Your message dated Tue, 10 Jul 2012 01:38:57 +0200 with message-id <1341877137.11115.297.ca...@thinker.domain.lan> and subject line #662981 evolution: Please enable hardened build flags properly has caused the Debian Bug report #662981, regarding evolution: Please enable hardened build flags properly to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 662981: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662981 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: evolution Version: 3.2.2-1 Severity: important Tags: patch Dear Maintainer, It seems like the current debian/rules file attempts to enable some hardening flags... but it's not working at all. root@neutron:/tmp/ev2# dpkg -l evolution Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Description +++-==============-==============-============================================ ii evolution 3.2.2-1 groupware suite with mail client and organiz $hardening-check /usr/bin/evolution /usr/bin/evolution: Position Independent Executable: no, normal executable! Stack protected: no, not found! Fortify Source functions: unknown, no protectable libc functions used Read-only relocations: no, not found! Immediate binding: no not found! I have attached a patch (working for me) which would fix the above and #484369 For some reason stack canaries are still not enabled though. $hardening-check /usr/bin/evolution /usr/bin/evolution: Position Independent Executable: yes Stack protected: no, not found! Fortify Source functions: unknown, no protectable libc functions used Read-only relocations: yes Immediate binding: yes More information can be found at: http://wiki.debian.org/Hardening -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages evolution depends on: ii dbus 1.4.18-1 ii debconf [debconf-2.0] 1.5.41 ii evolution-common 3.2.2-1 ii evolution-data-server 3.2.2-1 ii gconf-service 3.2.3-3 ii gconf2 3.2.3-3 ii gnome-icon-theme 3.2.1.2-1 ii libatk1.0-0 2.2.0-2 ii libc6 2.13-27 ii libcairo-gobject2 1.10.2-7 ii libcairo2 1.10.2-7 ii libcamel-1.2-29 3.2.2-1 ii libcanberra-gtk3-0 0.28-3 ii libcanberra0 0.28-3 ii libclutter-1.0-0 1.8.4-1 ii libclutter-gtk-1.0-0 1.0.4-1 ii libcogl-pango0 1.8.2-1 ii libcogl5 1.8.2-1 ii libdrm2 2.4.30-1 ii libebackend-1.2-1 3.2.2-1 ii libebook-1.2-12 3.2.2-1 ii libecal-1.2-10 3.2.2-1 ii libedataserver-1.2-15 3.2.2-1 ii libedataserverui-3.0-1 3.2.2-1 ii libenchant1c2a 1.6.0-7 ii libevolution 3.2.2-1 ii libfontconfig1 2.8.0-3.1 ii libfreetype6 2.4.8-1 ii libgail-3-0 3.2.3-1 ii libgconf-2-4 3.2.3-3 ii libgdata13 0.10.1-2 ii libgdk-pixbuf2.0-0 2.24.1-1 ii libgl1-mesa-glx [libgl1] 7.11.2-1 ii libglib2.0-0 2.30.2-6 ii libgnome-desktop-3-2 3.2.1-3 ii libgtk-3-0 3.2.3-1 ii libgtkhtml-4.0-0 4.2.2-1 ii libgtkhtml-editor-4.0-0 4.2.2-1 ii libgweather-3-0 3.2.1-1 ii libical0 0.44-3 ii libjson-glib-1.0-0 0.14.2-1 ii libmx-1.0-2 1.4.2-1 ii libnotify4 0.7.4-1 ii libnspr4-0d 4.9-1 ii libnss3-1d 3.13.3-1 ii libpango1.0-0 1.29.4-2 ii libsoup-gnome2.4-1 2.36.1-1 ii libsoup2.4-1 2.36.1-1 ii libsqlite3-0 3.7.10-1 ii libx11-6 2:1.4.4-4 ii libxcomposite1 1:0.4.3-2 ii libxdamage1 1:1.1.3-2 ii libxext6 2:1.3.0-3 ii libxfixes3 1:5.0-4 ii libxi6 2:1.4.5-1 ii libxml2 2.7.8.dfsg-7 ii psmisc 22.16-1 Versions of packages evolution recommends: ii bogofilter 1.2.2+dfsg1-1 ii evolution-plugins 3.2.2-1 ii evolution-webcal 2.32.0-2 ii yelp 3.2.1+dfsg-1+b1 Versions of packages evolution suggests: ii evolution-dbg <none> ii evolution-exchange 3.2.1-2 ii evolution-plugins-experimental <none> ii gnupg 1.4.12-3 ii network-manager 0.9.2.0-2 -- debconf information excluded--- evolution-3.2.2-old/debian/rules 2011-11-24 19:13:27.000000000 +0000 +++ evolution-3.2.2/debian/rules 2012-03-07 18:34:23.156893611 +0000 @@ -8,7 +8,6 @@ include /usr/share/cdbs/1/rules/utils.mk include /usr/share/gnome-pkg-tools/1/rules/gnome-get-source.mk include /usr/share/gnome-pkg-tools/1/rules/gnome-version.mk -include /usr/share/hardening-includes/hardening.make ELIBDIR := usr/lib/evolution/3.2 @@ -17,8 +16,9 @@ DEB_DH_MAKESHLIBS_ARGS_evolution += -V DEB_DH_MAKESHLIBS_ARGS_ALL += --noscripts -X $(ELIBDIR)/plugins -export DEB_LDFLAGS_MAINT_APPEND=-Wl,-z,defs -Wl,--as-needed -Wl,-O1 -export DEB_BUILD_MAINT_OPTIONS=hardening=+pie,+bindnow +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk DEB_REVISION := $(shell echo $(DEB_VERSION) | awk -F- '{ print $$NF }')
--- End Message ---
--- Begin Message ---fixed 662981 3.4.2-1 thanks Hello, the hardening includes got fixes in 3.4.2-1 and evolution now looks like this: $ hardening-check /usr/bin/evolution /usr/bin/evolution: Position Independent Executable: yes Stack protected: no, not found! Fortify Source functions: unknown, no protectable libc functions used Read-only relocations: yes Immediate binding: yes -- Noël Köthe <noel debian.org> Debian GNU/Linux, www.debian.orgsignature.asc
Description: This is a digitally signed message part
--- End Message ---
_______________________________________________ Pkg-evolution-maintainers mailing list Pkg-evolution-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-evolution-maintainers