Your message dated Fri, 03 Feb 2012 15:02:37 +0000
with message-id <[email protected]>
and subject line Bug#658497: fixed in feh 2.3-2
has caused the Debian Bug report #658497,
regarding feh: Enable hardening flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
658497: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658497
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: feh
Version: 2.3-1
Severity: important
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
Please enable hardening flags for feh (for more information see
[1] and [2]).
The attached patch increases compat to 9 which automatically
enables hardening flags; PIE is enabled (included in
hardening=+all) because feh may read untrusted data. If you don't
like to increase compat, other options to enable hardening flags
are listed in [2].
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/Hardening
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages feh depends on:
ii giblib1 1.2.4-8
ii libc6 2.13-26
ii libcurl3 7.24.0-1
ii libimlib2 1.4.4-1+b1
ii libpng12-0 1.2.46-4
ii libx11-6 2:1.4.4-4
ii libxinerama1 2:1.1.1-3
Versions of packages feh recommends:
pn libjpeg-progs <none>
feh suggests no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJPK+6HAAoJEJL+/bfkTDL50QYQALZS7sslvqM3739e4fKhk8BL
ThBn4kJznVC9CyDFtlaTWhA/fxXYExISds9kWPqz8W3x39vY3C39LUOSEH0WYY/8
5ow6MHvPHcbyWZcmkqtRZsXYPqvlX/i0STMNN3cSwbivBDeUcQ9cmoLpDuNDu/51
rTVC6DMOW8CxMroiJIfMSIn0EEeuUI0rHi5dG/tBrnEnnY1yiBG8akEf34+BI8cb
Unzsi7kiOLnu1hfDNb41AM56s8FmrYLvWkZKwrcHC+twy5L5OAEVSm1Og6sUOPrb
+RJNu57tfo0TEsuWKl12M179RmmgiZTb1owDB6CylCDbCJBSZR15fXfvLqIJRdaC
BQXoZuQ1fWo1k7qLIdBUIa29A5xm98iwJ5pDe/boqeHLw8y8RTpNKnIO93ttat1r
0rgCvsi7jxk0TJlaudZZxQd5d4U+R5mFYmUcvbLHvOn03NFdsrAthvteAGL2/OVa
5KoKg1A19ko+GEtEJaNk8+BvcDPgcGKPHMbMJoDxkus7JrrehTLnqz5/4HtS52Uo
kTL8w8adYltntC7WmXa7IwvkrcjqShRAK+D6Qnw1Q8tbfjGtuFazJaREdx4NR8/b
ECEMBKhpI4Hvmt6IFRX7eWEdl0wkQSxr1X/gWEQ99WbXKNPUG5MD5mhwxB3M+sR7
RAUll2AWNA79iRgUBcnt
=rVEn
-----END PGP SIGNATURE-----
diff --git a/debian/compat b/debian/compat
index 2f95459..ec63514 100644
--- a/debian/compat
+++ b/debian/compat
@@ -1,2 +1 @@
-8
-
+9
diff --git a/debian/control b/debian/control
index 01c4f44..9aee857 100644
--- a/debian/control
+++ b/debian/control
@@ -5,7 +5,7 @@ Maintainer: Debian PhotoTools Maintainers <[email protected]
Uploaders: Andreas Tille <[email protected]>
DM-Upload-Allowed: yes
Build-Depends: libx11-dev, libxt-dev, libimlib2-dev (>= 1.4.2-8), giblib-dev, libxinerama-dev,
- debhelper (>= 8), quilt (>= 0.47), perl-modules, libtest-command-perl,
+ debhelper (>= 9), quilt (>= 0.47), perl-modules, libtest-command-perl,
libcurl4-openssl-dev | libcurl-dev
Standards-Version: 3.9.2
Homepage: http://feh.finalrewind.org/
diff --git a/debian/rules b/debian/rules
index 3003866..91c2003 100755
--- a/debian/rules
+++ b/debian/rules
@@ -2,6 +2,8 @@
#DEB_MAKE_INVOKE += LDFLAGS="-Wl,--as-needed" #sloppy_but_works_hrmmm_...
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
%:
dh $@ --with quilt
--- End Message ---
--- Begin Message ---
Source: feh
Source-Version: 2.3-2
We believe that the bug you reported is fixed in the latest version of
feh, which is due to be installed in the Debian FTP archive:
feh_2.3-2.debian.tar.bz2
to main/f/feh/feh_2.3-2.debian.tar.bz2
feh_2.3-2.dsc
to main/f/feh/feh_2.3-2.dsc
feh_2.3-2_amd64.deb
to main/f/feh/feh_2.3-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Tille <[email protected]> (supplier of updated feh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 03 Feb 2012 15:36:04 +0100
Source: feh
Binary: feh
Architecture: source amd64
Version: 2.3-2
Distribution: unstable
Urgency: low
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Andreas Tille <[email protected]>
Description:
feh - imlib2 based image viewer
Closes: 658497
Changes:
feh (2.3-2) unstable; urgency=low
.
* Enable hardening flags (thanks to Simon Ruderich <[email protected]>
for the patch)
Closes: #658497
* Removed quilt from Build-Depends
Checksums-Sha1:
97ade46360c8ad6b26864ac915e34b792c3d4650 1391 feh_2.3-2.dsc
77b1d8d45af9adaac526e371a0bb82f3f2bc856d 7244 feh_2.3-2.debian.tar.bz2
a53f863a8e7726671453f460c673c3af35465f38 193502 feh_2.3-2_amd64.deb
Checksums-Sha256:
e2b0e91177e9aadb76ddcec32ab2a5113fa518e51aaa781d6b1307f1a9d06a29 1391
feh_2.3-2.dsc
abfebffde557816a1cb2bbb06713cdb17980227925b6936a0780b5f90c08a206 7244
feh_2.3-2.debian.tar.bz2
f2169ab3af2f27a402f15e67e09fb77bd44d6e4c5ae40309e1440e084a2ea4a5 193502
feh_2.3-2_amd64.deb
Files:
01687f00087e05975f24990e4b3edadd 1391 graphics optional feh_2.3-2.dsc
573d327192ec73290c4eeb2fe6048a6c 7244 graphics optional
feh_2.3-2.debian.tar.bz2
7346b0a30c47e5d2217fa0ef93cab00c 193502 graphics optional feh_2.3-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk8r9K8ACgkQYDBbMcCf01pGZwCfdE++wUyVNrR76BHb6ku66X5J
oaMAnRkr10fglpIISMgFZXjZmv98tobG
=H2kJ
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-phototools-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
