Your message dated Mon, 09 Sep 2013 15:55:32 +0000 with message-id <[email protected]> and subject line Bug#662715: fixed in redir 2.2.1-11 has caused the Debian Bug report #662715, regarding redir: Please enable hardening flags to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 662715: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662715 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: redir Severity: important Tags: patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear Maintainer, Please consider enabling hardening flags which are a release goal for wheezy. For more information please have a look at [1], [2] and [3]. The following patch bumps debian/compat to 9 to automatically enable the hardening flags and enables all flags (including PIE because redir runs as server); you could also enable them without changing compat (see [2]), but compat=9 is the preferred and simplest solution. diff -Nru redir-2.2.1/debian/compat redir-2.2.1/debian/compat --- redir-2.2.1/debian/compat 2012-03-04 23:42:05.000000000 +0100 +++ redir-2.2.1/debian/compat 2012-03-05 23:38:32.000000000 +0100 @@ -1 +1 @@ -8 +9 diff -Nru redir-2.2.1/debian/control redir-2.2.1/debian/control --- redir-2.2.1/debian/control 2012-03-04 23:53:04.000000000 +0100 +++ redir-2.2.1/debian/control 2012-03-05 23:38:32.000000000 +0100 @@ -2,7 +2,7 @@ Section: net Priority: extra Maintainer: Daniel Kahn Gillmor <[email protected]> -Build-Depends: debhelper (>=8), libwrap0-dev +Build-Depends: debhelper (>=9), libwrap0-dev Standards-Version: 3.9.3 Homepage: http://sammy.net/~sammy/hacks/ Vcs-Git: git://lair.fifthhorseman.net/~dkg/redir diff -Nru redir-2.2.1/debian/rules redir-2.2.1/debian/rules --- redir-2.2.1/debian/rules 2012-03-04 23:41:47.000000000 +0100 +++ redir-2.2.1/debian/rules 2012-03-05 23:40:58.000000000 +0100 @@ -1,3 +1,6 @@ #!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + %: dh $@ The build system ignores flags from the environment, which includes the hardening flags. The attached patch fixes this. -O2 is automatically added when necessary (noopt is respected). To check if all flags were correctly enabled you can use `hardening-check` from the hardening-includes package: $ hardening-check /usr/bin/redir /usr/bin/redir: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes Regards, Simon [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags [2]: https://wiki.debian.org/HardeningWalkthrough [3]: https://wiki.debian.org/Hardening - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPVUY6AAoJEJL+/bfkTDL5MngP+gJVZoX+vrOwh8qE9MOpsqAy Xhfwhw5QL9hBViub4OQNYTarZIFcUddpOq9tjLuB7iEnm0E1hrpxKBdgMl5iEFU5 8b3UGe1tLUCwsI5C/u2W0tUKkmfDo1OAXAPPEGq9v6W1P0eSqXszsYGkcfRZWGNq Elk7CIpaUH/GdMtEJRFAGjjcqrguRJFmeJs+lGIwdExcvpOd4MSzo0TiowIwKbzE FlYFdgrqpQZ573YKBi67eHKtzc6J8a49ao+ZELPb23HPruLpFIKECliBQEfltG/K 6RPPzyvr4R55YMNFIwDwToG9pnzlgGUdJaeDYh+z2+m1d5BWSibRzwUqHKAIdCxw XJw90l97cnuJUdKmsj5wsAsWcVMt4qC//2LTKHSeg2ayK93EtOaOnn4+kdfE5f6w I7Ofo6C5Z7SMplSGnVWr9SFyr/HTe/8Smavl2IQaXjXURJBa8JUm/7c5iRj9iJis +5PpFgoycuwMIM2V35P+KBr4s+e68xfWU4r9E7rMJ35J7hBeDIMQu2iabFB6Q7HY JKiCYoZfmkKJxxIHoZ5PoEzaDmap7vBMzHV4HxzO/DHFSqgeJxC2aTm6NhUUmnPf y8QWpk2SzWtCCfDvqXRtqTR3sIoRHj3A1OoD29aHCO2gOaBS0Fh6yW2JAao2RXSv