Your message dated Mon, 12 Mar 2012 22:06:53 +0000
with message-id <[email protected]>
and subject line Bug#663581: fixed in ncompress 4.2.4.4-4
has caused the Debian Bug report #663581,
regarding ncompress: CPPFLAGS/LDFLAGS hardening flags missing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
663581: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663581
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ncompress
Version: 4.2.4.4
Severity: important
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
The CPPFLAGS and LDFLAGS hardening flags are missing because
debian/rules doesn't set them.
The following patch fixes the issue.
diff -Nru ncompress-4.2.4.4/debian/rules ncompress-4.2.4.4/debian/rules
--- ncompress-4.2.4.4/debian/rules 2011-09-27 02:14:10.000000000 +0200
+++ ncompress-4.2.4.4/debian/rules 2012-03-12 15:12:25.000000000 +0100
@@ -38,7 +38,7 @@
build-indep: build-stamp
build-stamp:
dh_testdir
- gcc $(CFLAGS) -o compress -DNOFUNCDEF -DCOMPILE_DATE="\"`date`\""
compress42.c
+ gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o compress -DNOFUNCDEF
-DCOMPILE_DATE="\"`date`\"" compress42.c
touch build-stamp
configure:
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):
$ hardening-check /usr/bin/compress
/usr/bin/compress:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
(Position Independent Executable and Immediate binding is not
enabled by default.)
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPXgWKAAoJEJL+/bfkTDL59scQALYC2hkh/iYdrshSJlUv9QqP
yHgzMc/GY3Unc2UaZ/xAwBZJSHT1nNXCYd+C04Q9Sp7MT8MqZ/M/MY//2obOhciL
P/LgHaIrIrGSQ32E5a1iStZ+WRoqMuYD4dJkHJSmZdzMh4Z4P35+PKw9uJJssKA9
q8Rxs+gpk0CMnXTteltK1OtW38IVLwtnwLrBnMxOaDqJegIViI78As96JDSf2pAK
DZ05EZm6yPqwCcJDjY4bOfbShSDtGRWxQNsXtjBm5dJe3PUb0hm+FEqOcnadwoFK
dxvUXaGjCuyttd0y8SFnOfZWziiDE+3VwQ+k5Wo57z0TgTHh9NCzvoqnOzJYCX7x
rfzWYj2tPZ62ijsPkQGsGGVITOSPMZ5bJUM0k+PVAn/w+aXljEtovOpQJ39s2ZAB
LZjv7E8kVMSuE8HqDOQvVoHdrHSwsfKw7SI1zyXPpIyUfWYhqYjhS+9jrupWHTf8
GH3kqYC7wa7donAxTgTb5WsX2EzS8cyzQvctUL6Z0E+6+3Yh1qxxw4pCvJ7ostvN
E7FAXv+vMg1mTZbn0A/pffKqrbSJsN4706AOJS56Zf46h2gPWX4TaeczRRSX0mMK
gtG0ovjThdwjAjBNIXE5G0zPUGDjVVhSUIpdRQkZ2cCYLJMkPQTqePsJdFwIuklW
9IBSXzR1Mn/6843mjJ2v
=jAZ3
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: ncompress
Source-Version: 4.2.4.4-4
We believe that the bug you reported is fixed in the latest version of
ncompress, which is due to be installed in the Debian FTP archive:
ncompress_4.2.4.4-4.debian.tar.gz
to main/n/ncompress/ncompress_4.2.4.4-4.debian.tar.gz
ncompress_4.2.4.4-4.dsc
to main/n/ncompress/ncompress_4.2.4.4-4.dsc
ncompress_4.2.4.4-4_amd64.deb
to main/n/ncompress/ncompress_4.2.4.4-4_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kenneth J. Pronovici <[email protected]> (supplier of updated ncompress
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 12 Mar 2012 12:06:24 -0500
Source: ncompress
Binary: ncompress
Architecture: source amd64
Version: 4.2.4.4-4
Distribution: unstable
Urgency: low
Maintainer: Kenneth J. Pronovici <[email protected]>
Changed-By: Kenneth J. Pronovici <[email protected]>
Description:
ncompress - original Lempel-Ziv compress/uncompress programs
Closes: 663581
Changes:
ncompress (4.2.4.4-4) unstable; urgency=low
.
* Update to machine-readable debian/copyright file format, version 1.0.
* Bump standards version to 3.9.3.0; no packaging changes.
* Add Build-Depends on dpkg-dev (>= 1.16.1), since I use buildflags.mk.
* Support compile-time hardening to meet the release goal for wheezy.
- Move to debhelper (>= 9) and debian/compat=9
- Add $LDFLAGS and $CPPFLAGS in debian/rules (closes: #663581).
Checksums-Sha1:
3258935a1b5c5962ee730d94e9404668d03111b8 1117 ncompress_4.2.4.4-4.dsc
54c13b405ad5600d37e921384b897af67fa1fea3 9256 ncompress_4.2.4.4-4.debian.tar.gz
c30b36dcb64bf3f132e650a21edf0d4132560de2 25748 ncompress_4.2.4.4-4_amd64.deb
Checksums-Sha256:
364b9128df385c3e38b0392aff74e7194ee4ef53742db2741418193861a3a1b9 1117
ncompress_4.2.4.4-4.dsc
2e43d13186b2a869a5f222d96b0787aa846cf59fc81b708148e08286c254f321 9256
ncompress_4.2.4.4-4.debian.tar.gz
b49279265fc510d77577b495c1d81389d00479ff046d8ef7f344a77d1caf8a05 25748
ncompress_4.2.4.4-4_amd64.deb
Files:
7dceaae9a462485ead95a2b8a1359ef1 1117 utils optional ncompress_4.2.4.4-4.dsc
5896d9ea3798a02cb9b9840daf8c1759 9256 utils optional
ncompress_4.2.4.4-4.debian.tar.gz
901e90f18e7085db474ad5017e31ea71 25748 utils optional
ncompress_4.2.4.4-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk9eZ9IACgkQ8On2ujzZUQSsaQCg20Va42QEgklkXtnxRYmVuQmL
mAgAniyGhNEVXjjbp0z2PDq0ykxig9v3
=dzN+
-----END PGP SIGNATURE-----
--- End Message ---
