Bug#687328: marked as done (enca: CFLAGS hardening flags missing)

Debian Bug Tracking System Wed, 12 Sep 2012 02:21:27 -0700

Your message dated Wed, 12 Sep 2012 09:17:47 +0000
with message-id <[email protected]>
and subject line Bug#687328: fixed in enca 1.14-2
has caused the Debian Bug report #687328,
regarding enca: CFLAGS hardening flags missing
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
687328: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687328
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: enca
Version: 1.14-1
Severity: normal
Tags: patch

Dear Maintainer,

The CFLAGS hardening/build flags are missing because they are
overwritten in debian/rules. For more hardening information
please have a look at [1], [2] and [3].

The following patch fixes the issue.

diff -Nru enca-1.14/debian/rules enca-1.14/debian/rules
--- enca-1.14/debian/rules      2012-09-11 11:46:23.000000000 +0200
+++ enca-1.14/debian/rules      2012-09-11 20:33:01.000000000 +0200
@@ -13,7 +13,7 @@
 DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
 
 
-CFLAGS = -Wall -g
+CFLAGS += -Wall -g
 
 ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
        CFLAGS += -O0

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log with `blhc` (hardening-check doesn't catch
everything):

    $ hardening-check /usr/lib/libenca.so.0.5.1 
/usr/lib/debug/usr/lib/libenca.so.0.5.1 /usr/bin/enca
    /usr/lib/libenca.so.0.5.1:
     Position Independent Executable: no, regular shared library (ignored)
     Stack protected: yes
     Fortify Source functions: no, only unprotected functions found!
     Read-only relocations: yes
     Immediate binding: no not found!
    /usr/lib/debug/usr/lib/libenca.so.0.5.1:
     Position Independent Executable: no, regular shared library (ignored)
     Stack protected: yes
     Fortify Source functions: unknown, not linked against libc
     Read-only relocations: yes
     Immediate binding: no not found!
    /usr/bin/enca:
     Position Independent Executable: no, normal executable!
     Stack protected: no, not found!
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: no not found!

(Position Independent Executable and Immediate binding is not
enabled by default.)

Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: enca
Source-Version: 1.14-2

We believe that the bug you reported is fixed in the latest version of
enca, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michal Čihař <[email protected]> (supplier of updated enca package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 12 Sep 2012 10:41:54 +0200
Source: enca
Binary: enca libenca0 libenca-dev libenca-dbg
Architecture: source amd64
Version: 1.14-2
Distribution: unstable
Urgency: low
Maintainer: Michal Čihař <[email protected]>
Changed-By: Michal Čihař <[email protected]>
Description: 
 enca       - Extremely Naive Charset Analyser - binaries
 libenca-dbg - Extremely Naive Charset Analyser - debug files
 libenca-dev - Extremely Naive Charset Analyser - development files
 libenca0   - Extremely Naive Charset Analyser - shared library files
Closes: 687328
Changes: 
 enca (1.14-2) unstable; urgency=low
 .
   * Remove overriding of CFLAGS in debian/rules (Closes: #687328).
Checksums-Sha1: 
 b96b423651a3e797b08b8910273773a4a9908449 1987 enca_1.14-2.dsc
 f67bd1ff28cbbd370310f4c9955a49b518bea32a 4840 enca_1.14-2.debian.tar.gz
 656f2c729625cae8f336e22dc1c98241cd41b8e4 60226 enca_1.14-2_amd64.deb
 87bfee3f1eb1818cc7e42c2ab7a79f4044c7bddb 76468 libenca0_1.14-2_amd64.deb
 75f5f17766fe649cd4ad332e0e1be73f98db9908 29280 libenca-dev_1.14-2_amd64.deb
 90d2a313a82cf5d8be6aef689067a0efa3fa1fa7 120532 libenca-dbg_1.14-2_amd64.deb
Checksums-Sha256: 
 181fd39eea3c047677aa76c82eb06c2135ba7d9f0fb8e1933df3ab89707909b0 1987 
enca_1.14-2.dsc
 24a5810e6bdc82491cf78baf0b8c1a3b572580c3fd96ea415fc8b63ddfdc90ab 4840 
enca_1.14-2.debian.tar.gz
 b4125a7dde07325324d5d62ae49cc972789b51c88323ac4707d5a40e76c6cb8b 60226 
enca_1.14-2_amd64.deb
 4fd3967d9ba2349e8fd9973df56d8ab92605911a5d336aeb5231bc4a8655d830 76468 
libenca0_1.14-2_amd64.deb
 22ac3741ca4f2a5cdd1f9bc89dc7778a1229f184c0c663f4b87ed6c0e9f4f0b8 29280 
libenca-dev_1.14-2_amd64.deb
 7823edb61849f664eee2dfa6536f34635abe42e3bc1042dcce3d826eff248eb5 120532 
libenca-dbg_1.14-2_amd64.deb
Files: 
 2eadf9e9f4bd0b11f0f8e7d08aeec49a 1987 text optional enca_1.14-2.dsc
 2f1e3826bc8a5622cd683abb97615ba1 4840 text optional enca_1.14-2.debian.tar.gz
 4f6da4e4fcd8d76eee297572779c8900 60226 text optional enca_1.14-2_amd64.deb
 683bd53878a2696341ae3a92cf149537 76468 libs optional libenca0_1.14-2_amd64.deb
 4403d8c74ff91a553426ae095fe6ba71 29280 libdevel optional 
libenca-dev_1.14-2_amd64.deb
 f25783abf84beecf9425dd7e8f38661b 120532 debug extra 
libenca-dbg_1.14-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQUEuHAAoJEGo39bHX+xdNIdAQAJs8pRaNpwFUu+VAE9WErWIe
czrSabbUaf5JyRPa5LIBtE1SN/agaBx05o8C0jwDr+p1qikLJVLiYDRHHWJScq3I
JeyMezsLg9yTv33PgfDonudrBr+scNILWcav7zS3jZzB8gjRuS3ZLyUDXiiA3ONZ
35qHNX303s//+CM6uqlLiskYczOF4bO8Oxk65ePre7UxpoFqy/OoT5ItrhudNee1
5woGF/Jssz8NwlYbbwvTdKDVgXUeCDQNNTeJSKombh/7fP+voMsdsUHloEy38vqb
EDM6n1XXNNjR1FD1rkpzqXW/pDLQOgl7poLxUQlGV74OcpdBFb7KDaUNOBB0P+M3
M6UzjKV6v1a86syMrUsqePfXeF/zv2jKAitC/ff2W5Kp3M0MRO1DVnY0IzLk2FrH
Yy6HJHdJR1N9MkF1Eh5PLkrM6SP5UZlzXM04fMO7lr47QJp7nimN2yPLQZiZx779
K9/78Gr7Ko165DgTze5AcJYpe+1pzu+kgw27CIuDYnXgTwmahW/nrXQ5PcQ6baSr
wmHtcpeQ6NdA2ytiBFTiIDAIIpR4zo56EuZdOQFpNe1XcN4s6wsPlNFRN02gXHdq
yo2Qv/FRk2bOtAsm6Tge2uUS7D2NfrVVlzoQ6J916C1g425nVWyYMA/ARWVbWjeT
sPQS9Iq+HQW9FGMJRXUE
=YvuZ
-----END PGP SIGNATURE-----

--- End Message ---

Bug#687328: marked as done (enca: CFLAGS hardening flags missing)

Reply via email to