Your message dated Mon, 16 Jun 2008 14:17:06 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#484371: fixed in krb5 1.6.dfsg.4~beta1-2 has caused the Debian Bug report #484371, regarding krb5: Please consider enabling some hardening features to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 484371: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484371 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: krb5 Severity: wishlist Please consider enabling -fstack-protector and -D_FORTIFY_SOURCE=2 for krb5. There'll be a minor performance penaltly (which I haven't measured myself, though), but for a security-sensitive package like krb5 the trade-off would be acceptable IMHO. Please see the package hardening-wrapper for easy testing and the README.Debian included within. AFAIK the stack protector doesn't work reliably on mips, hppa, arm, armel, ia64 and alpha. I'm not sure about mipsel, sparc and s390, so maybe it should be limited to i386 and amd64 for now. Cheers, Moritz -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core) Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---Source: krb5 Source-Version: 1.6.dfsg.4~beta1-2 We believe that the bug you reported is fixed in the latest version of krb5, which is due to be installed in the Debian FTP archive: krb5-admin-server_1.6.dfsg.4~beta1-2_i386.deb to pool/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-2_i386.deb krb5-clients_1.6.dfsg.4~beta1-2_i386.deb to pool/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-2_i386.deb krb5-doc_1.6.dfsg.4~beta1-2_all.deb to pool/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-2_all.deb krb5-ftpd_1.6.dfsg.4~beta1-2_i386.deb to pool/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-2_i386.deb krb5-kdc-ldap_1.6.dfsg.4~beta1-2_i386.deb to pool/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-2_i386.deb krb5-kdc_1.6.dfsg.4~beta1-2_i386.deb to pool/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-2_i386.deb krb5-pkinit_1.6.dfsg.4~beta1-2_i386.deb to pool/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-2_i386.deb krb5-rsh-server_1.6.dfsg.4~beta1-2_i386.deb to pool/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-2_i386.deb krb5-telnetd_1.6.dfsg.4~beta1-2_i386.deb to pool/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-2_i386.deb krb5-user_1.6.dfsg.4~beta1-2_i386.deb to pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-2_i386.deb krb5_1.6.dfsg.4~beta1-2.diff.gz to pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-2.diff.gz krb5_1.6.dfsg.4~beta1-2.dsc to pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-2.dsc libkadm55_1.6.dfsg.4~beta1-2_i386.deb to pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-2_i386.deb libkrb5-dbg_1.6.dfsg.4~beta1-2_i386.deb to pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-2_i386.deb libkrb5-dev_1.6.dfsg.4~beta1-2_i386.deb to pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-2_i386.deb libkrb53_1.6.dfsg.4~beta1-2_i386.deb to pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hartman <[EMAIL PROTECTED]> (supplier of updated krb5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 16 Jun 2008 09:29:00 -0400 Source: krb5 Binary: libkadm55 libkrb53 krb5-user krb5-clients krb5-rsh-server krb5-ftpd krb5-telnetd krb5-kdc krb5-kdc-ldap krb5-admin-server libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc Architecture: source all i386 Version: 1.6.dfsg.4~beta1-2 Distribution: unstable Urgency: low Maintainer: Sam Hartman <[EMAIL PROTECTED]> Changed-By: Sam Hartman <[EMAIL PROTECTED]> Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-clients - Secure