Your message dated Sat, 02 Mar 2013 23:17:46 +0000
with message-id <e1ubvgy-0001re...@franck.debian.org>
and subject line Bug#669186: fixed in skanlite 1.0-1
has caused the Debian Bug report #669186,
regarding skanlite: LDFLAGS hardening flags missing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
669186: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669186
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: skanlite
Version: 0.8-2
Severity: normal
Tags: patch

Dear Maintainer,

The LDFLAGS hardening flags are missing because they are
overwritten in debian/rules.

DEB_*_MAINT_APPEND is the preferred way to set additional flags
(see man dpkg-buildflags for more information). For more
hardening information please have a look at [1], [2] and [3].

The following patch fixes the issue.

diff -Nru skanlite-0.8/debian/rules skanlite-0.8/debian/rules
--- skanlite-0.8/debian/rules   2012-01-06 15:12:32.000000000 +0100
+++ skanlite-0.8/debian/rules   2012-04-18 02:16:21.000000000 +0200
@@ -2,11 +2,7 @@
 
 DH_ALWAYS_EXCLUDE:=CVS:.svn:.svnignore:.hg:.hgignore
 
-override_dh_auto_configure:
-       dh_auto_configure --parallel -Skde -- \
-               -DCMAKE_SHARED_LINKER_FLAGS="-Wl,--no-undefined 
-Wl,--as-needed" \
-               -DCMAKE_MODULE_LINKER_FLAGS="-Wl,--no-undefined 
-Wl,--as-needed" \
-               -DCMAKE_EXE_LINKER_FLAGS="-Wl,--no-undefined -Wl,--as-needed"
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--no-undefined -Wl,--as-needed
 
 override_dh_install:
        dh_install --list-missing
@@ -14,4 +10,4 @@
 %:
        dh $@ --parallel --dbg-package=skanlite-dbg --with kde
 
-.PHONY: override_dh_auto_configure override_dh_install
+.PHONY: override_dh_install

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (for example with blhc [4]) (hardening-check
doesn't catch everything):

    $ hardening-check /usr/bin/skanlite
    /usr/bin/skanlite:
     Position Independent Executable: no, normal executable!
     Stack protected: no, not found!
     Fortify Source functions: unknown, no protectable libc functions used
     Read-only relocations: yes
     Immediate binding: no not found!

(Position Independent Executable and Immediate binding is not
enabled by default.)

Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
[4]: http://ruderich.org/simon/blhc/
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message ---
Source: skanlite
Source-Version: 1.0-1

We believe that the bug you reported is fixed in the latest version of
skanlite, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 669...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mark Purcell <m...@debian.org> (supplier of updated skanlite package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 03 Mar 2013 09:59:27 +1100
Source: skanlite
Binary: skanlite skanlite-dbg
Architecture: source amd64
Version: 1.0-1
Distribution: experimental
Urgency: low
Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>
Changed-By: Mark Purcell <m...@debian.org>
Description: 
 skanlite   - image scanner for KDE 4 based on the KSane backend
 skanlite-dbg - Skanlite's debugging symbols
Closes: 668417 669186 694467
Changes: 
 skanlite (1.0-1) experimental; urgency=low
 .
   * New Upstream Release
     - Fixes "Please update skanlite to 0.9" (Closes: #694467)
     - Fixes "Version 0.7 according to About" (Closes: #668417)
   * Fix "hardening flags" exported DEB_LDFLAGS_MAINT_APPEND (Closes: #669186)
Checksums-Sha1: 
 b12a1a86be0d452f08b57c3650c182812a96ec8f 1472 skanlite_1.0-1.dsc
 489cef573a3992e90e0c29581c67af9b9f0bc61f 2596852 skanlite_1.0.orig.tar.bz2
 d8fdee59b9af71f68735fa6fad022aa56bccd38d 15473 skanlite_1.0-1.debian.tar.bz2
 b0fa180af22c67653f35e294c95063c57bb35654 2671500 skanlite_1.0-1_amd64.deb
 1ec0e20ab38202217b9f8898cd24f84f3cc98036 533026 skanlite-dbg_1.0-1_amd64.deb
Checksums-Sha256: 
 67a2eba9fc8c7a348c6e28641b79103c2059eed6a582875b98d4dd68b9eeec0f 1472 
skanlite_1.0-1.dsc
 e1794d09d713e7279bde574215d1aeca6c3443194247db4b21f3fd48f4cccf29 2596852 
skanlite_1.0.orig.tar.bz2
 cf1f10af84b824b4c16919848dd442d2e0db3586826995808664b79abfb878a1 15473 
skanlite_1.0-1.debian.tar.bz2
 3f091362573b89928387a2f575a8e9b808f65508566461ac926528e7b53b687a 2671500 
skanlite_1.0-1_amd64.deb
 2789f08fc7c2a52ee831d813147721fe507ea1bf866df48e4489e5fcf4b26cae 533026 
skanlite-dbg_1.0-1_amd64.deb
Files: 
 f4db6672251ebf08ad7a4f426b3d8604 1472 graphics optional skanlite_1.0-1.dsc
 e22b2719f134d2483591082026961bf5 2596852 graphics optional 
skanlite_1.0.orig.tar.bz2
 7a4519e7026e9a28fefe618d39131ef0 15473 graphics optional 
skanlite_1.0-1.debian.tar.bz2
 b3878c5d4377e1578280ebb981212c79 2671500 graphics optional 
skanlite_1.0-1_amd64.deb
 d004f42eeaa3ccf83f489bcd5761d692 533026 debug extra 
skanlite-dbg_1.0-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlEyhKcACgkQoCzanz0IthIANwCghPZl5s7DkAHuLP46p9SPzaL7
cTwAn2mUyVZ8jYlVURjX2SukG/J+uvUs
=0365
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

Reply via email to