nYQNyg2mCFIXUdXBELa8 =CfNE -----END PGP SIGNATURE-----Description: Use build flags from the environment (dpkg-buildflags). Author: Simon Ruderich <[email protected]> Last-Update: 2012-03-05 --- redir-2.2.1.orig/Makefile +++ redir-2.2.1/Makefile @@ -32,8 +32,8 @@ CC = gcc # if your system lacks getopt_long, remove the comment from this line OBJS = redir.o $(GETOPT_OBJS) -CFLAGS = -O2 -Wall --pedantic $(STR_CFLAGS) $(WRAP_CFLAGS) $(EXTRA_CFLAGS) -LDFLAGS = # -s +CFLAGS += -Wall --pedantic $(STR_CFLAGS) $(WRAP_CFLAGS) $(EXTRA_CFLAGS) +LDFLAGS += # -s # solaris, and others, may also need these libraries to link # also edit here if you're using the TCP wrappers code
--- End Message ---
--- Begin Message ---Source: redir Source-Version: 2.2.1-11 We believe that the bug you reported is fixed in the latest version of redir, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tobias Frost <[email protected]> (supplier of updated redir package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 07 Sep 2013 16:04:58 +0200 Source: redir Binary: redir Architecture: source amd64 Version: 2.2.1-11 Distribution: unstable Urgency: low Maintainer: Debian QA Group <[email protected]> Changed-By: Tobias Frost <[email protected]> Description: redir - Redirect TCP connections Closes: 662715 Changes: redir (2.2.1-11) unstable; urgency=low . * QA upload. * Set maintainer to QA * Enable hardening flags" by changing to d/compat to 9 and B/D on debhelper>9 and new patch 31_enable_hardening.patch (Closes: #662715) * Bump standard version, no changes required * Remove d/README.source, as this package appearantly uses quilt, not dpatch Checksums-Sha1: 4e92e2b67894e614b34689b7e5adb942e74b9fa7 1743 redir_2.2.1-11.dsc 82247bc90baa71f53759647048ac36ca6042f61d 11722 redir_2.2.1-11.debian.tar.gz 48f0bfa0fe3c061dd61c3879b98e4a7867638d0e 19762 redir_2.2.1-11_amd64.deb Checksums-Sha256: e7f69a7d3f66d6d86c67d9f9b4839a0c876a03768f14d0d22d05fd4dd6734b17 1743 redir_2.2.1-11.dsc 3c6f82e94706879464ef75f1810d3c29e7897c0ce399425ee60585d5e28c92f3 11722 redir_2.2.1-11.debian.tar.gz 0f8c61eb4a6da759bca612457de63514bc1ece101ce9798584ec36f17f15c4d1 19762 redir_2.2.1-11_amd64.deb Files: 587112cae26d0c84585e1ba21285078d 1743 net extra redir_2.2.1-11.dsc d162c181f5805848a9122d3cdf37ebcb 11722 net extra redir_2.2.1-11.debian.tar.gz b3512bdd55761faad6980a79fda945ac 19762 net extra redir_2.2.1-11_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJSLdTSAAoJEBLZsEqQy9jk6PMP/0n9YfJWKEG8MibJ8OQKMBxF Zs+8C14JfPMGxdRT8E6wgZL44SHx2MWMmqYgiXQyCBdOdMGpOLyZN8gAnHvxO7DN nZeX/dnKiiiwRO69R/d4kW/evxxyCb10woqXdQXeyuadTHgP0K1m286c/hraP5pD /HA85bSfNyfvPiQ16zqq4ls2nd762LDahATe5ACwLO7A9hUfA6/NOgbvOQ7zxjRM 7qmLqjYHsKJLQzdEUR0Rp4TqFGLwuDbRzhakUlfIpP/th3Ep4yYzwnq1VvaIiIvh aaX7PVh79oEeFbnR47M3yDvWTjfGFv0h+lrBPzmD69PTz2DnnOaUxvpSRgO8XPw1 /3Hxi/5+qt6WB/pXwvPppo4wh0jdX8MENTmuWOW/ECYzmwC0ias2n+TonDkKsaPI mPtM+op8cCyaenaeNBL4VLgXiLWYiuD9Hls06etfXAhDJ+sARvHSvgbzpEklWVUB e09WYwkWDYGnBhe7laBXps1N9r8ZH+ANbJdH+1CWk3r7mDB/Vq5sPqy/LwlYgUMQ U+c4fhhQzv91+w+NRW+9SrmFPzdvwAhslBDBK+ZHeu+NpuJmJWSvZtc/x5krtAIs PQz7J63u/0jCoz+/qcM57++XTTmg3hv8flaJdUUdO+aoxPQuQXcudxssMehTw3P9 xdJduKpAriabpBsRiMRN =erca -----END PGP SIGNATURE-----
--- End Message ---
