Your message dated Wed, 04 Apr 2012 12:02:46 +0000
with message-id <[email protected]>
and subject line Bug#666529: fixed in kwstyle 1.0.0+cvs20120330-3
has caused the Debian Bug report #666529,
regarding kwstyle: CPPFLAGS hardening flags missing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
666529: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666529
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: kwstyle
Version: 1.0.0+cvs20120330-1
Severity: important
Tags: patch
Dear Maintainer,
The CPPFLAGS hardening flags are missing because CMake ignores
them by default.
The following patch fixes the issue by adding them to
CFLAGS/CXXFLAGS. For more hardening information please have a
look at [1], [2] and [3].
diff -Nru kwstyle-1.0.0+cvs20120330/debian/rules
kwstyle-1.0.0+cvs20120330/debian/rules
--- kwstyle-1.0.0+cvs20120330/debian/rules 2012-03-30 15:51:12.000000000
+0200
+++ kwstyle-1.0.0+cvs20120330/debian/rules 2012-03-31 16:09:51.000000000
+0200
@@ -3,6 +3,11 @@
DPKG_EXPORT_BUILDFLAGS = 1
-include /usr/share/dpkg/buildflags.mk
+# CMake doesn't use CPPFLAGS, pass them to CFLAGS/CXXFLAGS to enable the
+# missing (hardening) flags.
+CFLAGS += $(CPPFLAGS)
+CXXFLAGS += $(CPPFLAGS)
+
%:
dh $@
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):
$ hardening-check /usr/bin/KWStyle
/usr/bin/KWStyle:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
(Position Independent Executable and Immediate binding is not
enabled by default.)
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: kwstyle
Source-Version: 1.0.0+cvs20120330-3
We believe that the bug you reported is fixed in the latest version of
kwstyle, which is due to be installed in the Debian FTP archive:
kwstyle_1.0.0+cvs20120330-3.debian.tar.gz
to main/k/kwstyle/kwstyle_1.0.0+cvs20120330-3.debian.tar.gz
kwstyle_1.0.0+cvs20120330-3.dsc
to main/k/kwstyle/kwstyle_1.0.0+cvs20120330-3.dsc
kwstyle_1.0.0+cvs20120330-3_amd64.deb
to main/k/kwstyle/kwstyle_1.0.0+cvs20120330-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mathieu Malaterre <[email protected]> (supplier of updated kwstyle package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 04 Apr 2012 13:42:07 +0200
Source: kwstyle
Binary: kwstyle
Architecture: source amd64
Version: 1.0.0+cvs20120330-3
Distribution: unstable
Urgency: low
Maintainer: Mathieu Malaterre <[email protected]>
Changed-By: Mathieu Malaterre <[email protected]>
Description:
kwstyle - Style checker for source code
Closes: 666529
Changes:
kwstyle (1.0.0+cvs20120330-3) unstable; urgency=low
.
* Fix hardening compilation. Closes: #666529
* Really fix test failure on arch where char is unsigned
* add --parallel flag.
Checksums-Sha1:
c1ebfa5be0a15eb22b19887ff72f36d919361872 1912 kwstyle_1.0.0+cvs20120330-3.dsc
1a9e8bcac9dac7782e0493200834f5f5dd41c8b9 5331
kwstyle_1.0.0+cvs20120330-3.debian.tar.gz
34ced2eadb6cdb73885f8ed29ed110f334fff900 258478
kwstyle_1.0.0+cvs20120330-3_amd64.deb
Checksums-Sha256:
9719011bda106c9b73ae3f5457df4315c80bb0493af3ae8f24216e9f3d9e23a1 1912
kwstyle_1.0.0+cvs20120330-3.dsc
766bf76dccf8bc68ca154caa8fb8d8f7df5e4e83a3830435544b6dd42447829a 5331
kwstyle_1.0.0+cvs20120330-3.debian.tar.gz
245fbade7c91b81554c94dad0a0013d2ca1006f08c8ea76144dae4acd0e19036 258478
kwstyle_1.0.0+cvs20120330-3_amd64.deb
Files:
bc7ddad5f9a5a6cf9bff1b39e2a72df8 1912 devel optional
kwstyle_1.0.0+cvs20120330-3.dsc
921659fdb75411c88b856a29f58b78be 5331 devel optional
kwstyle_1.0.0+cvs20120330-3.debian.tar.gz
7bfe07192a274af2af9b410f2034ca4b 258478 devel optional
kwstyle_1.0.0+cvs20120330-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJPfDSMAAoJEAFx4YKK4JNFtngP/009gmazhq3HZx+kOeo0+tHU
qYhffQXRBfLaX5IkPFdQ80Ai6WidNvOdbKovaUuNkRAg0PscHlsPWvXeTeIt/a1a
0S3cwB7dZOX7wUtSRwTz7XlfRQf7D0Rv/eZx0m+rCAIxAhGUNKbh8kZkqQj6+fq7
HHR4+62md4UDJXsI63GKduOXxFw2hydjAfG7Uw6mgYrBtGQOGuQYmWFIqzez5+un
kPKz56Ayu1MQuNQ3XhZ0ftKzpBqNqsERVS7sTelM1yeIymFVA06WdAb1jDyCq+v7
pHtnrIEEg2NSgByXxQ355NXhunED+0SLmqd2ijwvUzdqstdcIbRHeDT7yqu9votI
QhBdmrv5rvgpdYc1IPKoIdTs62lDILEe1D/EmnmwXiTDW6TpQ2ng65H3BPnDT8aO
K1gpidniZE4lWkpOfUYd/3PHlTGrmuhEee//h8XSlx3T8r/SzxV355YEPjmSAytJ
kOgT71O/0sMdhVGYlaik/UKM5YywWp1i0ZF6svaZeyuSShY6Ciaf5HbjrTTRKnZA
mInfDt/OGz9ETswbns6jBdzZ7evsnViDAPEpQ3IAGK3qc+iXpT3XQPOl5TT86jIx
4bjCR4FidM1W2/laz2VRZ7wpAe04vkk/meyoKwGls3KW+gKxpIecPO1qA4+gERgC
wvxSgHP7596Mwbn+N9v3
=UQ/0
-----END PGP SIGNATURE-----
--- End Message ---
