flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
663013: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663013
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: isoqlog
Version: 2.2.1-6
Severity: important
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
Please consider enabling hardening flags which are a release goal
for wheezy. For more information please have a look at [1], [2]
and [3].
The following patch enables the hardening flags.
diff -Nru isoqlog-2.2.1/debian/rules isoqlog-2.2.1/debian/rules
--- isoqlog-2.2.1/debian/rules 2012-03-07 10:33:45.000000000 +0100
+++ isoqlog-2.2.1/debian/rules 2012-03-08 01:11:51.000000000 +0100
@@ -14,6 +14,8 @@
DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
CFLAGS += -g
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):
$ hardening-check /usr/bin/isoqlog
/usr/bin/isoqlog:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
(Position Independent Executable and Immediate binding is not
enabled by default.)
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPV/o+AAoJEJL+/bfkTDL5VHMQAK7ntE7Jixr9uTThHn9iQsHI
1hBuXa5SOH6AeWAEmj/OqKl2B344b9kGmhJUB5sTFrXpoCvGk4CSB7XRwFpoMt53
cg7scQ4a7K4Z1Ka1s/9gKqRb8WL6C/pozGnkKHDjjbambjsJYvEZXb9h2naE8Vrz
UmLwTg6WUzMb2Wam5iw3IzV75oS5LfqG5zfIbFaoLMgfyUcV3JayuDNzvARHjctj
ycbMNEK2SS1qWmlX9m/PsiSCVQV8HYkOPSJVgxEjj8HL8cSmuh9f6yrWxUgsDCEq
3Pgevgm80FOzZ2+SRsQeXssDhdhaRkbSiKTAHftBd+6DjcKuN3OUSQX7SPGLGXfq
OoZPSf3UlgbfvdTbQdKXPEARL0IBqv4pf8JKf8/F05HICROtXupYw/zkEUr+ZMNu
UKcUaxiF41TMcp66eIfG8eA0dHmC3lUejlh787vP9ioFlbShYEr2mvPdlE2E/fDx
le9gxj4EQSPVT5nKpkCIi1L4CE80UKbSrS1z5onNAOBWKYDhs0hs7aGkwsszIW07
HJdOaaYvMv9nrJpbyj4HpusQ2DlhFxwW8fFk4wXTRHDCbdhY80wWg6ZuwA+Lqn/I
OeOAO0KmVRbwt7xGgyodc9weAEOPdCwGLPM7C737Xu1gPSIiloRChe6SQT1zCWJf
yIGUl/Re70MUb7OYAFvF
=nc78
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: isoqlog
Source-Version: 2.2.1-7
We believe that the bug you reported is fixed in the latest version of
isoqlog, which is due to be installed in the Debian FTP archive:
isoqlog_2.2.1-7.debian.tar.gz
to main/i/isoqlog/isoqlog_2.2.1-7.debian.tar.gz
isoqlog_2.2.1-7.dsc
to main/i/isoqlog/isoqlog_2.2.1-7.dsc
isoqlog_2.2.1-7_amd64.deb
to main/i/isoqlog/isoqlog_2.2.1-7_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sergiusz Pawlowicz <[email protected]> (supplier of updated isoqlog package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 08 Mar 2012 00:00:01 +0000
Source: isoqlog
Binary: isoqlog
Architecture: source amd64
Version: 2.2.1-7
Distribution: unstable
Urgency: low
Maintainer: Sergiusz Pawlowicz <[email protected]>
Changed-By: Sergiusz Pawlowicz <[email protected]>
Description:
isoqlog - Mail Transport Agent log analysis program
Closes: 663013
Changes:
isoqlog (2.2.1-7) unstable; urgency=low
.
* Patch suggested by Simon Ruderich <[email protected]>
* Enables the hardening flags (Closes: #663013)
* Bump standards to current 3.9.3
Checksums-Sha1:
1440e7b399dc995759e28bf25d1b515edf074758 1132 isoqlog_2.2.1-7.dsc
50bee6c3dc1de4232b43a2b53656e9bede1981bb 21655 isoqlog_2.2.1-7.debian.tar.gz
8c649bd5b13351cbaeac6be991c355dfd9be6c70 60816 isoqlog_2.2.1-7_amd64.deb
Checksums-Sha256:
f3231203d5e52950ac14406a7d8f80135a4d9f752041bfd42ea5ebe3f19c8e07 1132
isoqlog_2.2.1-7.dsc
df3a362ca72d6c28faf3641678d0694de01f27128b889c80c7e534303d2dd538 21655
isoqlog_2.2.1-7.debian.tar.gz
28e9380a746c1efe3f5fa3991c5765c92f6c3134244cd31a72792d89376a2b05 60816
isoqlog_2.2.1-7_amd64.deb
Files:
827d95d3baae0a6adea54a8a9d78aafa 1132 mail optional isoqlog_2.2.1-7.dsc
053ee2fc723eaa7b037d93b0b32576f2 21655 mail optional
isoqlog_2.2.1-7.debian.tar.gz
5b446ab54e277b34a43f6f20d8a98653 60816 mail optional isoqlog_2.2.1-7_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk9Z89MACgkQhQui3hP+/EBGhgCgmHaP7qrj+gjs+hCqTDRGrpSU
ZzYAnRqm2R6SgrZkOFSTvbB1n3Z4+mAh
=F/9e
-----END PGP SIGNATURE-----
--- End Message ---
