Bug#644295: marked as done (please enable hardening options)

[Debian Bug Tracking System]

Your message dated Sun, 08 Jan 2012 10:02:29 +0000
with message-id <e1rjpa9-0000vv...@franck.debian.org>
and subject line Bug#644295: fixed in vsftpd 2.3.5-1
has caused the Debian Bug report #644295,
regarding please enable hardening options
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
644295: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644295
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: vsftpd
Version: 2.3.4-1
Severity: normal
Tags: patch

Hardening options is a proposed release goal for Wheezy [1].

vsftpd is a FTP daemon aiming at security, so having its package
compiled with the hardening options seems really like a
good idea.

I have rebuilt the package with hardening options enabled and there was
no error (during build, or at runtime). Since you are already using dh,
the only required patch is

echo -n 9 > debian/compat

and the package will use dpkg-buildflags, which in turn enable the
hardening options. Note that PIE and bindnow are not enabled by default.
This can be done using:
DEB_BUILD_MAINT_OPTIONS = hardening=+pie,+bindnow
in the debian/rules file.

You can control and enable/disable each hardening flag independantly, see
http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html
for details.

Thanks,
Pierre

[1] http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags

-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: vsftpd
Source-Version: 2.3.5-1

We believe that the bug you reported is fixed in the latest version of
vsftpd, which is due to be installed in the Debian FTP archive:

vsftpd_2.3.5-1.debian.tar.gz
  to main/v/vsftpd/vsftpd_2.3.5-1.debian.tar.gz
vsftpd_2.3.5-1.dsc
  to main/v/vsftpd/vsftpd_2.3.5-1.dsc
vsftpd_2.3.5-1_i386.deb
  to main/v/vsftpd/vsftpd_2.3.5-1_i386.deb
vsftpd_2.3.5.orig.tar.gz
  to main/v/vsftpd/vsftpd_2.3.5.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 644...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Baumann <daniel.baum...@progress-technologies.net> (supplier of updated 
vsftpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 08 Jan 2012 10:54:36 +0100
Source: vsftpd
Binary: vsftpd
Architecture: source i386
Version: 2.3.5-1
Distribution: unstable
Urgency: low
Maintainer: Daniel Baumann <daniel.baum...@progress-technologies.net>
Changed-By: Daniel Baumann <daniel.baum...@progress-technologies.net>
Description: 
 vsftpd     - lightweight, efficient FTP server written for security
Closes: 641965 644295 654170 654859
Changes: 
 vsftpd (2.3.5-1) unstable; urgency=low
 .
   * Merging upstream version 2.3.5.
   * Rediffing utf8.patch.
   * Using compression level 9 also for binary packages.
   * Silencing getent calls in postinst (Closes: #641965).
   * Adding Dutch debconf translations from Jeroen Schot <schot@a-
     eskwadraat.nl> (Closes: #654859).
   * Adding Indonesian debconf translations from Mahyuddin Susanto
     <udi...@gmail.com> (Closes: #654170).
   * Enabling hardening build options (Closes: #644295).
   * Updating years in copyright.
Checksums-Sha1: 
 3d2c2f6e31649d818453b7c18200dd1d2c7fdadd 1125 vsftpd_2.3.5-1.dsc
 f15b39ba6d68c953ab3c3e613e6ddc2a26493755 187691 vsftpd_2.3.5.orig.tar.gz
 a625b50e7427b0a0937ff1b42163418a4dc22694 26187 vsftpd_2.3.5-1.debian.tar.gz
 636ba6b436b6f2c3ce67b058d24e4ba21506400d 153640 vsftpd_2.3.5-1_i386.deb
Checksums-Sha256: 
 8e36cb4c99d06f2d9af3202474518a61c07eaf4de66991455e455393751d8546 1125 
vsftpd_2.3.5-1.dsc
 d87ee2987df8f03e1dbe294905f7907b2798deb89c67ca965f6e2f60879e54f1 187691 
vsftpd_2.3.5.orig.tar.gz
 c5af1ff9bf1c50ba342e66b21cbaafed0cc1d7b6855bed01d472efe76bbe1f61 26187 
vsftpd_2.3.5-1.debian.tar.gz
 53b37b7ac3cda2be608db3da2d08f60f3632d2ebd96e2a58a2f50b607a2e215d 153640 
vsftpd_2.3.5-1_i386.deb
Files: 
 07022d15834c9055de0db454e084752b 1125 net extra vsftpd_2.3.5-1.dsc
 01398a5bef8e85b6cf2c213a4b011eca 187691 net extra vsftpd_2.3.5.orig.tar.gz
 64ba99add5198c6fb5c1ec7df3f8dfd6 26187 net extra vsftpd_2.3.5-1.debian.tar.gz
 678d06704358821239fd3dea0b8fb9fd 153640 net extra vsftpd_2.3.5-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk8JaF8ACgkQ+C5cwEsrK54y1QCdHPhKAi5MP8DFVOMOs2WqBI59
XtwAnjzKX1ZxCu2NqdyEh0Rmq7eF943X
=l1PO
-----END PGP SIGNATURE-----

--- End Message ---