Your message dated Tue, 29 May 2012 09:14:09 +0000
with message-id <[email protected]>
and subject line Bug#674971: fixed in mixxx 1.10.0~dfsg0-4
has caused the Debian Bug report #674971,
regarding mixxx: CPPFLAGS hardening flags missing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
674971: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674971
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mixxx
Version: 1.10.0~dfsg0-3
Severity: normal
Tags: patch
Dear Maintainer,
The CPPFLAGS hardening flags are missing because the build system
ignores them. For more hardening information please have a look
at [1], [2] and [3].
The following patch fixes the issue.
diff -Nru mixxx-1.10.0~dfsg0/debian/rules mixxx-1.10.0~dfsg0/debian/rules
--- mixxx-1.10.0~dfsg0/debian/rules 2012-05-28 10:37:22.000000000 +0200
+++ mixxx-1.10.0~dfsg0/debian/rules 2012-05-29 04:02:34.000000000 +0200
@@ -6,8 +6,10 @@
PACKAGE = mixxx
export CPPFLAGS:=$(shell dpkg-buildflags --get CPPFLAGS)
-export CFLAGS:=$(shell dpkg-buildflags --get CFLAGS)
-export CXXFLAGS:=$(shell dpkg-buildflags --get CXXFLAGS)
+# The build system ignores CPPFLAGS, pass them to CFLAGS/CXXFLAGS to enable
+# the missing (hardening) flags.
+export CFLAGS:=$(shell dpkg-buildflags --get CFLAGS) $(CPPFLAGS)
+export CXXFLAGS:=$(shell dpkg-buildflags --get CXXFLAGS) $(CPPFLAGS)
export LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS)
export DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH)
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (for example with blhc [4]) (hardening-check
doesn't catch everything):
$ hardening-check /usr/bin/mixxx
/usr/bin/mixxx:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
(Position Independent Executable and Immediate binding is not
enabled by default.)
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
[4]: http://ruderich.org/simon/blhc/
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: mixxx
Source-Version: 1.10.0~dfsg0-4
We believe that the bug you reported is fixed in the latest version of
mixxx, which is due to be installed in the Debian FTP archive:
mixxx-data_1.10.0~dfsg0-4_all.deb
to main/m/mixxx/mixxx-data_1.10.0~dfsg0-4_all.deb
mixxx_1.10.0~dfsg0-4.debian.tar.gz
to main/m/mixxx/mixxx_1.10.0~dfsg0-4.debian.tar.gz
mixxx_1.10.0~dfsg0-4.dsc
to main/m/mixxx/mixxx_1.10.0~dfsg0-4.dsc
mixxx_1.10.0~dfsg0-4_amd64.deb
to main/m/mixxx/mixxx_1.10.0~dfsg0-4_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alessio Treglia <[email protected]> (supplier of updated mixxx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 29 May 2012 10:20:58 +0200
Source: mixxx
Binary: mixxx mixxx-data
Architecture: source amd64 all
Version: 1.10.0~dfsg0-4
Distribution: unstable
Urgency: low
Maintainer: Debian Multimedia Maintainers
<[email protected]>
Changed-By: Alessio Treglia <[email protected]>
Description:
mixxx - Digital Disc Jockey Interface
mixxx-data - Digital Disc Jockey Interface -- data files
Closes: 674971
Changes:
mixxx (1.10.0~dfsg0-4) unstable; urgency=low
.
* Append CPPFLAGS to the end of CFLAGS/CXXFLAGS as the
buildsystem ignores them. (Closes: #674971)
Checksums-Sha1:
bb8288c335f4f25adf4ddaf38d1909bc4b2d7ffb 2466 mixxx_1.10.0~dfsg0-4.dsc
48824b57026b1e2b6fc07941c7997c270eae262e 15468
mixxx_1.10.0~dfsg0-4.debian.tar.gz
4793d9ead94642bc1e9dcdc311ba5c860c4c2edc 2507832 mixxx_1.10.0~dfsg0-4_amd64.deb
a13b8d0296a84fe860abb3e7c88354330da8e9a2 9554146
mixxx-data_1.10.0~dfsg0-4_all.deb
Checksums-Sha256:
6f35abbab965a663820fac9e395eb7fa39f4b8d945be7c0fcad7363af9ca5def 2466
mixxx_1.10.0~dfsg0-4.dsc
aadfabc1b2721511df32c7d96274d79efe1ca8780c0caadf20496bef0e4925fa 15468
mixxx_1.10.0~dfsg0-4.debian.tar.gz
05345d1c40ea4a4dc1585888c2d48103a67c02bf3837f2e7ef4ea0d93ccb9808 2507832
mixxx_1.10.0~dfsg0-4_amd64.deb
44f7115047faba8aa9140da831ec05775b15c93d05addc1681f6842ec865cfc3 9554146
mixxx-data_1.10.0~dfsg0-4_all.deb
Files:
de6b81af3b5b44598728f11f25e66ca9 2466 sound optional mixxx_1.10.0~dfsg0-4.dsc
cb95cc958e2cb368b5da491c5930c6d8 15468 sound optional
mixxx_1.10.0~dfsg0-4.debian.tar.gz
bb77c595d9602560400be75002c37694 2507832 sound optional
mixxx_1.10.0~dfsg0-4_amd64.deb
b2a03c567134bd5ea3a19de17cbdf92f 9554146 sound optional
mixxx-data_1.10.0~dfsg0-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJPxIy2AAoJEOikiuUxHXZa6E8QAJiNFh4dE5Sdtjj3Nk6mkEFm
7JVJ17aBC1elUZzYAraRAH5UYRk+jxewgGB3cL5AIQZysZUIZpNnqfcse7y/AeA5
CbvahdZYLRNfiAeHVcPQfdoCazQqug+8BfJz58FCb/pcPXdRhoM6B7NgTPq228/G
S8CE2YJx2j3KGZMgWmUVQdAGrh8Z0dJdXlUozw7rExkgagpMS1cvDg+kJ3KX/ZZ0
UCEElJGULOB7cVB+MHCUa28eVMUXEF9L8pLufafPXRTknhtojAAXqd5PF3SrSyvA
qfp6iiqvmwwAHls21yOzG64zCopdlTAt5gtd/gqlWGL5wBdNpvRkjxSrXpAdJ9xD
KuF2xcF4CiB1FtR5VmKxOflsMLQzB/UUi06rV3ILOCfecXx4a7tym37mdazFLtvK
MK6+uTPdHYAvHRvcezWpAw8hZ8rTo+OpTZ+kKD8kKqg8chRHHOaw3ctf19tHgOcP
EC9kIJOa/rhvw5Zh3VsJyZLdNUrM7PTIryQN+YMTaoC/z5WnWz2UWNsir7OSlhJy
MVvtFvhYajMqZpoRFlAbukQSl6uoG6WXum7V3ChPjO+haqHzAad1oU0r70isQ/KY
hR2l/xiy0k2FeGXC6IkFFKeJni9ilhPVcuqCIISiw5/MfgxPTrOvboLhrlXfRML7
VQWSB/TnSxopR+ED6Rpf
=8bXg
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
