Your message dated Mon, 12 Aug 2013 23:18:36 +0000 with message-id <[email protected]> and subject line Bug#688632: fixed in seaview 1:4.4.2-1 has caused the Debian Bug report #688632, regarding seaview: CFLAGS hardening flags missing for csrc/* to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 688632: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688632 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: seaview Version: 1:4.4.0-1 Severity: normal Tags: patch Dear Maintainer, The following CFLAGS hardening flags are missing because they are ignored in Makefile: CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/raa_acnuc.c CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/parser.c CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/md5.c CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/zsockr.c CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/misc_acnuc.c CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/dnapars.c CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/protpars.c CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/lwl.c CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/bionj.c CFLAGS missing (-g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c -O3 -D_FORTIFY_SOURCE=2 -Icsrc csrc/phyml_util.c For more hardening information please have a look at [1], [2] and [3]. The attached patch fixes the issue, if possible it should be sent to upstream. To check if all flags were correctly enabled you can use `hardening-check` from the hardening-includes package and check the build log with `blhc` (hardening-check doesn't catch everything). Regards, Simon [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags [2]: https://wiki.debian.org/HardeningWalkthrough [3]: https://wiki.debian.org/Hardening -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9Description: Use CFLAGS from environment for csrc/* (dpkg-buildflags). Necessary for hardening flags. Author: Simon Ruderich <[email protected]> Last-Update: 2012-09-24 --- seaview-4.4.0.orig/Makefile +++ seaview-4.4.0/Makefile @@ -49,7 +49,7 @@ seaview : $(OBJECTS) $(COBJECTS) -lX11 -lm -lz -lpthread $(COBJECTS) : $(CSRC)/$* - $(CC) -c $(DEBUG) $(OPT) $(CPPFLAGS) -I$(CSRC) $(CSRC)/$*.c + $(CC) -c $(DEBUG) $(OPT) $(CFLAGS) $(CPPFLAGS) -I$(CSRC) $(CSRC)/$*.c .SUFFIXES: .c .cxx .h .o
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: seaview Source-Version: 1:4.4.2-1 We believe that the bug you reported is fixed in the latest version of seaview, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Tille <[email protected]> (supplier of updated seaview package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 12 Aug 2013 13:03:12 +0200 Source: seaview Binary: seaview Architecture: source amd64 Version: 1:4.4.2-1 Distribution: unstable Urgency: low Maintainer: Debian Med Packaging Team <[email protected]> Changed-By: Andreas Tille <[email protected]> Description: seaview - Multiplatform interface for sequence alignment and phylogeny Closes: 688632 Changes: seaview (1:4.4.2-1) unstable; urgency=low . * New upstream version Closes: #688632 * debian/control: - cme fix dpkg-control - anonscm in Vcs fields * debian/patches/add-ldl.patch: Provide lacking -ldl for successfull linking Checksums-Sha1: ed9a2ee35d4387657a585cc2354a6dcbe3c20eb5 1491 seaview_4.4.2-1.dsc 1e4dbc738cbbf09a36d0f6071c3d1e0784ef24b5 323856 seaview_4.4.2.orig.tar.gz c604ac18490069b848c15d3b2b2c93387ebea14b 17934 seaview_4.4.2-1.debian.tar.gz 608f6fc46e55ad65985d5c3c1bdb60c0bfaa2016 299512 seaview_4.4.2-1_amd64.deb Checksums-Sha256: 7d2d288940644afff9cb9308966ef351763db5b2ffd478d27fb7f2b86dc22c33 1491 seaview_4.4.2-1.dsc 8f51c865556d447d34e5a1e2e9760fc309e9ca62b4ac43ea3e0aa648b5972800 323856 seaview_4.4.2.orig.tar.gz 6d0042fb1500f830019bc9d594027e36fe3980f53110ca1a248b8ecf55857157 17934 seaview_4.4.2-1.debian.tar.gz 8d325b076952d1d07ebf5b9103bc3d2ac4e45e03701a545d37e6f8c20b26b8d5 299512 seaview_4.4.2-1_amd64.deb Files: 421c026f7dca738d2a5b8cfb33bbe654 1491 non-free/science optional seaview_4.4.2-1.dsc a784b778507f7dd84faabf795a8155a8 323856 non-free/science optional seaview_4.4.2.orig.tar.gz 738e1488d05151627e1c46c6bf4db036 17934 non-free/science optional seaview_4.4.2-1.debian.tar.gz 2280177405a464789335746129383721 299512 non-free/science optional seaview_4.4.2-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iEYEARECAAYFAlIJadcACgkQYDBbMcCf01o4iwCcDnv2OSmSwRuDgEuz7tfmAr42 +DAAn20TNJVSzOQgl+A7FzonQwxYZh/1 =luLt -----END PGP SIGNATURE-----
--- End Message ---

