Your message dated Fri, 17 May 2013 11:00:06 +0000 with message-id <[email protected]> and subject line Bug#658430: fixed in newt 0.52.15-1 has caused the Debian Bug report #658430, regarding Hardened build flags not fully enabled to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 658430: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658430 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: newt Severity: important newt uses dh and debian/compat, which makes it export the new hardened build flags from dpkg-buildflags. This results in the following flags being exported: CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security CPPFLAGS=-D_FORTIFY_SOURCE=2 CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security FFLAGS=-g -O2 LDFLAGS=-Wl,-z,relro However, you're overwriting CFLAGS in your rules file and thus nullifying the stack protector and the enforced format string checks: dh_auto_configure -- $(GPMSUPPORT) $(NOSTRIP) CFLAGS="-I/usr/include/tcl8.5" Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: newt Source-Version: 0.52.15-1 We believe that the bug you reported is fixed in the latest version of newt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alastair McKinstry <[email protected]> (supplier of updated newt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 16 May 2013 20:56:57 +0100 Source: newt Binary: libnewt-dev libnewt-pic newt-tcl python-newt python3-newt python-newt-dbg python3-newt-dbg libnewt0.52 whiptail Architecture: source i386 Version: 0.52.15-1 Distribution: unstable Urgency: low Maintainer: Alastair McKinstry <[email protected]> Changed-By: Alastair McKinstry <[email protected]> Description: libnewt-dev - Developer's toolkit for newt windowing library libnewt-pic - Not Erik's Windowing Toolkit, shared library subset kit libnewt0.52 - Not Erik's Windowing Toolkit - text mode windowing with slang newt-tcl - NEWT module for Tcl python-newt - NEWT module for Python python-newt-dbg - NEWT module for Python (debug extension) python3-newt - NEWT module for Python3 python3-newt-dbg - NEWT module for Python3 (debug extension) whiptail - Displays user-friendly dialog boxes from shell scripts Closes: 658430 691240 Changes: newt (0.52.15-1) unstable; urgency=low . * New upstream release. * Standards-Version: 3.9.4 * Build against tcl8.6-dev * Build python3 modules. Closes: #691240 * Update patches; latvian patch now merged upstream. * M-A, round two: patch to run msgfmt --endianness little to force .mo files to be identical. Now lib* package can be Multi-Arch: same * The python-newt-dbg and python3-newt-dbg packages conflict as they ship the same debug symbols file (hashed) * Use dh --with autoreconf rather than call 'by hand'. Cleaner. * Include more changes for hardening support. Closes: #658430. * Improved watch file from Bart Martens. Checksums-Sha1: af5c52f062525d3660b3819475ebb07026d66ca5 2320 newt_0.52.15-1.dsc e067280e474eb327c62eaa306e2242adcf540ab2 183171 newt_0.52.15.orig.tar.gz 0e9a6f3bd57b88b798540153f67e3abd75f921d0 47810 newt_0.52.15-1.debian.tar.gz 07756a6f8f7aa5117b46c7e0bc18cec9199f5ac6 95562 libnewt-dev_0.52.15-1_i386.deb 8c7d8aa8f335534690e531a970f1a57229c53e03 19000 libnewt-pic_0.52.15-1_i386.deb e61007889293a65054a7313ff48506fd25d97b20 27836 newt-tcl_0.52.15-1_i386.deb cba8875933ac22b87aa3da6fd58751ec3841ca18 38124 python-newt_0.52.15-1_i386.deb aec39dceb68c29f0f89e97f589ebe72c43effb39 