Bug#663064: marked as done (varnish: Please enable hardening flags)

Tue, 01 May 2012 08:15:21 -0700 

Your message dated Tue, 01 May 2012 15:12:47 +0000
with message-id <[email protected]>
and subject line Bug#663064: fixed in varnish 3.0.2-2
has caused the Debian Bug report #663064,
regarding varnish: Please enable hardening flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
663064: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663064
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: varnish
Version: 3.0.2-1
Severity: wishlist
Tags: patch


Dear Maintainers,

As you are probably aware, one of the release goals for Wheezy is to enable the 
hardening flags that dpkg-buildflags now exports by default.

I've compiled Varnish with the default flags and all is well. It runs in 
production on ten of my servers. No problems so far.

Debhelper 9 and later export the flags by default, but your use of ./configure 
prevents the flags from propagating. Please apply the attached patch that 
enables the flags in override_auto_configure.


Thanks,

Allard Hoeve

PS: I've tried hardening=+all, but the VCL compiler churns out non-PIE code and 
the Varnish croaks. This needs some more work.


 



-- System Information:
Debian Release: 6.0.4
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF8)
Shell: /bin/sh linked to /bin/dash

commit f6c91fccf2aa79b3dd93ccfd416a2cc2e750a081
Author: Allard Hoeve <[email protected]>
Date:   Tue Mar 6 20:01:07 2012 +0100

    Compile with dpkg-buildflags (hardening)

diff --git a/debian/rules b/debian/rules
index 77977f2..d9a0596 100755
--- a/debian/rules
+++ b/debian/rules
@@ -35,7 +35,7 @@ override_dh_auto_test:
 
 # Override to add local configure flags
 override_dh_auto_configure:
-       dh_auto_configure -- $(LOCAL_CONFIGURE_FLAGS)
+       dh_auto_configure -- $(LOCAL_CONFIGURE_FLAGS) $(shell dpkg-buildflags 
--export=configure)
 
 override_dh_auto_install:
        dh_auto_install -a

--- End Message ---
--- Begin Message --- 
Source: varnish
Source-Version: 3.0.2-2

We believe that the bug you reported is fixed in the latest version of
varnish, which is due to be installed in the Debian FTP archive:

