Your message dated Tue, 05 Nov 2013 21:19:45 +0000
with message-id <e1vdo2l-0005km...@franck.debian.org>
and subject line Bug#663524: fixed in ktorrent 4.3.1-2
has caused the Debian Bug report #663524,
regarding ktorrent: CPPFLAGS hardening flags missing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
663524: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663524
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ktorrent
Version: 4.2.0-1
Severity: important
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear Maintainer,

The CPPFLAGS hardening flags are missing because CMake ignores
them by default.

The following patch fixes the issue by adding them to
CFLAGS/CXXFLAGS. For more hardening information please have a
look at [1], [2] and [3].

    diff -Nru ktorrent-4.2.0/debian/rules ktorrent-4.2.0/debian/rules
    --- ktorrent-4.2.0/debian/rules 2012-03-10 22:04:39.000000000 +0100
    +++ ktorrent-4.2.0/debian/rules 2012-03-12 00:36:29.000000000 +0100
    @@ -1,5 +1,10 @@
     #!/usr/bin/make -f
     
    +# CMake doesn't use CPPFLAGS, pass them to CFLAGS/CXXFLAGS to enable the
    +# missing (hardening) flags.
    +export DEB_CFLAGS_MAINT_APPEND   = $(shell dpkg-buildflags --get CPPFLAGS)
    +export DEB_CXXFLAGS_MAINT_APPEND = $(shell dpkg-buildflags --get CPPFLAGS)
    +
     #DEB_KDE_LINK_WITH_AS_NEEDED := yes
     
     override_dh_auto_configure:

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):

    $ hardening-check /usr/bin/ktupnptest /usr/bin/ktorrent 
/usr/bin/ktmagnetdownloader ...
    /usr/bin/ktupnptest:
     Position Independent Executable: no, normal executable!
     Stack protected: no, not found!
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: no not found!
    /usr/bin/ktorrent:
     Position Independent Executable: no, normal executable!
     Stack protected: yes
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: no not found!
    /usr/bin/ktmagnetdownloader:
     Position Independent Executable: no, normal executable!
     Stack protected: yes
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: no not found!
    ...

(Position Independent Executable and Immediate binding is not
enabled by default.)

Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJPXTeIAAoJEJL+/bfkTDL58U4P/jy8Unvmsn3OivuICxI5H6P1
2z6llYfn3NsG9Jsd4IA574rzlced6/XU6RURJwXv+diXyZBnPNoW1aMj9P6tkO/V
mp7KfZxkWaY9S/KklR+Lw/smP+VlaxK14VBNJQoas7LucxAHQHT2OHFk+zHPQu3Y
NFB3/qJ6EoauQiaEqTbNXJi2luFTXeqFeWV7WB9r7kFawUA4kT+pcf+HlKFZZ4WG
QXekKzNsoEEf3IhBd+EOC0Q4JZmASvAhqtasoZmw71KnVypP50m+9/cbKNIloP+Y
4IdGXsuqaMEnLKaLM0+UIsZoKLklO6awEvmDpgefzoI/ttHO2iKiwp4ns9XaZwt5
01gFQCsXM+iXgC4wjMQ7JkY/ZfMDDxYuS4q21AoPp0+La9ow690KKQmL3EV3yyUI
HyFHKVIaUfSRl59LgP4w88mSwZMmjY5DAYc1LT0g9hxJlmzQVOtXttaP05zEFKIx
JVuOcM6fdewwGkss361pyRa1ox9VUS6Sy7x3yej3d3E02j181xz0A3fJq2wIcnRi
wOtkr4E6NslQqTFyTE9QNFSTBHgfvTHkWmXYriJnryGDctolxSKBFhbCE2iglxM/
BIwbBgoAMBIGWCsalSw6LDsenDS11FA/tWN6qhUTg4xzryWm1C5tzSxh8pYNuVOC
WOohdkjSf4IYK6vo/cnt
=cbfg
-----END PGP SIGNATURE-----



--- End Message ---
--- Begin Message ---
Source: ktorrent
Source-Version: 4.3.1-2

