Your message dated Mon, 12 Aug 2013 23:18:36 +0000
with message-id <[email protected]>
and subject line Bug#688632: fixed in seaview 1:4.4.2-1
has caused the Debian Bug report #688632,
regarding seaview: CFLAGS hardening flags missing for csrc/*
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
688632: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688632
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: seaview
Version: 1:4.4.0-1
Severity: normal
Tags: patch

Dear Maintainer,

The following CFLAGS hardening flags are missing because they are
ignored in Makefile:

    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc 
csrc/raa_acnuc.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/parser.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/md5.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/zsockr.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc 
csrc/misc_acnuc.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/dnapars.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/protpars.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/lwl.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/bionj.c
    CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security): gcc -c  -O3 -D_FORTIFY_SOURCE=2 -Icsrc 
csrc/phyml_util.c

For more hardening information please have a look at [1], [2] and
[3].

The attached patch fixes the issue, if possible it should be sent
to upstream.

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log with `blhc` (hardening-check doesn't catch
everything).

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
Description: Use CFLAGS from environment for csrc/* (dpkg-buildflags).
 Necessary for hardening flags.
Author: Simon Ruderich <[email protected]>
Last-Update: 2012-09-24

--- seaview-4.4.0.orig/Makefile
+++ seaview-4.4.0/Makefile
@@ -49,7 +49,7 @@ seaview : $(OBJECTS) $(COBJECTS)
          -lX11 -lm -lz -lpthread
 
 $(COBJECTS) : $(CSRC)/$*
-	$(CC) -c $(DEBUG) $(OPT) $(CPPFLAGS) -I$(CSRC) $(CSRC)/$*.c
+	$(CC) -c $(DEBUG) $(OPT) $(CFLAGS) $(CPPFLAGS) -I$(CSRC) $(CSRC)/$*.c
 
 
 .SUFFIXES:	.c .cxx .h .o

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message ---
Source: seaview
Source-Version: 1:4.4.2-1

We believe that the bug you reported is fixed in the latest version of
seaview, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille <[email protected]> (supplier of updated seaview package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 12 Aug 2013 13:03:12 +0200
Source: seaview
Binary: seaview
Architecture: source amd64
Version: 1:4.4.2-1
Distribution: unstable
Urgency: low
Maintainer: Debian Med Packaging Team 
<[email protected]>
Changed-By: Andreas Tille <[email protected]>
Description: 
 seaview    - Multiplatform interface for sequence alignment and phylogeny
Closes: 688632
Changes: 
 seaview (1:4.4.2-1) unstable; urgency=low
 .
   * New upstream version
     Closes: #688632
   * debian/control:
      - cme fix dpkg-control
      - anonscm in Vcs fields
   * debian/patches/add-ldl.patch: Provide lacking -ldl for successfull linking
Checksums-Sha1: 
 ed9a2ee35d4387657a585cc2354a6dcbe3c20eb5 1491 seaview_4.4.2-1.dsc
 1e4dbc738cbbf09a36d0f6071c3d1e0784ef24b5 323856 seaview_4.4.2.orig.tar.gz
 c604ac18490069b848c15d3b2b2c93387ebea14b 17934 seaview_4.4.2-1.debian.tar.gz
 608f6fc46e55ad65985d5c3c1bdb60c0bfaa2016 299512 seaview_4.4.2-1_amd64.deb
Checksums-Sha256: 
 7d2d288940644afff9cb9308966ef351763db5b2ffd478d27fb7f2b86dc22c33 1491 
seaview_4.4.2-1.dsc
 8f51c865556d447d34e5a1e2e9760fc309e9ca62b4ac43ea3e0aa648b5972800 323856 
seaview_4.4.2.orig.tar.gz
 6d0042fb1500f830019bc9d594027e36fe3980f53110ca1a248b8ecf55857157 17934 
seaview_4.4.2-1.debian.tar.gz
 8d325b076952d1d07ebf5b9103bc3d2ac4e45e03701a545d37e6f8c20b26b8d5 299512 
seaview_4.4.2-1_amd64.deb
Files: 
 421c026f7dca738d2a5b8cfb33bbe654 1491 non-free/science optional 
seaview_4.4.2-1.dsc
 a784b778507f7dd84faabf795a8155a8 323856 non-free/science optional 
seaview_4.4.2.orig.tar.gz
 738e1488d05151627e1c46c6bf4db036 17934 non-free/science optional 
seaview_4.4.2-1.debian.tar.gz
 2280177405a464789335746129383721 299512 non-free/science optional 
seaview_4.4.2-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iEYEARECAAYFAlIJadcACgkQYDBbMcCf01o4iwCcDnv2OSmSwRuDgEuz7tfmAr42
+DAAn20TNJVSzOQgl+A7FzonQwxYZh/1
=luLt
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to