Your message dated Fri, 01 Jun 2012 01:17:42 +0000
with message-id <[email protected]>
and subject line Bug#675404: fixed in libedit 2.11-20080614-5
has caused the Debian Bug report #675404,
regarding libedit: LDFLAGS hardening flags missing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
675404: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675404
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libedit
Version: 2.11-20080614-4
Severity: normal
Tags: patch
Dear Maintainer,
The LDFLAGS hardening flags are missing for libedit.so.2.11
because the build system ignores them. For more hardening
information please have a look at [1], [2] and [3].
The following patch fixes the issue.
diff -Nru libedit-2.11-20080614/debian/rules libedit-2.11-20080614/debian/rules
--- libedit-2.11-20080614/debian/rules 2012-05-31 09:00:47.000000000 +0200
+++ libedit-2.11-20080614/debian/rules 2012-05-31 23:25:06.000000000 +0200
@@ -9,7 +9,7 @@
PKGDIR = ${CURDIR}/debian/tmp
PMAKE_ARGS = MKPROFILE=no MKCATPAGES=no MLINKS= MANPAGES= \
SHLIB_SHFLAGS="-Wl,-soname,libedit.so.${major}" \
- LDADD="-lbsd -ltinfo"
+ LDADD="$(LDFLAGS) -lbsd -ltinfo"
EDITLINE_3_LINKS = el_init el_end el_reset el_gets el_getc el_push \
el_parse el_set el_get el_source el_resize el_line \
el_insertstr el_deletestr history_init history_end history
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (for example with blhc [4]) (hardening-check
doesn't catch everything):
$ hardening-check /usr/lib/x86_64-linux-gnu/libedit.so.2.11
/usr/lib/x86_64-linux-gnu/libedit.so.2.11:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
(Position Independent Executable and Immediate binding is not
enabled by default.)
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
[4]: http://ruderich.org/simon/blhc/
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: libedit
Source-Version: 2.11-20080614-5
We believe that the bug you reported is fixed in the latest version of
libedit, which is due to be installed in the Debian FTP archive:
libedit-dev_2.11-20080614-5_mips.deb
to main/libe/libedit/libedit-dev_2.11-20080614-5_mips.deb
libedit-dev_2.11-20080614-5_mipsel.deb
to main/libe/libedit/libedit-dev_2.11-20080614-5_mipsel.deb
libedit-dev_2.11-20080614-5_sparc.deb
to main/libe/libedit/libedit-dev_2.11-20080614-5_sparc.deb
libedit2_2.11-20080614-5_mips.deb
to main/libe/libedit/libedit2_2.11-20080614-5_mips.deb
libedit2_2.11-20080614-5_mipsel.deb
to main/libe/libedit/libedit2_2.11-20080614-5_mipsel.deb
libedit2_2.11-20080614-5_sparc.deb
to main/libe/libedit/libedit2_2.11-20080614-5_sparc.deb
libedit_2.11-20080614-5.debian.tar.bz2
to main/libe/libedit/libedit_2.11-20080614-5.debian.tar.bz2
libedit_2.11-20080614-5.dsc
to main/libe/libedit/libedit_2.11-20080614-5.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <[email protected]> (supplier of updated libedit
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 01 Jun 2012 10:10:48 +1000
Source: libedit
Binary: libedit2 libedit-dev
Architecture: source mips mipsel sparc
Version: 2.11-20080614-5
Distribution: unstable
Urgency: low
Maintainer: Anibal Monsalve Salazar <[email protected]>
Changed-By: Anibal Monsalve Salazar <[email protected]>
Description:
libedit-dev - BSD editline and history libraries (development files)
libedit2 - BSD editline and history libraries
Closes: 675404
Changes:
libedit (2.11-20080614-5) unstable; urgency=low
.