We believe that the bug you reported is fixed in the latest version of
ktorrent, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 663...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Modestas Vainius <mo...@debian.org> (supplier of updated ktorrent package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 05 Nov 2013 21:27:06 +0200
Source: ktorrent
Binary: ktorrent ktorrent-data plasma-widget-ktorrent ktorrent-dbg
Architecture: source amd64 all
Version: 4.3.1-2
Distribution: unstable
Urgency: low
Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>
Changed-By: Modestas Vainius <mo...@debian.org>
Description: 
 ktorrent   - BitTorrent client based on the KDE platform
 ktorrent-data - KTorrent data and other architecture independent files
 ktorrent-dbg - KTorrent debugging symbols
 plasma-widget-ktorrent - KTorrent Plasma widget
Closes: 663524 717010 721049 722628
Changes: 
 ktorrent (4.3.1-2) unstable; urgency=low
 .
   * Do not build tests like before KDE 4.10. Fixes FTBFS (Closes: #722628)
   * Do not link with deprecated kutils library. (Closes: #717010)
     Patch: dont_link_with_kutils.patch
   * Build with hardening flags. (Closes: #663524)
   * Bump Standards-Version to 3.9.5: no further changes needed.
   * Update Vcs URLs to canonical ones.
   * Upload to unstable. (Closes: #721049)
   * Disable KIO Magnet. It is considered obsolete (and might be buggy).
   * Require nepomuk-core-dev for KDE 4.9 or above (requirement of
     kdepimlibs).
Checksums-Sha1: 
 6197999d0fa70d432b1091e3b703a0a57e57036e 1826 ktorrent_4.3.1-2.dsc
 43b56c9e424eacbde1c06a81829b2f72f36454a4 27653 ktorrent_4.3.1-2.debian.tar.gz
 0b66f7d9dc69db492edc721a414be32b9a75063d 993978 ktorrent_4.3.1-2_amd64.deb
 82e57c9fa11bad6501463773a0f61e1f8913b9a0 1487972 ktorrent-data_4.3.1-2_all.deb
 4eec397531ba824a464d1ac4f9e7654f43216166 85322 
plasma-widget-ktorrent_4.3.1-2_amd64.deb
 a321391ef20d6550d2294d6c31006ef9d757f491 17590698 
ktorrent-dbg_4.3.1-2_amd64.deb
Checksums-Sha256: 
 f8ff0a2a9bffb22bec9be8d80aa81f0b0bf5d89f756fc4ff42783e56b56cd125 1826 
ktorrent_4.3.1-2.dsc
 84841c164dfbe4e0b3b1c6485e428a6aea5fcbf4e3edb3014cc1c09efa29b7a7 27653 
ktorrent_4.3.1-2.debian.tar.gz
 d7296ecab10a995ed91ff4015bc579a7044170c66ae96a7341a4c87d06dab9d1 993978 
ktorrent_4.3.1-2_amd64.deb
 4da95ae07dd984208911965f0d8e4af4a64f370a7ca7e6823f44e9f7b36fbd63 1487972 
ktorrent-data_4.3.1-2_all.deb
 d31698cc208a0e93aa52b95e9dac46ee1cc7b27a675944c8565be3a785ceb9d2 85322 
plasma-widget-ktorrent_4.3.1-2_amd64.deb
 31a626b9eec3574bac8e7b437962b0b7c6f1933eda8812108280ccf240c9100b 17590698 
ktorrent-dbg_4.3.1-2_amd64.deb
Files: 
 3ce7fa00a2d6982f3f6ba5acd668b87a 1826 net optional ktorrent_4.3.1-2.dsc
 4d67e0b82281f9c796a28bc458953a8c 27653 net optional 
ktorrent_4.3.1-2.debian.tar.gz
 40868f491f56936a22f8e692d7b8fd2a 993978 net optional ktorrent_4.3.1-2_amd64.deb
 1ceef151d3b00bf949e27e737163be20 1487972 net optional 
ktorrent-data_4.3.1-2_all.deb
 c12fcc5699b47e901874ec3fc321c218 85322 kde optional 
plasma-widget-ktorrent_4.3.1-2_amd64.deb
 ab83b4da6c168c1d2e6c81e4dd9dc11c 17590698 debug extra 
ktorrent-dbg_4.3.1-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iEYEARECAAYFAlJ5TooACgkQHO9JRnPq4hTQvQCfb6o+6NWplHkZGmxEwMTPkaMw
XB4An0/OBevsOK1vrdhIHGZSfjQyuSG0
=i+T+
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

Reply via email to