Bug#665313: marked as done (mgen: Hardening flags missing for protolib/)

Tue, 27 Mar 2012 15:22:17 -0700 

Your message dated Tue, 27 Mar 2012 22:20:34 +0000
with message-id <[email protected]>
and subject line Bug#665313: fixed in mgen 5.02+dfsg2-3
has caused the Debian Bug report #665313,
regarding mgen: Hardening flags missing for protolib/
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
665313: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665313
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: mgen
Version: 5.02+dfsg2-2
Severity: important
Tags: patch

Dear Maintainer,

The hardening flags for protolib/ are missing because the build
system ignores them.

The following patch for debian/patches/hardening fixes the issue.

diff -Nru mgen-5.02+dfsg2/debian/patches/hardening 
mgen-5.02+dfsg2/debian/patches/hardening
--- mgen-5.02+dfsg2/debian/patches/hardening    2012-02-22 11:52:20.000000000 
+0100
+++ mgen-5.02+dfsg2/debian/patches/hardening    2012-03-23 01:14:52.000000000 
+0100
@@ -59,3 +59,13 @@
  SYSTEM_LIBS = -ldl -lrt
  
  # 6) System specific capabilities
+--- a/mgen/protolib/makefiles/Makefile.common
++++ b/mgen/protolib/makefiles/Makefile.common
+@@ -16,6 +16,7 @@
+ INCLUDES = $(TCL_INCL_PATH) $(SYSTEM_INCLUDES) -I../include
+ 
+ CFLAGS = -g -DPROTO_DEBUG -DUNIX -D_FILE_OFFSET_BITS=64 -O $(SYSTEM_CFLAGS) 
-fPIC $(SYSTEM_HAVES) $(INCLUDES)
++CFLAGS += $(shell dpkg-buildflags --get CFLAGS) $(shell dpkg-buildflags --get 
CPPFLAGS)
+ 
+ LDFLAGS = $(SYSTEM_LDFLAGS)
+ 

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):

    $ hardening-check /usr/bin/mgen
    /usr/bin/mgen:
     Position Independent Executable: yes
     Stack protected: yes
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: yes

(Position Independent Executable and Immediate binding is not
enabled by default.)

Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Source: mgen
Source-Version: 5.02+dfsg2-3

We believe that the bug you reported is fixed in the latest version of
mgen, which is due to be installed in the Debian FTP archive:

mgen-doc_5.02+dfsg2-3_all.deb
  to main/m/mgen/mgen-doc_5.02+dfsg2-3_all.deb
mgen_5.02+dfsg2-3.debian.tar.gz
  to main/m/mgen/mgen_5.02+dfsg2-3.debian.tar.gz
mgen_5.02+dfsg2-3.dsc
  to main/m/mgen/mgen_5.02+dfsg2-3.dsc
mgen_5.02+dfsg2-3_i386.deb
  to main/m/mgen/mgen_5.02+dfsg2-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raoul Gunnar Borenius <[email protected]> (supplier of updated mgen package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 27 Mar 2012 22:53:25 +0200
Source: mgen
Binary: mgen mgen-doc
Architecture: source i386 all
Version: 5.02+dfsg2-3
Distribution: unstable
Urgency: low
Maintainer: Raoul Gunnar Borenius <[email protected]>
Changed-By: Raoul Gunnar Borenius <[email protected]>
Description: 
 mgen       - packet generator for IP network performance tests
 mgen-doc   - mgen user and reference guide
Closes: 665313
Changes: 
 mgen (5.02+dfsg2-3) unstable; urgency=low
 .
   * enable hardening flags in protolib/ (thanks to Simon Ruderich)
     (Closes: #665313)
   * changed "Recommends: mgen-doc" into "Suggests: mgen-doc" to
     avoid installing the doc-package by default (and thereby installing
     the complete web based debian help system)
   * put doc files in mgen-doc package in it's own directory in /usr/share/doc
     to get rid of lintian warning 'doc-package-depends-on-main-package'
   * bumped Standards-Version to 3.9.3
Checksums-Sha1: 
 c6fe48db12ef8e4dbd53274f47597685b3638f33 1762 mgen_5.02+dfsg2-3.dsc
 6f44e89035b6e7ed5e4f8f852966cff19e1eb75a 13020 mgen_5.02+dfsg2-3.debian.tar.gz
 86a352629bf86f6be13a642d4493f7f219c48117 114252 mgen_5.02+dfsg2-3_i386.deb
 5c62ef4d0a51d09cfe4369cdda6b784e5c608be9 1296026 mgen-doc_5.02+dfsg2-3_all.deb
Checksums-Sha256: 
 85969b48175ec70ed247c4d4e0b4cc40f7cd4f6eedc5cea40f40b459eb6bca64 1762 
mgen_5.02+dfsg2-3.dsc
 908cd9abdb32481e6c66e4f7aa6bd34338b66e175d17d3d53d83df169bf3cf5b 13020 
mgen_5.02+dfsg2-3.debian.tar.gz
 b6a4acd2f6c641fd3a0e086bf47404a6ab992ea2f2a282a300d338158250f52a 114252 
mgen_5.02+dfsg2-3_i386.deb
 449d913981d85c113da16054b475d006135173df93c8ff5bdd6e93d27d1887cd 1296026 
mgen-doc_5.02+dfsg2-3_all.deb
Files: 
 7943924a741afdccca8c0928009fbd67 1762 net optional mgen_5.02+dfsg2-3.dsc
 881fc539a653ff3018c652587cc7216d 13020 net optional 
mgen_5.02+dfsg2-3.debian.tar.gz
 8998dcdff3deb9f49c3b53fac2727c79 114252 net optional mgen_5.02+dfsg2-3_i386.deb
 2c77dd5d3d87d5dee5e32160e864436d 1296026 doc optional 
mgen-doc_5.02+dfsg2-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJPcjg0AAoJELbE2bY7/+c8Q50QAKltMjKvcANkpHwFUBP8sIyT
6v6/cbiMyPLsU9JNWE5uT4N8Ml2Z9vQWuCffNSg3fo1HqQfiH7k/wLoTNHwCTCu+
BO14ynWX7SHqlEGnSA7swV73mpEAtLjr/9qh5JcqcRDiLq9L2bT3aCtWipXZHpf/
l25RJKxMUroszIrMFAVgssRHsu2YbXi3qV64ccgHIfT7fQzJla5Arvb7Hq5Hv0yg
/6I4C7ht2sC9Dx3xhPlb0cih+WfIgY3rsn2lfi8k0FuXA8JWLVyzKbJ43eFSLaKe
BE0vth7DcXjD+rQbe5iEUp7rOHnYafyZqKg4ZZcfB6bPq9Wmqxv7kuK6xOWg3xAv
kEajSYGy4BIXhq4ttmxSdsGOXR47EH8CU1BEe8odUniWd57lXe25rvFDHMM1S2Bm
3ZO/TdDg3VsoKlGnxMdq08dnS76MeSIyqTdo4tWBZ7MQkAP4qtmGudniGnUAVVY0
jOCh1oQwaMgjT3Zw/XHHYhBPVipgMb3W0t1/smDnhUDoaUyoR+3NRqYfjJLjzDVc
ijlq0011TMMJLZDy7c5lDfkroYmRNaoKcOF4ouREwGdmuPx4Fg5j0hvJPbg0iluN
nn4nXOOVbej8bqdKWmpSK6ZN3Hnm8W/EqAdjTCPTer2T5hxr2aKJUK4BasBWQjs9
xiIQihI/9ouLrXCyf87w
=bwcU
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to