Bug#687044: marked as done (pxz: CPPFLAGS hardening flags missing)

Debian Bug Tracking System Sun, 16 Sep 2012 11:30:15 -0700

Your message dated Sun, 16 Sep 2012 18:28:27 +0000
with message-id <[email protected]>
and subject line Bug#687044: fixed in pxz 4.999.99~beta2+git4774800-1
has caused the Debian Bug report #687044,
regarding pxz: CPPFLAGS hardening flags missing
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
687044: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687044
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: pxz
Version: 4.999.9~beta+git537418b-1
Severity: normal
Tags: patch

Dear Maintainer,

The CPPFLAGS hardening flags are missing because they are not set
in Makefile.

The attached patch fixes the issue.

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log with `blhc` (hardening-check doesn't catch
everything):

    $ hardening-check /usr/bin/pxz
    /usr/bin/pxz:
     Position Independent Executable: no, normal executable!
     Stack protected: no, not found!
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: no not found!

(Position Independent Executable and Immediate binding is not
enabled by default.)

Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

Description: Use CPPFLAGS from environment (dpkg-buildflags).
 Necessary for hardening flags.
Author: Simon Ruderich <[email protected]>
Last-Update: 2012-09-08

--- pxz-4.999.9~beta+git537418b.orig/Makefile
+++ pxz-4.999.9~beta+git537418b/Makefile
@@ -12,7 +12,7 @@ MANDIR?=/usr/share/man
 all: $(OBJECTS) $(NAME)
 
 $(NAME): $(SOURCES) $(OBJECTS)
-	$(CC) -o $(NAME) $(CFLAGS) $(NAME).c $(OBJECTS) $(LDFLAGS) -DPXZ_BUILD_DATE=\"`date +%Y%m%d`\" -DPXZ_VERSION=\"$(VERSION)\"
+	$(CC) -o $(NAME) $(CPPFLAGS) $(CFLAGS) $(NAME).c $(OBJECTS) $(LDFLAGS) -DPXZ_BUILD_DATE=\"`date +%Y%m%d`\" -DPXZ_VERSION=\"$(VERSION)\"
 
 clean:
 	rm -f *.o $(NAME)

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: pxz
Source-Version: 4.999.99~beta2+git4774800-1

We believe that the bug you reported is fixed in the latest version of
pxz, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Holger Levsen <[email protected]> (supplier of updated pxz package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 16 Sep 2012 16:39:06 +0200
Source: pxz
Binary: pxz
Architecture: source amd64
Version: 4.999.99~beta2+git4774800-1
Distribution: unstable
Urgency: low
Maintainer: Holger Levsen <[email protected]>
Changed-By: Holger Levsen <[email protected]>
Description: 
 pxz        - parallel LZMA compressor using liblzma
Closes: 686729 687044
Changes: 
 pxz (4.999.99~beta2+git4774800-1) unstable; urgency=low
 .
   * Makefile: use CPPFLAGS from environment (ie dpkg-buildflags), necessary
     for hardening flags. Thanks to Simon Ruderich (Closes: #687044)
   * Include the following patches from github:
     - use lzma_stream_encoder() in stead of lzma_easy_encoder() so that we
     can from Per Øyvind Karlsen.
     - Fix printf format for 64bit (Closes: #686729) from Simon Andersson.
Checksums-Sha1: 
 fd62c1baf00f9cbce892b88c141e7122ed6d07d1 1929 
pxz_4.999.99~beta2+git4774800-1.dsc
 154619f355c78ac1417300708af2b2cf39703a94 11558 
pxz_4.999.99~beta2+git4774800.orig.tar.bz2
 96a58c1fc6d3f5fed98f8c309611f69b37a0af26 2223 
pxz_4.999.99~beta2+git4774800-1.debian.tar.gz
 ba4ad1ca0c3ed78f906bd9ead2969da7cc2e0436 10376 
pxz_4.999.99~beta2+git4774800-1_amd64.deb
Checksums-Sha256: 
 945b892a018ec4adbaa80fc112737f8e7a07684bfa8517c983d238477223b966 1929 
pxz_4.999.99~beta2+git4774800-1.dsc
 edb932b413e3954c2d52aa4d84f3369381b62eb8641936f6c3b20153a19b3fba 11558 
pxz_4.999.99~beta2+git4774800.orig.tar.bz2
 b2df2d7110a735bd091b44933964d98d5cf76889a162da7e5e3ada6babd939b5 2223 
pxz_4.999.99~beta2+git4774800-1.debian.tar.gz
 13aa09b32c14b2d5b70b04dc469d97a83d676ed0c98337a11957f9b852aba25a 10376 
pxz_4.999.99~beta2+git4774800-1_amd64.deb
Files: 
 8ae0850ac93c2116c5e70a1d20cdb3a0 1929 misc optional 
pxz_4.999.99~beta2+git4774800-1.dsc
 be106cc290a4c14d9731f0cb837d2eba 11558 misc optional 
pxz_4.999.99~beta2+git4774800.orig.tar.bz2
 0f3a18f8d4a6266e41c677f3f93a1bad 2223 misc optional 
pxz_4.999.99~beta2+git4774800-1.debian.tar.gz
 2fc1e6d957f19b9c4ca00534d4fd6ba0 10376 misc optional 
pxz_4.999.99~beta2+git4774800-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIVAwUBUFX5+QkauFYGmqocAQgJpA//dkcJeHqX29+C2+PX0TN4AdvVRjx9xORM
wAuslhnIo3DlL1czHJXfCYyXCGu0UBt40ItqQF9whjcnUQDP+da17W2a8dNa0iSO
Znm/Mw81ZZtiyCOQtMYF2Z+0oPU4jVITQxhRVcbnx4vpvOocdzs7422WaB7ons/U
ws5EFtI4xvIsw5NqgsR5tTDzXXANeQLpYmg/9gSDpcih1stGp5gtVmTa+HtWT4Hl
bhpDp9QAG14ZAH9j/Wd1yTWuvfK2U/xAm6tfIsKeW0TC4oabG9bdm7X3evcBdDFC
mJbyPCYnEl2OqdQHFwbgyHbgbpDimhskJ5ToLoxGmkQC7OvWbsVvaQ3BFxrnGqjr
jG4xSdbKGHF1zuxGAwkfylitHm7I+Mwhl0m2avYm+lEYqzEdiwBITQ/3HZ0tnJ6w
IOP8yZVQfWOZDYClneYCbTwSZWMK8T1ttm0jO8KwABAtfVvlEoUkATR1Q3ZAGwnq
k2qvChlRlFskzY8kV6grf8KzhWHCN8RfQ8nLJ9P8ogBX8M6ZIWpfUnx/lUR0JH8+
j+I02OcCmXdRCN6TiISWDRKzxpRF7/2cegd8od8f48BKDqLXqHqwi9WV4SgbeU5c
XR2zsGq/wgm2b9DVAzch/LfpaIfG9QiPop4E0kv+hbKujzw5dDo0Owxxkd+SoSu6
XpI/94KUzBw=
=y8I/
-----END PGP SIGNATURE-----

--- End Message ---

Bug#687044: marked as done (pxz: CPPFLAGS hardening flags missing)

Reply via email to