Your message dated Tue, 27 Mar 2012 15:23:21 +0000
with message-id <[email protected]>
and subject line Bug#664518: fixed in webcit 8.05-dfsg-2
has caused the Debian Bug report #664518,
regarding webcit: LDFLAGS hardening flags missing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
664518: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664518
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: webcit
Version: 8.05-dfsg-1
Severity: important
Tags: patch
Dear Maintainer,
The LDFLAGS hardening flags are missing because they are not set
in debian/rules.
The following patch fixes the issue.
diff -u webcit-8.05-dfsg/debian/rules webcit-8.05-dfsg/debian/rules
--- webcit-8.05-dfsg/debian/rules
+++ webcit-8.05-dfsg/debian/rules
@@ -41,7 +41,7 @@
ifneq "$(wildcard /usr/share/misc/config.guess)" ""
cp -f /usr/share/misc/config.guess config.guess
endif
- CFLAGS="$(CFLAGS)" ./configure \
+ CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure \
--host=$(DEB_HOST_GNU_TYPE) \
--build=$(DEB_BUILD_GNU_TYPE) \
--prefix=/usr/sbin/ \
The following patch disables the non-verbose build to make it
easy to (automatically) spot missing (hardening) flags. Please
apply it as well.
--- webcit-8.05-dfsg.orig/Makefile.in
+++ webcit-8.05-dfsg/Makefile.in
@@ -28,7 +28,7 @@
mkdir-init:
mkdir locale
-.SILENT:
+#.SILENT:
.SUFFIXES: .cpp .c .o
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):
$ hardening-check /usr/sbin/webcit
/usr/sbin/webcit:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
(Position Independent Executable and Immediate binding is not
enabled by default.)
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: webcit
Source-Version: 8.05-dfsg-2
We believe that the bug you reported is fixed in the latest version of
webcit, which is due to be installed in the Debian FTP archive:
citadel-suite_8.05-dfsg-2_all.deb
to main/w/webcit/citadel-suite_8.05-dfsg-2_all.deb
citadel-webcit_8.05-dfsg-2_amd64.deb
to main/w/webcit/citadel-webcit_8.05-dfsg-2_amd64.deb
webcit-dbg_8.05-dfsg-2_amd64.deb
to main/w/webcit/webcit-dbg_8.05-dfsg-2_amd64.deb
webcit_8.05-dfsg-2.diff.gz
to main/w/webcit/webcit_8.05-dfsg-2.diff.gz
webcit_8.05-dfsg-2.dsc
to main/w/webcit/webcit_8.05-dfsg-2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Meskes <[email protected]> (supplier of updated webcit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 19 Mar 2012 09:25:48 +0100
Source: webcit
Binary: citadel-webcit webcit-dbg citadel-suite
Architecture: source amd64 all
Version: 8.05-dfsg-2
Distribution: unstable
Urgency: low
Maintainer: Debian Citadel Team <[email protected]>
Changed-By: Michael Meskes <[email protected]>
Description:
citadel-suite - complete and feature-rich groupware server; metapackage for
full
citadel-webcit - web-based frontend to Citadel groupware server
webcit-dbg - web-based frontend to Citadel - debugging symbols
Closes: 664518
Changes:
webcit (8.05-dfsg-2) unstable; urgency=low
.
* Adjusted watch file for new url.
* Added missing LDFLAGS hardening flags.
Thanks to Simon Ruderich <[email protected]> (Closes: #664518)
Checksums-Sha1:
909fd0879441ac8084d60ffd14383b08527d36c9 1529 webcit_8.05-dfsg-2.dsc
7b9a85eae46f56e90be9c328c8ecbf706914c99f 22333 webcit_8.05-dfsg-2.diff.gz
4237548f5e400fec8ffe1ef0acdab21abb97d9ef 826902
citadel-webcit_8.05-dfsg-2_amd64.deb
eef53b0abb4cb6f5e4d33f58c8eba8ae29ce04f7 432122
webcit-dbg_8.05-dfsg-2_amd64.deb
aa666241ba9cabfd2dea000d27f24398afea1411 7878 citadel-suite_8.05-dfsg-2_all.deb
Checksums-Sha256:
c5488ecbcf7db1f91d67e076d95c8d778f8b8adc723ceed4ac7c85a08b9c0288 1529
webcit_8.05-dfsg-2.dsc
e418f89000d86dbe734c45ef80febb122c5cec01196952e2e7bbef4b3f2cf87a 22333
webcit_8.05-dfsg-2.diff.gz
b60cf2481f5b4bebdd38293225d001b813a570f8a769dc2d9a16f89f76dad8f6 826902
citadel-webcit_8.05-dfsg-2_amd64.deb
d47abd9983aad6118424e19377bde33889106d3bb4062bc300ef9a95e19ce995 432122
webcit-dbg_8.05-dfsg-2_amd64.deb
1a379af4c27ce1069c065de55bd199844101108188f38599bd3688bb947fee95 7878
citadel-suite_8.05-dfsg-2_all.deb
Files:
af5e75a276cb65f9662dbc0036d0200a 1529 web extra webcit_8.05-dfsg-2.dsc
78e4132bfdeae82a7603ad50a1f66337 22333 web extra webcit_8.05-dfsg-2.diff.gz
d9ac4b163834f3fe36d2ef89cd2f591e 826902 web extra
citadel-webcit_8.05-dfsg-2_amd64.deb
c67a34121bd3ba2d1ead45ddbd07f6dd 432122 debug extra
webcit-dbg_8.05-dfsg-2_amd64.deb
79a2baf65c7f717a3f32815fd8ddfcef 7878 mail extra
citadel-suite_8.05-dfsg-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFPcdkdVkEm8inxm9ERAoh4AJ4oOJ9HGOfaVIlTzGBVMhZC8+e3AgCfVdmi
C/n7kqtvpxH5nGvVOGh3oC0=
=B2mD
-----END PGP SIGNATURE-----
--- End Message ---