replacements for ftp, telnet and rsh using MIT Kerberos krb5-doc - Documentation for MIT Kerberos krb5-ftpd - Secure FTP server supporting MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-rsh-server - Secure replacements for rshd and rlogind using MIT Kerberos krb5-telnetd - Secure telnet server supporting MIT Kerberos krb5-user - Basic programs to authenticate using MIT Kerberos libkadm55 - MIT Kerberos administration runtime libraries libkrb5-dbg - Debugging files for MIT Kerberos libkrb5-dev - Headers and development libraries for MIT Kerberos libkrb53 - MIT Kerberos runtime libraries Closes: 435427 480434 484371 484996 485473 485613 Changes: krb5 (1.6.dfsg.4~beta1-2) unstable; urgency=low . [ Russ Allbery ] * Translation updates: - Japanese, thanks TANAKA, Atushi. - Russian, thanks Sergey Alyoshin. (Closes: #485473) - Brazilian Portuguese, thanks Eder L. Marques. (Closes: #485613) - Romanian, thanks Eddy Petrișor. (Closes: #484996) . [ Sam Hartman ] * Upload 1.6.4 beta 1 to unstable. As best I can tell evaluating the changes this is a strict improvement over 1.6.3 even though it is still a beta version. There is not an ABI change ; backing out would be relatively easy. * Patch from Bryan Kadzban to look inside spnego union_creds when looking for a specific mechanism cred. This allows spnego creds to be used when copying out to a ccache after delegation, Closes: #480434 * Ksu now calls krb5_verify_init_creds rather than using its own custom logic because that is correct and so it can take advantage of the following change. * krb5_verify_init_creds uses the default realm if it gets a referral realm as input for server, Closes: #435427 * Add -D_FORTIFY_SOURCE=2 and -fstack-protector on ia32 and x86_64 at the request of Moritz Muehlenhoff ; he was unsure that adding these flags on other platforms would be a good idea. I'd be happy to expand the list at the request of port maintainers, Closes: #484371 * Fix KDC purge code introduced in previous revision. Files: 2c75cb742978804c66831d5f13009570 1088 net standard krb5_1.6.dfsg.4~beta1-2.dsc 265531a019437f94269894cc2b7a42ac 843445 net standard krb5_1.6.dfsg.4~beta1-2.diff.gz 8300048664659996faaa7129282cd36d 2148232 doc optional krb5-doc_1.6.dfsg.4~beta1-2_all.deb 79d2a882cb3023ff9f02c020b4cda48a 151424 libs optional libkadm55_1.6.dfsg.4~beta1-2_i386.deb 854c59e917b15a3a3f586a3bfdd78b56 475880 libs standard libkrb53_1.6.dfsg.4~beta1-2_i386.deb 10adbc4affb171ddf57ef932531c0a5b 135870 net optional krb5-user_1.6.dfsg.4~beta1-2_i386.deb 882d8130e45bbb05c37bd47b66bf18d2 208642 net optional krb5-clients_1.6.dfsg.4~beta1-2_i386.deb da6c03b040ffd05605f03b722774f3c9 86836 net optional krb5-rsh-server_1.6.dfsg.4~beta1-2_i386.deb 92e39788774b2d443bd0cc917208433d 63192 net extra krb5-ftpd_1.6.dfsg.4~beta1-2_i386.deb 7e4c2221501be4129230cf741bce0f9e 69352 net extra krb5-telnetd_1.6.dfsg.4~beta1-2_i386.deb 471edeb076d0bc55b8d2db88c99493b1 181030 net optional krb5-kdc_1.6.dfsg.4~beta1-2_i386.deb 228d07fe70bffd76371d9262510adb7a 101060 net extra krb5-kdc-ldap_1.6.dfsg.4~beta1-2_i386.deb 5dcb9b0bb286e70e9df0c664454b1402 85520 net optional krb5-admin-server_1.6.dfsg.4~beta1-2_i386.deb 60b217a48c73b885193a97f64be0b9ae 91958 libdevel extra libkrb5-dev_1.6.dfsg.4~beta1-2_i386.deb 17831b072a8d5f0dccbf7234a4eec3f7 1417720 libdevel extra libkrb5-dbg_1.6.dfsg.4~beta1-2_i386.deb 7afac73a9410ae9a78100b69dc3e601c 64068 net extra krb5-pkinit_1.6.dfsg.4~beta1-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIVm4x/I12czyGJg8RAs1fAJ0UtEauFF6mXbH3OUo58WEIwv/N1ACfTQXb rmDbHMxLiSsnu0HBiZngwnE= =q2Ib -----END PGP SIGNATURE-----
--- End Message ---