* Add LDFLAGS hardening flags to PMAKE_ARGS
Patch by Simon Ruderich
Closes: #675404
Checksums-Sha1:
4e6938e51905786a07068647b04d4f1137968af6 1963 libedit_2.11-20080614-5.dsc
60de8911d1c0a8a86ed71ab550453069ef2d033e 9732
libedit_2.11-20080614-5.debian.tar.bz2
2c94a0b1fe5d388cce2436b5f0d6e4a6a40df75d 66558
libedit2_2.11-20080614-5_mips.deb
e12cd705f580634885af05ad496ef1b537a9543c 89874
libedit-dev_2.11-20080614-5_mips.deb
436d94a19c0ca0824867c28207f3860b7367b141 67324
libedit2_2.11-20080614-5_mipsel.deb
d2bb76e5262498d2a25802881a2676e7a9e70f4d 99338
libedit-dev_2.11-20080614-5_mipsel.deb
bce44312d631216b64286efc6547693c4ad3a555 62214
libedit2_2.11-20080614-5_sparc.deb
357e90b92dddae702d227f05a0e78b5e34c73396 80558
libedit-dev_2.11-20080614-5_sparc.deb
Checksums-Sha256:
62a2b5852acd926cf84957167cf4c0f8136900acc62ab6be182d6b7202b1e032 1963
libedit_2.11-20080614-5.dsc
03ba957cd45d02733a7f2134537ec3352695d3be465f6cb9d304b8085c99d1f5 9732
libedit_2.11-20080614-5.debian.tar.bz2
f14b7652a0e47d02efa0d9aeaa60dd98d9b3f2dfebc86824d3246d980442fe65 66558
libedit2_2.11-20080614-5_mips.deb
a11a706046b3c886f0faa904098edaea7b92d63a3cc323e72595a5108b760248 89874
libedit-dev_2.11-20080614-5_mips.deb
057f3db28e5b0a98d418c145b12be4f7436152cca08d48038ba39d3e16bc9c11 67324
libedit2_2.11-20080614-5_mipsel.deb
a2075c3014c6c32c211bd73964a3559e570b15acdad73ae603bd6a17ecfb98c9 99338
libedit-dev_2.11-20080614-5_mipsel.deb
8ad2aad08951fbcd60b5d01cfe114c7740af478b9be76c827e9b7afbcc985e66 62214
libedit2_2.11-20080614-5_sparc.deb
2e9dda3a199a639e9c656b38e1acf3fd8f57015a1d036fb660cd64efa7a620ec 80558
libedit-dev_2.11-20080614-5_sparc.deb
Files:
ff1f1cae1c896cfa4296d3545c68071f 1963 libs standard libedit_2.11-20080614-5.dsc
065213222518c6019628ab5a2ac921d9 9732 libs standard
libedit_2.11-20080614-5.debian.tar.bz2
0307046e7ebe76603225b1877aa311c8 66558 libs standard
libedit2_2.11-20080614-5_mips.deb
873fc9abcf3a43df94d7a589874b6f50 89874 libdevel optional
libedit-dev_2.11-20080614-5_mips.deb
1c951c8456689602b0d5ecae5de44744 67324 libs standard
libedit2_2.11-20080614-5_mipsel.deb
d52cabcedf43dfd281a520495b2bb68b 99338 libdevel optional
libedit-dev_2.11-20080614-5_mipsel.deb
dd0441b063fbe17203a37b682900edb3 62214 libs standard
libedit2_2.11-20080614-5_sparc.deb
f9268184c224f082c5367d82ce912fce 80558 libdevel optional
libedit-dev_2.11-20080614-5_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJPyBaKAAoJEHxWrP6UeJfYGy0P/0NeIFTbZci9ANxxjxC87nP8
43oSDS1uAVxyYh4WvFz6vJAnZoZMPNQ4hFtikdReU1lgPWuE6DTQoCzv50Mm7on/
RytAJjKXD6IL6Q9+D9iZTW8j6RkkBcrq7Wx2sKE0YJjSKu2mcYZxPYamJF61Yr2r
dNu4joUNQIivcG03zejwURzczkzmILFGelOYOg4OIcjCocymqqeKzWS8Oj2bkVU+
U+QAXsafmq7xV9zw5x1EQbDfFssnujU06iPHJ9o/P3hUi65+6B5azK5FJIMbiiuU
cwnDOqDMl/h9BmlhWFCL6SbonqaT8AWQuKFYrRAzBDs3MqZUot/R2xgsGzLExHlJ
cJF/avnjlMwiCKhaSMViAW0IO/2n95fbZkAe2EaK3nrU6QL/hK6ZxOVdptgVSjEL
W3aCXAUi+IEw2JfOlXx4qWZfmrS/jorytMqGzc98Xf/171yZ5YPJfthxspzBAxQv
I/VJ2dCbbIDnZOiMOAXjDr9wDMAMPsIqlUUT3Pfd2rV95nv4niOfet0yh4fcyXMv
W5T1jsIE5UFKQinV66Vt8z3RQXqO7o+HAhXU+dkmOy2OhMDDUJEqgQ3r+/42tCpz
8cXvIy0K5irQOlH7KWYSsswchda8AiSxL4+86vvan/tJeabl8kKq6tWfUPH99fOw
Xbw1oQWTxD5C+0ILMZ1I
=j33a
-----END PGP SIGNATURE-----
--- End Message ---
