Your message dated Tue, 22 May 2012 08:54:05 +0000
with message-id <e1swkqz-0002sm...@franck.debian.org>
and subject line Bug#669182: fixed in gtk2-engines-oxygen 1.2.4-1
has caused the Debian Bug report #669182,
regarding gtk2-engines-oxygen: LDFLAGS hardening flags missing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
669182: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669182
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gtk2-engines-oxygen
Version: 1.2.2-1
Severity: normal
Tags: patch

Dear Maintainer,

The LDFLAGS hardening flags are missing because they are
overwritten in debian/rules. For more hardening information
please have a look at [1], [2] and [3].

The following patch fixes the issue.

diff -Nru gtk2-engines-oxygen-1.2.2/debian/rules 
gtk2-engines-oxygen-1.2.2/debian/rules
--- gtk2-engines-oxygen-1.2.2/debian/rules      2012-01-21 20:09:29.000000000 
+0100
+++ gtk2-engines-oxygen-1.2.2/debian/rules      2012-04-15 18:54:39.000000000 
+0200
@@ -7,9 +7,9 @@
        dh_auto_configure -- \
                -DDEBIAN_NO_DEMOS=1 \
                -DCMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT=yes \
-               -DCMAKE_SHARED_LINKER_FLAGS="-Wl,--no-undefined 
-Wl,--as-needed" \
-               -DCMAKE_MODULE_LINKER_FLAGS="-Wl,--no-undefined 
-Wl,--as-needed" \
-               -DCMAKE_EXE_LINKER_FLAGS="-Wl,--no-undefined -Wl,--as-needed"
+               -DCMAKE_SHARED_LINKER_FLAGS="$(LDFLAGS) -Wl,--no-undefined 
-Wl,--as-needed" \
+               -DCMAKE_MODULE_LINKER_FLAGS="$(LDFLAGS) -Wl,--no-undefined 
-Wl,--as-needed" \
+               -DCMAKE_EXE_LINKER_FLAGS="$(LDFLAGS) -Wl,--no-undefined 
-Wl,--as-needed"
 
 override_dh_makeshlibs:
        dh_makeshlibs -X/usr/lib/$(DEB_HOST_MULTIARCH)/gtk-2.0

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (for example with blhc [4]) (hardening-check
doesn't catch everything):

    $ hardening-check 
/usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/engines/liboxygen-gtk.so
    /usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/engines/liboxygen-gtk.so:
     Position Independent Executable: no, regular shared library (ignored)
     Stack protected: yes
     Fortify Source functions: no, only unprotected functions found!
     Read-only relocations: yes
     Immediate binding: no not found!

(Position Independent Executable and Immediate binding is not
enabled by default.)

Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
[4]: http://ruderich.org/simon/blhc/
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message ---
Source: gtk2-engines-oxygen
Source-Version: 1.2.4-1

We believe that the bug you reported is fixed in the latest version of
gtk2-engines-oxygen, which is due to be installed in the Debian FTP archive:

gtk2-engines-oxygen_1.2.4-1.debian.tar.bz2
  to main/g/gtk2-engines-oxygen/gtk2-engines-oxygen_1.2.4-1.debian.tar.bz2
gtk2-engines-oxygen_1.2.4-1.dsc
  to main/g/gtk2-engines-oxygen/gtk2-engines-oxygen_1.2.4-1.dsc
gtk2-engines-oxygen_1.2.4-1_amd64.deb
  to main/g/gtk2-engines-oxygen/gtk2-engines-oxygen_1.2.4-1_amd64.deb
gtk2-engines-oxygen_1.2.4.orig.tar.bz2
  to main/g/gtk2-engines-oxygen/gtk2-engines-oxygen_1.2.4.orig.tar.bz2



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 669...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Fathi Boudra <f...@debian.org> (supplier of updated gtk2-engines-oxygen package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 22 May 2012 10:08:56 +0300
Source: gtk2-engines-oxygen
Binary: gtk2-engines-oxygen
Architecture: source amd64
Version: 1.2.4-1
Distribution: unstable
Urgency: low
Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>
Changed-By: Fathi Boudra <f...@debian.org>
Description: 
 gtk2-engines-oxygen - Oxygen widget theme for GTK+-based applications
Closes: 669182 670830
Changes: 
 gtk2-engines-oxygen (1.2.4-1) unstable; urgency=low
 .
   * New upstream release.
     - Fix codeblocks crash. (Closes: #670830)
 .
   [ Kai Wasserb├Ąch ]
   * debian/control: Change B-D from libdbus-glib-1-dev to libglib2.0-dev
     >= 2.26.0, preferred by upstream's build system.
 .
   [ Fathi Boudra ]
   * Update debian/rules: use DEB_LDFLAGS_MAINT_APPEND. (Closes: #669182)
Checksums-Sha1: 
 d98c6a59fe2e2ebcea6aeb57c2c64d45b5f22c0d 1688 gtk2-engines-oxygen_1.2.4-1.dsc
 4128d599e77c254b8498772b2f92601f19f4f4c3 191260 
gtk2-engines-oxygen_1.2.4.orig.tar.bz2
 070b07e96e8612c69761ee769e0b0a2aa0c965cc 3946 
gtk2-engines-oxygen_1.2.4-1.debian.tar.bz2
 cde78b096c66ce2d9d0958bb797fecde44581d61 473150 
gtk2-engines-oxygen_1.2.4-1_amd64.deb
Checksums-Sha256: 
 43c2f4275a45a8be9cb06536f057579a74d83c563bd97378979adbaf5624826b 1688 
gtk2-engines-oxygen_1.2.4-1.dsc
 ca779f9d7112a5879e5915e5486d5472e97693e3409c0cad4e1aedbabaee2af3 191260 
gtk2-engines-oxygen_1.2.4.orig.tar.bz2
 2c98ee799f4766a8802cb392034eb7709431f6f3a1ad0c1503371198b900d743 3946 
gtk2-engines-oxygen_1.2.4-1.debian.tar.bz2
 87d41f2c77138eabfd2dd84ae228098199f18025c0ae3d95bc667d0d438e297a 473150 
gtk2-engines-oxygen_1.2.4-1_amd64.deb
Files: 
 c9095ea7d68c3d601a220235361321ba 1688 gnome optional 
gtk2-engines-oxygen_1.2.4-1.dsc
 107c56ae519483fcb747b751680bbf37 191260 gnome optional 
gtk2-engines-oxygen_1.2.4.orig.tar.bz2
 630c4f29178ddfa5b3f86e71d96e0f1e 3946 gnome optional 
gtk2-engines-oxygen_1.2.4-1.debian.tar.bz2
 a1b0a995305236b0242416893a1f6b4d 473150 gnome optional 
gtk2-engines-oxygen_1.2.4-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iJwEAQECAAYFAk+7SAcACgkQjPU19mqlcvdSCwP/RRB0j2CGpTwuWlMb1N1D8HRm
5Q1G4qpvCaqAnmAwAnEcqB0DzYWBnKkUPu4BTnkf+ij46FhCVnHSd0LvTztwYfG2
jsL8uoAgxZZyTSGcvvKEVFvvImUJQwl4N/Kiy1cPUYpB1KargJlUItUB/SLgLjTO
aqG5hvHGBJ5jXP2cVew=
=vRtz
-----END PGP SIGNATURE-----



--- End Message ---
_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

Reply via email to