Your message dated Sun, 30 Mar 2014 18:18:40 +0000 with message-id <[email protected]> and subject line Bug#741439: fixed in mpv 0.3.7-1 has caused the Debian Bug report #741439, regarding mpv: Please enable all hardening options to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 741439: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741439 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: mpv Version: 0.3.6-1 Severity: normal Tags: patch Hello, As audio/movie player, mpv is vulnerable to exploits in the used libraries, which are common. PIE and bindnow provide additional hardening against those attacks. Please enable them by default. The following patch enables all additional flags (PIE and bindnow) and enables a verbose build to detect missing flags: diff -Nru mpv-0.3.6/debian/rules mpv-0.3.6/debian/rules --- mpv-0.3.6/debian/rules 2014-03-11 16:00:33.000000000 +0100 +++ mpv-0.3.6/debian/rules 2014-03-12 14:32:39.000000000 +0100 @@ -4,6 +4,9 @@ export CC=gcc-4.8 # fixes #73363 endif +export V := 1 +export DEB_BUILD_MAINT_OPTIONS := hardening=+all + %: dh $@ I've been using mpv with this patch for some time and haven't noticed any issues. Regards Simon -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: mpv Source-Version: 0.3.7-1 We believe that the bug you reported is fixed in the latest version of mpv, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alessandro Ghedini <[email protected]> (supplier of updated mpv package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 30 Mar 2014 20:00:42 +0200 Source: mpv Binary: mpv Architecture: source amd64 Version: 0.3.7-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <[email protected]> Changed-By: Alessandro Ghedini <[email protected]> Description: mpv - video player based on MPlayer/mplayer2 Closes: 741439 Changes: mpv (0.3.7-1) unstable; urgency=medium . * New upstream release * Enable all hardening options. Thanks to Simon Ruderich for the patch (Closes: #741439) Checksums-Sha1: 9d0bfd0e3a6fe909ce9805f1cab4a0a99b5db542 2631 mpv_0.3.7-1.dsc f83be4e2937d476c440b62f875288c456d85a71b 2520085 mpv_0.3.7.orig.tar.gz f07ad44715910b34127f6db09c4ca9235ca6cd7e 90808 mpv_0.3.7-1.debian.tar.xz 377bf5c7c49c1c9b226274a246f5c2bc0471160b 669426 mpv_0.3.7-1_amd64.deb Checksums-Sha256: 4d0d0b66e7cf7605f4a448f9c36581250029489f06299fea2b5a2371dbdc1277 2631 mpv_0.3.7-1.dsc 351098923a1830d1792c985018b8788d05285af05d70c5044508f2f6b6acbce2 2520085 mpv_0.3.7.orig.tar.gz 464fb73cedfa31259ee694c7044a8e84d664be458196ad63bbfa7bb26b4a8572 90808 mpv_0.3.7-1.debian.tar.xz 909b451bde24fa085aa4a91367db08131f520a6517657e31f2e61c7a81c1c1ce 669426 mpv_0.3.7-1_amd64.deb Files: 22b71499c749b7383fbbce10b934c12d 2631 video optional mpv_0.3.7-1.dsc 0e1398c324775998b0e60fdb11b9e06d 2520085 video optional mpv_0.3.7.orig.tar.gz 931c5120eb339fcf28be37bc9e47bbf6 90808 video optional mpv_0.3.7-1.debian.tar.xz bcefa386910335e291a5ed257db19571 669426 video optional mpv_0.3.7-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTOFyBAAoJEK+lG9bN5XPLHzIP/0qBvbFEspwhxXeTswcC6yqh ATg3C+6+u/1vL9bPr4EAHWOLzLhmkDuZWHeZ+klvnXbz50Whptb/QxAiWGpk4oZ3 laqjEjvm6F7melJ7pp0kKHtYNkozEAstl6AB74rN+nY1f2Jj9R/GQeaBZXjHjvPK hiE7mjX+Vn7PURc6lQINJaunSDz7BKs8EgEsxGbgIjnN//i1hpz53JQ8rSvYPylf Ax67Vs8cNHXx4ENbQBTLYOu+hZ0eM4tdym5jsGK/qM5HZfIclm2JDlMlpJITlaFr tryyI5701E6JBYb3EwRwLaXFNb81oE4Z1fZ0y1J087r63PQgZbf6fnxhuesnc4vz +O0PBw73/UF0XVXjxWGCRDlyJRPAG3s1PlzlgvKMjJr28SxxARdXi4gBFZEa1owm 4JUd7BztVZIqC7fFkZxm3+Xp2FwBLLgndpjRRMI70b6UXqCX+BEzDcavs8RcIrfx VQOfBusDwRRrsGI5Xy5ro4W0T9lfLQhpUp0SmltWA/l4JibTw7mlJaPv1BllWr4W BMDsSqhs79v86eXMO5Y74EyESKumRZvAWdOS/1sh9/1aHGna/5C4AwpUt4bO4KIi 4MVwQWEnLq6c+RIx/J5w8lGu3c7M/Njt2wQcW6oGznyWrAp+vAZMeZEgddpwQDRB XIMFG7SmTKoxFhPPkfRZ =P8Zi -----END PGP SIGNATURE-----
--- End Message ---
