Your message dated Sun, 10 Jun 2012 15:44:36 +0000
with message-id <[email protected]>
and subject line Bug#676909: fixed in less 444-4
has caused the Debian Bug report #676909,
regarding less: CFLAGS hardening flags missing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
676909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676909
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: less
Version: 444-3
Severity: normal
Tags: patch
Dear Maintainer,
The CFLAGS hardening flags are missing because they are
overwritten in debian/rules. For more hardening information
please have a look at [1], [2] and [3].
The following patch fixes the issue.
diff -Nru less-444/debian/rules less-444/debian/rules
--- less-444/debian/rules 2012-06-09 12:35:35.000000000 +0200
+++ less-444/debian/rules 2012-06-10 14:42:26.000000000 +0200
@@ -16,7 +16,7 @@
DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/buildflags.mk
-CFLAGS = -Wall -g #-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
+CFLAGS += -Wall -g #-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
CFLAGS += -O0
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (for example with blhc [4]) (hardening-check
doesn't catch everything):
$ hardening-check /bin/lessecho /bin/lesskey /bin/less
/bin/lessecho:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: no not found!
/bin/lesskey:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
/bin/less:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no not found!
(Position Independent Executable and Immediate binding is not
enabled by default.)
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
[4]: http://ruderich.org/simon/blhc/
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: less
Source-Version: 444-4
We believe that the bug you reported is fixed in the latest version of
less, which is due to be installed in the Debian FTP archive:
less_444-4.debian.tar.bz2
to main/l/less/less_444-4.debian.tar.bz2
less_444-4.dsc
to main/l/less/less_444-4.dsc
less_444-4_mipsel.deb
to main/l/less/less_444-4_mipsel.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <[email protected]> (supplier of updated less package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 11 Jun 2012 00:07:28 +1000
Source: less
Binary: less
Architecture: source mipsel
Version: 444-4
Distribution: unstable
Urgency: low
Maintainer: Anibal Monsalve Salazar <[email protected]>
Changed-By: Anibal Monsalve Salazar <[email protected]>
Description:
less - pager program similar to more
Closes: 676909
Changes:
less (444-4) unstable; urgency=low
.
* Fix typo with CFLAGS in debian/rules
Patch by Simon Ruderich
Closes: #676909
Checksums-Sha1:
636740db15b1a4b480055a7fd416a8cf288e504f 1716 less_444-4.dsc
b4d850355b056442d64d6427e2e8c6039d99cd81 17579 less_444-4.debian.tar.bz2
970a30f619087aca03fa4855fe603b78460a5c3e 134094 less_444-4_mipsel.deb
Checksums-Sha256:
0724c054312e6a28fdb886da73eedcb7c4f9802ffc49d8083b3b7d899931f6a4 1716
less_444-4.dsc
7e64f5528beef7001cc1fb99161d19c2080093b91508790eac7649a890dd43c4 17579
less_444-4.debian.tar.bz2
e67fc38620a6e7a312134e4f81b2c3f86ab14dc606263e73331e786971999ebf 134094
less_444-4_mipsel.deb
Files:
8ef6cda92125438c1155426f3b104250 1716 text standard less_444-4.dsc
d5781ae65419c4534920789e1be8ebd0 17579 text standard less_444-4.debian.tar.bz2
0421940cb8ab5af13770374ce75cb330 134094 text standard less_444-4_mipsel.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJP1K9zAAoJEHxWrP6UeJfYnLAP/0FH1I0zmp2BoKsoyFP5Fpzs
Yl4CSA/Jkdv+yGQLTDCtzzhSSoC+QJjyOYWEn/69cnipfKsTSAh7vWGjgz5J1EBn
QjUpoikCc1dq0uTVEFYMpGWBemhUyejWsdaGVy3SJY32sQNHHt9CZcIUW4VzLV6Z
a8GhRwvJhrnrbW62Xro1G2gBowyykN139LM9pQt4MMOjlxhLXTPjWMwwA/1HxhSp
+b2qG4luEfILbFj2se85yHhcHKe6aMLraFKZifwRhnBG4+doB6s3UpmRKd49FCbP
FifDVmiQhaKbyiD/I6BEViAkR+YcODycOevhIV7NvfVowjZrcLOv13XVIHgdyTjx
axRkD6/XBLsJaHtmJo0k/qeNU/08aq0cssFFLP29OLBhbkyTpJjLIp4POKTyYl6h
ouTuC9w8dWCWQtnPQc04pwvrUKIQSwO1RxXYCXxqP7GeIPd1OgfDuS07+kstKM6v
CnEy7PbipsvMtEjB+6XyrtO8+oghxxKkVheRDeuVpCyK7W7QKe93mjH3kpeVdgKB
QNtEwqtu/CCkN9Ch0WNautI8eHbJlPHi6VbD6eoXWORwZhfBalQj8BBzApjzfYBA
m31t75YhEX406cPLpxYRe9fElqjPsRWTsXn4h0/7HzdOECVB1NiReWe/wk5yszKm
cL4il7iuvBEn2xITUGtH
=GkYu
-----END PGP SIGNATURE-----
--- End Message ---
