Your message dated Tue, 05 Feb 2019 20:43:28 +0000 with message-id <[email protected]> and subject line Bug#666219: fixed in bchunk 1.2.2-1 has caused the Debian Bug report #666219, regarding bchunk: Hardening flags missing to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 666219: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666219 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: bchunk Version: 1.2.0-12 Severity: important Tags: patch Dear Maintainer, The hardening flags are missing because the build system ignores them. The attached patch fixes the issue, if possible it should be sent upstream. To check if all flags were correctly enabled you can use `hardening-check` from the hardening-includes package and check the build log (hardening-check doesn't catch everything): $ hardening-check /usr/bin/bchunk /usr/bin/bchunk: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no not found! (Position Independent Executable and Immediate binding is not enabled by default.) Use find -type f \( -executable -o -name \*.so\* \) -exec hardening-check {} + on the build result to check all files. Regards, Simon [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags [2]: https://wiki.debian.org/HardeningWalkthrough [3]: https://wiki.debian.org/Hardening -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9Description: Use build flags from environment (dpkg-buildflags). Necessary for hardening flags. Author: Simon Ruderich <[email protected]> Last-Update: 2012-03-29 --- bchunk-1.2.0.orig/Makefile +++ bchunk-1.2.0/Makefile @@ -3,7 +3,7 @@ all: bchunk # For systems with GCC (Linux, and others with GCC installed): CC = gcc LD = gcc -CFLAGS = -Wall -Wstrict-prototypes -O2 +CFLAGS += -Wall -Wstrict-prototypes -O2 # For systems with a legacy CC: #CC = cc @@ -17,7 +17,7 @@ BIN_DIR = $(PREFIX)/bin MAN_DIR = $(PREFIX)/man .c.o: - $(CC) $(CFLAGS) -c $< + $(CC) $(CFLAGS) $(CPPFLAGS) -c $< clean: rm -f *.o *~ *.bak core @@ -33,7 +33,7 @@ installman: BITS = bchunk.o bchunk: $(BITS) - $(LD) $(LDFLAGS) -o bchunk $(BITS) + $(LD) $(CFLAGS) $(LDFLAGS) -o bchunk $(BITS) bchunk.o: bchunk.c
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: bchunk Source-Version: 1.2.2-1 We believe that the bug you reported is fixed in the latest version of bchunk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gürkan Myczko <[email protected]> (supplier of updated bchunk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 22 Oct 2018 23:49:30 +0200 Source: bchunk Architecture: source Version: 1.2.2-1 Distribution: unstable Urgency: medium Maintainer: Praveen Arimbrathodiyil <[email protected]> Changed-By: Gürkan Myczko <[email protected]> Closes: 436576 666219 918662 Changes: bchunk (1.2.2-1) unstable; urgency=medium . * New upstream version. * Bump standards version to 4.2.1. * Bump debhelper version to 11. * debian/patches: dropped, incorporated by upstream. * debian/rules: updated. (Closes: #666219) * Disable strip during install. (Closes: #436576) * debian/control: add myself as co-maintainer. (Closes: #918662) * debian/copyright: updated debian maintainers. Checksums-Sha1: d9a3a70dbdd6ee2784f58a437d9d4671c8611e9d 1735 bchunk_1.2.2-1.dsc 5d241a7923a53f8bcd3075d26801958a7e934ee5 15359 bchunk_1.2.2.orig.tar.gz 904635060d3be406254e444edba62f5e137647a3 6548 bchunk_1.2.2-1.debian.tar.xz b237b657c37170c94430754835f2404eb65a6b0d 4970 bchunk_1.2.2-1_source.buildinfo Checksums-Sha256: db788892517732e39a9990be687f6a0dbf91df0a570e91edb21ec90e6af9cf59 1735 bchunk_1.2.2-1.dsc e7d99b5b60ff0b94c540379f6396a670210400124544fb1af985dd3551eabd89 15359 bchunk_1.2.2.orig.tar.gz d1542df6586194559c02e2bd7791fbe71dd50e472b0ace8ebc4d1f1e0f411ed2 6548 bchunk_1.2.2-1.debian.tar.xz d3e9d889f7422a8e11df0f4d7548e84f452112f1212018ec9a29b7d7bf65adbb 4970 bchunk_1.2.2-1_source.buildinfo Files: 34711906259356e168738614e63e8a60 1735 otherosfs optional bchunk_1.2.2-1.dsc 0eeb764647824062085872ddb0b28c5a 15359 otherosfs optional bchunk_1.2.2.orig.tar.gz c6c01861cfdd91c701d7d70bd073568b 6548 otherosfs optional bchunk_1.2.2-1.debian.tar.xz 39a6a2bafe68c6e3fbc594fba1192005 4970 otherosfs optional bchunk_1.2.2-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8f9dDX4ALfD+VfsMplt42+Z8eqwFAlxQrCkACgkQplt42+Z8 eqx/wg//XuO9lnp7julNdTohEmhKWKrEl6rXbwTW4S92f120vUHewSRERV2iua5d SEvQcGCR831D+ZVA6hQ0M4/i79184eHXoVfsMuAkfn4ztbOxQyDjiwKRPE9jyFe7 wiSpTF+q0L8VC6KOueIBchPQizo2m8wSwFPbjaUKSL9kOZh2fjENI0IxBX+dA5yR IxVWEQutOsrMyA8+7rrzW4/sGUf10ThmUCcd/DqBbLXPmVGIqaF4vHzSw/FxShEn P5dPqjsQlcEewX1kqeLGvM8AbspZ+ob/VjP42Ci/fcxzYbCzrFjuWRI1IRInaxg7 +iXspMtLlBAobx5JdqQ3BJMD3GO3eMGh0Gpd3StBs9onVB2gVNres//XafVHxe8/ afyNyQVpD9/GdXzSmlKxwpOG2U2ql5mAIHCE1i0TlJ/DLlvnhTRf/kelXePBNsxb jroIKKw0q2+v3UJ4m4uEiZ/gz8XF+8+SFzHGIDcG18OspQmjQmhx+AmrrSHa2OKK WuUOgmpRRt3ocECTalSxyM5+9jsxtD0jjfMukdTx4tsqzB8hgny2Aa8DqO/Ey6KZ N1XXMXyniOAnjGV/K3YpVt0sHNbvRJCn1NR6jn0yh2xAXvwfF+4KjeiISEnUH6o2 9bOuEvYUYhu05cOx0b+kd5vNBE01oxjT3cEGFKU+xUACrLvap7M= =03m3 -----END PGP SIGNATURE-----
--- End Message ---
