Your message dated Tue, 10 Jul 2012 01:38:57 +0200
with message-id <1341877137.11115.297.ca...@thinker.domain.lan>
and subject line #662981 evolution: Please enable hardened build flags properly
has caused the Debian Bug report #662981,
regarding evolution: Please enable hardened build flags properly
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
662981: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662981
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: evolution
Version: 3.2.2-1
Severity: important
Tags: patch
Dear Maintainer,
It seems like the current debian/rules file attempts to enable some hardening
flags... but it's not working at all.
root@neutron:/tmp/ev2# dpkg -l evolution
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii evolution 3.2.2-1 groupware suite with mail client and organiz
$hardening-check /usr/bin/evolution
/usr/bin/evolution:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: unknown, no protectable libc functions used
Read-only relocations: no, not found!
Immediate binding: no not found!
I have attached a patch (working for me) which would fix the above and #484369
For some reason stack canaries are still not enabled though.
$hardening-check /usr/bin/evolution
/usr/bin/evolution:
Position Independent Executable: yes
Stack protected: no, not found!
Fortify Source functions: unknown, no protectable libc functions used
Read-only relocations: yes
Immediate binding: yes
More information can be found at:
http://wiki.debian.org/Hardening
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages evolution depends on:
ii dbus 1.4.18-1
ii debconf [debconf-2.0] 1.5.41
ii evolution-common 3.2.2-1
ii evolution-data-server 3.2.2-1
ii gconf-service 3.2.3-3
ii gconf2 3.2.3-3
ii gnome-icon-theme 3.2.1.2-1
ii libatk1.0-0 2.2.0-2
ii libc6 2.13-27
ii libcairo-gobject2 1.10.2-7
ii libcairo2 1.10.2-7
ii libcamel-1.2-29 3.2.2-1
ii libcanberra-gtk3-0 0.28-3
ii libcanberra0 0.28-3
ii libclutter-1.0-0 1.8.4-1
ii libclutter-gtk-1.0-0 1.0.4-1
ii libcogl-pango0 1.8.2-1
ii libcogl5 1.8.2-1
ii libdrm2 2.4.30-1
ii libebackend-1.2-1 3.2.2-1
ii libebook-1.2-12 3.2.2-1
ii libecal-1.2-10 3.2.2-1
ii libedataserver-1.2-15 3.2.2-1
ii libedataserverui-3.0-1 3.2.2-1
ii libenchant1c2a 1.6.0-7
ii libevolution 3.2.2-1
ii libfontconfig1 2.8.0-3.1
ii libfreetype6 2.4.8-1
ii libgail-3-0 3.2.3-1
ii libgconf-2-4 3.2.3-3
ii libgdata13 0.10.1-2
ii libgdk-pixbuf2.0-0 2.24.1-1
ii libgl1-mesa-glx [libgl1] 7.11.2-1
ii libglib2.0-0 2.30.2-6
ii libgnome-desktop-3-2 3.2.1-3
ii libgtk-3-0 3.2.3-1
ii libgtkhtml-4.0-0 4.2.2-1
ii libgtkhtml-editor-4.0-0 4.2.2-1
ii libgweather-3-0 3.2.1-1
ii libical0 0.44-3
ii libjson-glib-1.0-0 0.14.2-1
ii libmx-1.0-2 1.4.2-1
ii libnotify4 0.7.4-1
ii libnspr4-0d 4.9-1
ii libnss3-1d 3.13.3-1
ii libpango1.0-0 1.29.4-2
ii libsoup-gnome2.4-1 2.36.1-1
ii libsoup2.4-1 2.36.1-1
ii libsqlite3-0 3.7.10-1
ii libx11-6 2:1.4.4-4
ii libxcomposite1 1:0.4.3-2
ii libxdamage1 1:1.1.3-2
ii libxext6 2:1.3.0-3
ii libxfixes3 1:5.0-4
ii libxi6 2:1.4.5-1
ii libxml2 2.7.8.dfsg-7
ii psmisc 22.16-1
Versions of packages evolution recommends:
ii bogofilter 1.2.2+dfsg1-1
ii evolution-plugins 3.2.2-1
ii evolution-webcal 2.32.0-2
ii yelp 3.2.1+dfsg-1+b1
Versions of packages evolution suggests:
ii evolution-dbg <none>
ii evolution-exchange 3.2.1-2
ii evolution-plugins-experimental <none>
ii gnupg 1.4.12-3
ii network-manager 0.9.2.0-2
-- debconf information excluded
--- evolution-3.2.2-old/debian/rules 2011-11-24 19:13:27.000000000 +0000
+++ evolution-3.2.2/debian/rules 2012-03-07 18:34:23.156893611 +0000
@@ -8,7 +8,6 @@
include /usr/share/cdbs/1/rules/utils.mk
include /usr/share/gnome-pkg-tools/1/rules/gnome-get-source.mk
include /usr/share/gnome-pkg-tools/1/rules/gnome-version.mk
-include /usr/share/hardening-includes/hardening.make
ELIBDIR := usr/lib/evolution/3.2
@@ -17,8 +16,9 @@
DEB_DH_MAKESHLIBS_ARGS_evolution += -V
DEB_DH_MAKESHLIBS_ARGS_ALL += --noscripts -X $(ELIBDIR)/plugins
-export DEB_LDFLAGS_MAINT_APPEND=-Wl,-z,defs -Wl,--as-needed -Wl,-O1
-export DEB_BUILD_MAINT_OPTIONS=hardening=+pie,+bindnow
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
DEB_REVISION := $(shell echo $(DEB_VERSION) | awk -F- '{ print $$NF }')
--- End Message ---
--- Begin Message ---
fixed 662981 3.4.2-1
thanks
Hello,
the hardening includes got fixes in 3.4.2-1 and evolution now looks like
this:
$ hardening-check /usr/bin/evolution
/usr/bin/evolution:
Position Independent Executable: yes
Stack protected: no, not found!
Fortify Source functions: unknown, no protectable libc functions used
Read-only relocations: yes
Immediate binding: yes
--
Noël Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
signature.asc
Description: This is a digitally signed message part
--- End Message ---
_______________________________________________
Pkg-evolution-maintainers mailing list
Pkg-evolution-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-evolution-maintainers