50058 python3-newt_0.52.15-1_i386.deb eded481d737af1c5bcc29a6c0d9010abb245b828 79348 python-newt-dbg_0.52.15-1_i386.deb cbc9d5b080e5686171ef466688ffacdabcc3361b 125326 python3-newt-dbg_0.52.15-1_i386.deb b0e000fc72bb2254b806aaa845e7006309f0cb8c 78058 libnewt0.52_0.52.15-1_i386.deb eaf96bbd599241d51448e2fd9507c9fd28c862d3 33654 whiptail_0.52.15-1_i386.deb Checksums-Sha256: f9f57fcaa821e43e9eddf46d0aa6465f71463fc1afb11f54f35bca827b5552b1 2320 newt_0.52.15-1.dsc 7a6151923e7a8a950f9a8a21668a5780d09b0f35f9d76a7ec606c71c35a0e241 183171 newt_0.52.15.orig.tar.gz f71505a6237e5a9b07ab976f2d0ca3c7889dc5c209e19bd86e0edd118e5d19ce 47810 newt_0.52.15-1.debian.tar.gz 59332dcdfab5edc68a8ff728db9b3db0c3b7db86f47d0f1625208c74a196f819 95562 libnewt-dev_0.52.15-1_i386.deb 5c1a1461e1a56b7a736a950658678ca06792a4d2bd0536318b8ad8af6e137da4 19000 libnewt-pic_0.52.15-1_i386.deb f55aab8e38154eaebb835aa8e1ba7f75c02ce54049b307a3c46d00b252b576df 27836 newt-tcl_0.52.15-1_i386.deb 197b3ade4578b21e1f06605eaf9a79dc63712753235a64a841b30a018cfbe41c 38124 python-newt_0.52.15-1_i386.deb 89b8092f802a4c77f3ded17e0baa8872f4db9bd55a43baebb621ebd707d79ec8 50058 python3-newt_0.52.15-1_i386.deb 740121e325a6a41573e458909078ef883ffba646b4b8dd2acd5c9bdc500b68e7 79348 python-newt-dbg_0.52.15-1_i386.deb e4fe12412b90777d515657a4345e83f22e7753a21dee40b3c0359748ce602f41 125326 python3-newt-dbg_0.52.15-1_i386.deb a20625bde5e6ce78494f8d3c6cf4e555c0dc67b3587a4bd77aaa249d4ff9f360 78058 libnewt0.52_0.52.15-1_i386.deb 158e81f0bec770f71d1bcc87911bfc256e4fda8e47024d7a0f879fc449700dd2 33654 whiptail_0.52.15-1_i386.deb Files: 9704a8e7e797d549f2267ed554bffcff 2320 devel optional newt_0.52.15-1.dsc 343ee3a0fd0eacdb7c508a1e1cfabf65 183171 devel optional newt_0.52.15.orig.tar.gz 94807d274c495af03bff4d59aa15d823 47810 devel optional newt_0.52.15-1.debian.tar.gz c60de4e205ca5534e4475e4027d724e8 95562 libdevel optional libnewt-dev_0.52.15-1_i386.deb 901ad6c738a99c9e6ed9f1a89566cd44 19000 libdevel extra libnewt-pic_0.52.15-1_i386.deb 4599fae9aedc27ae4b1391ffd91ec5cf 27836 interpreters extra newt-tcl_0.52.15-1_i386.deb ee3e8dbfe6fc9b221ddc4fcf7baafd69 38124 python optional python-newt_0.52.15-1_i386.deb b65978e4b220a5d96784dcc3eb6cf881 50058 python optional python3-newt_0.52.15-1_i386.deb 9d2da56e1b56a94f2c2b603a03cbbcd5 79348 debug extra python-newt-dbg_0.52.15-1_i386.deb a05c9c1eef5c1d4307dbd94e3a51f533 125326 debug extra python3-newt-dbg_0.52.15-1_i386.deb f7460907af516f5e028f617db40bf6d3 78058 libs important libnewt0.52_0.52.15-1_i386.deb f674380369be0e84f47d9f29dbb854c1 33654 utils important whiptail_0.52.15-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRk7j4AAoJEN9LdrZRJ3QsIycP/1fbIaP2F3dHntaW6hP2vpyH eVyMc0pnSyh506ugdRLoYJMEnMcMX8m8fPOwYfWT3i8mh5EulIzrA9mfIzxqhhkB soTTH8ppRVm2sQYN0qo+biaDFuCw9oBeC0GpMbn34tX1J3n9tu6+KsX/jWOU92AN 0VwaS4yjmXjjvzPBijPStQZMfmE7RwyxMRCSj/ff28IYZextK4daB45yXw3kaJUm OrzmTnueAAMiW38BDaf4Rti87uOjKFsML6S/nPo3Ezcg3iHvKlPxCldfKEzGkZxZ 1zyhvUd1aYyvJbeb/zNQ8r5r2kJ0U0raCN4mDV1T+1Pxy27nzYhgNB6PQyTbPez8 jk8dUft0bJVuQ02KGXmsmqkxOvxVPH2YcrZUdM5rr/ByY/+sf7IeEpTEb7DkqDaf oZnitkm2knqYQxox/yjFQWeSqUZM6gFitCM0U3ay7pAheDnTHWoaeLQkgzYbgtEl JVjkewK8e5JH7rLSC/rJwR6S9IJBhpbQuEbWobvJRnzj1jc52svyQLT7z82h9SPw TTujW9YiTiT9jhlTS4jQnocgW7OgplRYfUfsEUSbGvJUTu1+12ISSsmdSvcIRUA7 hM+TfenZhbH97/PUFhNP/u5bRhUutC95UYtA6ij+DO2lCssPKNMV+ojmehwp6sMs z/8ZbI1XbNIQ3pQY6pIv =TDzp -----END PGP SIGNATURE-----
--- End Message ---