libvarnishapi-dev_3.0.2-2_amd64.deb
  to main/v/varnish/libvarnishapi-dev_3.0.2-2_amd64.deb
libvarnishapi1_3.0.2-2_amd64.deb
  to main/v/varnish/libvarnishapi1_3.0.2-2_amd64.deb
varnish-dbg_3.0.2-2_amd64.deb
  to main/v/varnish/varnish-dbg_3.0.2-2_amd64.deb
varnish-doc_3.0.2-2_all.deb
  to main/v/varnish/varnish-doc_3.0.2-2_all.deb
varnish_3.0.2-2.debian.tar.gz
  to main/v/varnish/varnish_3.0.2-2.debian.tar.gz
varnish_3.0.2-2.dsc
  to main/v/varnish/varnish_3.0.2-2.dsc
varnish_3.0.2-2_amd64.deb
  to main/v/varnish/varnish_3.0.2-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stig Sandbeck Mathisen <[email protected]> (supplier of updated varnish package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 01 May 2012 16:20:31 +0200
Source: varnish
Binary: varnish varnish-doc libvarnishapi1 libvarnishapi-dev varnish-dbg
Architecture: source amd64 all
Version: 3.0.2-2
Distribution: unstable
Urgency: low
Maintainer: Varnish Package Maintainers 
<[email protected]>
Changed-By: Stig Sandbeck Mathisen <[email protected]>
Description: 
 libvarnishapi-dev - development files for Varnish
 libvarnishapi1 - shared libraries for Varnish
 varnish    - state of the art, high-performance web accelerator
 varnish-dbg - debugging symbols for varnish
 varnish-doc - documentation for Varnish Cache
Closes: 656220 663064 663667 664857
Changes: 
 varnish (3.0.2-2) unstable; urgency=low
 .
   [ Knut Arne Bjørndal ]
   * Fix exit code from reload-vcl (Closes: #664857)
 .
   [ Stig Sandbeck Mathisen ]
   * Do not run build tests by default (Closes: #663667)
   * Use debhelper compat level 9 (Closes: #663064)
     This gives us multiarch and hardening flags
   * Remove /etc/varnish/secret on purge (Closes: #656220)
   * Bump standards-version (no changes)
   * Add systemd services
   * Remove vcs_version.h patch
Checksums-Sha1: 
 41e7cd87d1275ca28ca50609a3ec6b75c107b341 1681 varnish_3.0.2-2.dsc
 84805f3c36fc4d93f1650b3396fe17f47a6f8e53 15269 varnish_3.0.2-2.debian.tar.gz
 528d8271819f9ad82efa46ac0417ddf0a6503f4e 533736 varnish_3.0.2-2_amd64.deb
 acd707a38dca7c30eda73dd672e30c3db16b2d25 277424 varnish-doc_3.0.2-2_all.deb
 15c2c7424e0f7ce701ce5115823f0df113f9d744 40786 libvarnishapi1_3.0.2-2_amd64.deb
 f22c74359f6d8532cc42700a5079adc25dc755e7 17974 
libvarnishapi-dev_3.0.2-2_amd64.deb
 35a7d0dd8f6db16da0ee40865da36470850375b5 880428 varnish-dbg_3.0.2-2_amd64.deb
Checksums-Sha256: 
 38f5b8f23c273319c9dbf9b10e6324c6378d0d9b3c1d476f950ee91904c39bdd 1681 
varnish_3.0.2-2.dsc
 4a72acb4ab119029fcc0622cef0a701a30dcbb9b4c89ff60dcce53ae2ffb778d 15269 
varnish_3.0.2-2.debian.tar.gz
 3395f0439033ed67c5f0ce9569a6312c2457a4b1cd118c2782389fde49619d76 533736 
varnish_3.0.2-2_amd64.deb
 512dd4148badf629e99ef82387d4311911d48f6372154a78f29c9b7fdcb5d7ff 277424 
varnish-doc_3.0.2-2_all.deb
 581e642e5a6ad0180f2eadcef331827aaba93344a360689ec36b68d8b790fff6 40786 
libvarnishapi1_3.0.2-2_amd64.deb
 85ddeb18392851e7261fd1875e84db42df6a7e46c7ff8d63c91b2c5f6fa15687 17974 
libvarnishapi-dev_3.0.2-2_amd64.deb
 a7048bbe5ba259ceedced63e0a0de4b78c6ced868517697275413aac561733c5 880428 
varnish-dbg_3.0.2-2_amd64.deb
Files: 
 d6bc2f8771ffee905b7050b67db3b424 1681 web optional varnish_3.0.2-2.dsc
 56fa1a160f14a5d55fb2222ac15c3474 15269 web optional 
varnish_3.0.2-2.debian.tar.gz
 35a77394a62621c12951b99f94f4200a 533736 web optional varnish_3.0.2-2_amd64.deb
 5ccbeddac515df842916f06d1c0d16a4 277424 doc optional 
varnish-doc_3.0.2-2_all.deb
 eed45a2d34a0dbefda4584f5c7ca0923 40786 libs optional 
libvarnishapi1_3.0.2-2_amd64.deb
 11f999ca06ab222137cbd2a2aeea3981 17974 libdevel optional 
libvarnishapi-dev_3.0.2-2_amd64.deb
 baa424b2ff36077a56c371f5b8cd9d31 880428 debug extra 
varnish-dbg_3.0.2-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk+f8goACgkQQONU2fom4u7n8ACgrCnQsPzHT6Ql6RlGBVpYTZfH
JvYAoIAZY+GFLKgu9nKL7Cu/aTxAYMqI
=YdAI
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to