Your message dated Mon, 09 Apr 2012 01:47:25 +0000
with message-id <[email protected]>
and subject line Bug#668122: fixed in pidgin-twitter 0.9.2.1-3
has caused the Debian Bug report #668122,
regarding pidgin-twitter: CPPFLAGS hardening flags missing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
668122: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668122
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pidgin-twitter
Version: 0.9.2.1-2
Severity: important
Tags: patch
Dear Maintainer,
The CPPFLAGS hardening flags are missing because the build system
ignores them. For more hardening information please have a look
at [1], [2] and [3].
The following patch fixes the issue.
Btw. instead of renaming CFLAGS to PT_CFLAGS you could just use
CFLAGS += (instead of CFLAGS = in the original Makefile).
diff -Nru
pidgin-twitter-0.9.2.1/debian/patches/enable_hardening_build_flags.patch
pidgin-twitter-0.9.2.1/debian/patches/enable_hardening_build_flags.patch
--- pidgin-twitter-0.9.2.1/debian/patches/enable_hardening_build_flags.patch
2012-03-25 12:45:12.000000000 +0200
+++ pidgin-twitter-0.9.2.1/debian/patches/enable_hardening_build_flags.patch
2012-04-09 02:34:49.000000000 +0200
@@ -25,7 +25,7 @@
.c.o:
- $(CC) -o $@ $< -c $(CFLAGS)
-+ $(CC) -o $@ $< -c $(PT_CFLAGS)
++ $(CC) -o $@ $< -c $(CPPFLAGS) $(PT_CFLAGS)
install: $(TARGET)
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):
$ hardening-check /usr/lib/pidgin/pidgin-twitter.so
/usr/lib/pidgin/pidgin-twitter.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: unknown, no protectable libc functions used
Read-only relocations: yes
Immediate binding: no not found!
(Position Independent Executable and Immediate binding is not
enabled by default.)
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: pidgin-twitter
Source-Version: 0.9.2.1-3
We believe that the bug you reported is fixed in the latest version of
pidgin-twitter, which is due to be installed in the Debian FTP archive:
pidgin-twitter_0.9.2.1-3.debian.tar.gz
to main/p/pidgin-twitter/pidgin-twitter_0.9.2.1-3.debian.tar.gz
pidgin-twitter_0.9.2.1-3.dsc
to main/p/pidgin-twitter/pidgin-twitter_0.9.2.1-3.dsc
pidgin-twitter_0.9.2.1-3_amd64.deb
to main/p/pidgin-twitter/pidgin-twitter_0.9.2.1-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
HIGUCHI Daisuke (VDR dai) <[email protected]> (supplier of updated pidgin-twitter
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 09 Apr 2012 10:23:16 +0900
Source: pidgin-twitter
Binary: pidgin-twitter
Architecture: source amd64
Version: 0.9.2.1-3
Distribution: unstable
Urgency: low
Maintainer: HIGUCHI Daisuke (VDR dai) <[email protected]>
Changed-By: HIGUCHI Daisuke (VDR dai) <[email protected]>
Description:
pidgin-twitter - Pidgin plugin for Twitter
Closes: 668122
Changes:
pidgin-twitter (0.9.2.1-3) unstable; urgency=low
.
* update hardening build flags (Closes: #668122).
thanks to Simon Ruderich <[email protected]>.
- debian/patches/enable_hardening_build_flags.patch: updated.
- debian/rules: updated.
Checksums-Sha1:
a4f730a9b30f4d86147cc13fee651c84ecdf0ed3 2052 pidgin-twitter_0.9.2.1-3.dsc
6cc4a698ab63875adcf87d71544087e688e05dcb 3853
pidgin-twitter_0.9.2.1-3.debian.tar.gz
511075ac76cde25cccac49e92ea73db85a99a9c7 52336
pidgin-twitter_0.9.2.1-3_amd64.deb
Checksums-Sha256:
9ec0fe475da8dea42e99117dd7cf2c5fbc80ede992bb1aa29f003f0562edcdc2 2052
pidgin-twitter_0.9.2.1-3.dsc
ae83aad83a2732706933293599a1735c11783789bff708c286827198d5ffe8d1 3853
pidgin-twitter_0.9.2.1-3.debian.tar.gz
4af41cead5424856b397eb55d7ecc3dc8ff0f96e76ed881c1564ff47aa18b210 52336
pidgin-twitter_0.9.2.1-3_amd64.deb
Files:
1804e5478476b5c6b00d2946dfa0c16a 2052 net extra pidgin-twitter_0.9.2.1-3.dsc
466802f647c8eab0421af1f7d67741d7 3853 net extra
pidgin-twitter_0.9.2.1-3.debian.tar.gz
0f042ff384d877a79fd96296858080e8 52336 net extra
pidgin-twitter_0.9.2.1-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPgj0GAAoJEHg5YZ3UOWaOBjgP/ROLo5EfY7SUyKTKMR/Aou7f
a3ZZhIvsepFf7iTclEmlpEEm4M3NX/NyhdjibwPQPCF6mIlEXcEdX47QitDN7O4Q
AxG0bcS+mpDGWQXE/C3HFBN+TUhfyd7orRVsF/4mk+D+OhnueL+BDFEuAUhmCR32
cwh45tftM50FFVT8HtVydxfSmqlfIj7/HRpeiMWeLUbdUDTZBrgiurJ4DSOgKiTl
uHpOPQrPxiOzEBZXTP7/z6ebuzK+l7T44MlSWdSZOMwsWcKW0rgVVzKlcz/U2ud0
iFX9ia8rNeZpSWIgiysz1hLWmo+wyGs/RUT15Gc+Gsl5BeP1CShUjurDna8XmUv2
Xfr5QANopVxxii9kKs4FrG1oNQt07276Lmo/+IPL0FlvJJsovvledrsXJi1TzGXh
MlHL0GDdIJbKfdXtrRXsj/PPPOw4lirAtF24ykK7YAbPqH+RVssk7xgccxGUPw4r
11qShphAO3fffkU1darIQ2/lGlQy3acZgpjSlIFG+Wx3NaUx4AoQZDe2O1D6TIAZ
BFDD56Gjws2o+XYKP3XA9Q9b3V9bvCRso9gCy4k7Mvur1wpVsGWyztVdfXEufgo/
2PL9ig7kBQ6AvPw0GFK8YWhdk9YlgmqEwdDFTKUzzDpI8IL/+UwWl7apzYCp1XyL
x4XZeLx65LpMV4+pGWO8
=nJGy
-----END PGP SIGNATURE-----
--- End Message ---
