Bug#668303: marked as done (wmfrog: CPPFLAGS hardening flags missing)

[Debian Bug Tracking System]

Your message dated Wed, 11 Apr 2012 14:51:09 +0000
with message-id <e1shyt3-000092...@franck.debian.org>
and subject line Bug#668303: fixed in wmfrog 0.2.0-4
has caused the Debian Bug report #668303,
regarding wmfrog: CPPFLAGS hardening flags missing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
668303: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668303
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: wmfrog
Version: 0.2.0-3
Severity: important
Tags: patch

Dear Maintainer,

The CPPFLAGS hardening flags are missing because they are not set
in debian/rules.

The following patch fixes the issue. Passing LDFLAGS as CFLAGS
might be not a good idea though.

diff -Nru wmfrog-0.2.0/debian/rules wmfrog-0.2.0/debian/rules
--- wmfrog-0.2.0/debian/rules   2012-03-24 07:30:44.000000000 +0100
+++ wmfrog-0.2.0/debian/rules   2012-04-10 21:39:54.000000000 +0200
@@ -12,7 +12,7 @@
        $(MAKE) -C debian -f pod2man.mk PACKAGE=$(PACKAGE) makeman
 
 override_dh_auto_build: man
-       $(MAKE) $(MAKEOPT) CFLAGS="$(CFLAGS) $(LDFLAGS)"
+       $(MAKE) $(MAKEOPT) CFLAGS="$(CFLAGS) $(CPPFLAGS) $(LDFLAGS)"
 
 override_dh_auto_clean:
        [ ! Src/Makefile ] || $(MAKE) $(MAKEOPT) clean

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):

    $ hardening-check /usr/bin/wmfrog
    /usr/bin/wmfrog:
     Position Independent Executable: yes
     Stack protected: yes
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: yes

Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: wmfrog
Source-Version: 0.2.0-4

We believe that the bug you reported is fixed in the latest version of
wmfrog, which is due to be installed in the Debian FTP archive:

wmfrog_0.2.0-4.debian.tar.gz
  to main/w/wmfrog/wmfrog_0.2.0-4.debian.tar.gz
wmfrog_0.2.0-4.dsc
  to main/w/wmfrog/wmfrog_0.2.0-4.dsc
wmfrog_0.2.0-4_amd64.deb
  to main/w/wmfrog/wmfrog_0.2.0-4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 668...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jari Aalto <jari.aa...@cante.net> (supplier of updated wmfrog package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 10 Apr 2012 23:23:34 +0300
Source: wmfrog
Binary: wmfrog
Architecture: source amd64
Version: 0.2.0-4
Distribution: unstable
Urgency: low
Maintainer: Jari Aalto <jari.aa...@cante.net>
Changed-By: Jari Aalto <jari.aa...@cante.net>
Description: 
 wmfrog     - dockapp for graphically indicating the weather
Closes: 668303
Changes: 
 wmfrog (0.2.0-4) unstable; urgency=low
 .
   * debian/rules
     - Enable CPPFLAGS hardened build flags (Closes: #668303). Patch thanks
       to Simon Ruderich <si...@ruderich.org>
Checksums-Sha1: 
 8c97b9bce030639b93102ed9f1d5ecf246fc3e5f 1210 wmfrog_0.2.0-4.dsc
 53fe460c277163949acdefd10dabcf654c94a594 7794 wmfrog_0.2.0-4.debian.tar.gz
 9882c7d3f8ac17b7ab6e8a54281a3b04ec5e2f67 80392 wmfrog_0.2.0-4_amd64.deb
Checksums-Sha256: 
 4df6dcfa492dd2fe583a5ac5ea7f1bbdf3eef9f687550094b1ada5753aaec607 1210 
wmfrog_0.2.0-4.dsc
 e980893aa2c324d666cabf66abc3f30320246ee9a2e9d8803bd202b772bd56f8 7794 
wmfrog_0.2.0-4.debian.tar.gz
 1a58518760b09c34d117ff899dac82348a5fc09e29fd167541f3f21e761a96e2 80392 
wmfrog_0.2.0-4_amd64.deb
Files: 
 23026751c23beba6af06d09bd6059d0c 1210 x11 optional wmfrog_0.2.0-4.dsc
 3b969b3779dea9a237bbed071f15da31 7794 x11 optional wmfrog_0.2.0-4.debian.tar.gz
 cdb3e12084c2135d37669a9678f0307f 80392 x11 optional wmfrog_0.2.0-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk+FkFoACgkQLARVQsm1Xay9FQCglKlrFtWRTn9nswbOULA28iv3
f+QAoMEI3qJZ/ZbCHuZMMZFMFDXmPG4v
=6Y/f
-----END PGP SIGNATURE-----

--- End Message ---