Your message dated Fri, 18 Oct 2013 13:03:38 +0000
with message-id <[email protected]>
and subject line Bug#697387: fixed in libdap 3.12.0-1
has caused the Debian Bug report #697387,
regarding libdap: Typo in DEB_BUILD_MAINT_OPTIONS prevents enabling all 
hardening flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
697387: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697387
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libdap
Version: 3.11.1-12
Severity: normal
Tags: patch

Dear Maintainer,

There's a typo in debian/rules which prevents enabling all
hardening flags (+allx instead of +all):

diff -Nru libdap-3.11.1/debian/rules libdap-3.11.1/debian/rules
--- libdap-3.11.1/debian/rules  2012-12-22 09:56:59.000000000 +0100
+++ libdap-3.11.1/debian/rules  2013-01-04 16:57:43.000000000 +0100
@@ -5,7 +5,7 @@
 LIBDIR:=/usr/lib/$(DEB_HOST_MULTIARCH)
 
 # To enable all, uncomment following line
-DEB_BUILD_MAINT_OPTIONS:= hardening=+allx
+DEB_BUILD_MAINT_OPTIONS:= hardening=+all
 DEB_CFLAGS_MAINT_APPEND:= -Wall -pedantic
 export DEB_BUILD_MAINT_OPTIONS
 export DEB_CFLAGS_MAINT_APPEND

However there might be one problem with this change. +all enables
PIE and it might be possible that dap-config passes these build
flags to other programs which will cause problems if the programs
are not also built as PIE. Please check the output of dap-config
for -fPIE in CFLAGS and -fPIE -pie in LDFLAGS and strip them if
necessary in the script.

Another option would be to use +all,-pie which doesn't built the
library with PIE (PIE is only relevant for binaries and libdap
only ships a single binary and is mostly used as library so this
should be fine too).

Instead of using LDFLAGS in the override_dh_auto_configure you
could also use DEB_LDFLAGS_MAINT_APPEND like you did for
DEB_CFLAGS_MAINT_APPEND, the following patch applies both
changes:

diff -Nru libdap-3.11.1/debian/rules libdap-3.11.1/debian/rules
--- libdap-3.11.1/debian/rules  2012-12-22 09:56:59.000000000 +0100
+++ libdap-3.11.1/debian/rules  2013-01-04 17:07:47.000000000 +0100
@@ -5,10 +5,12 @@
 LIBDIR:=/usr/lib/$(DEB_HOST_MULTIARCH)
 
 # To enable all, uncomment following line
-DEB_BUILD_MAINT_OPTIONS:= hardening=+allx
+DEB_BUILD_MAINT_OPTIONS:= hardening=+all
 DEB_CFLAGS_MAINT_APPEND:= -Wall -pedantic
+DEB_LDFLAGS_MAINT_APPEND:= -Wl,--as-needed
 export DEB_BUILD_MAINT_OPTIONS
 export DEB_CFLAGS_MAINT_APPEND
+export DEB_LDFLAGS_MAINT_APPEND
 #export DH_VERBOSE=1
 
 
@@ -24,7 +26,7 @@
        dh_autoreconf --as-needed
 
 override_dh_auto_configure:
-       LDFLAGS="$(LDFLAGS)  -Wl,--as-needed" dh_auto_configure -- --with-gnu-ld
+       dh_auto_configure -- --with-gnu-ld
 
 override_dh_auto_build:
        dh_auto_build

Regards,
Simon
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message ---
Source: libdap
Source-Version: 3.12.0-1

We believe that the bug you reported is fixed in the latest version of
libdap, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alastair McKinstry <[email protected]> (supplier of updated libdap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 17 Oct 2013 22:12:11 +0100
Source: libdap
Binary: libdap11 libdapclient3 libdapserver7 libdap-bin libdap-dev libdap-doc
Architecture: source i386 all
Version: 3.12.0-1
Distribution: unstable
Urgency: low
Maintainer: Alastair McKinstry <[email protected]>
Changed-By: Alastair McKinstry <[email protected]>
Description: 
 libdap-bin - Binaries for the  libdap Data Access Protocol library
 libdap-dev - Development files (headers and static libraries) for libdap
 libdap-doc - Documentation for the libdap Data Access Protocol library
 libdap11   - Open-source Project for a Network Data Access Protocol library
 libdapclient3 - Client library for the Network Data Access Protocol
 libdapserver7 - Server library for the Network Data Access Protocol
Closes: 697387 722701 723938
Changes: 
 libdap (3.12.0-1) unstable; urgency=low
 .
   * New upstream release.
     - No longer need curl-types-remove.patch
   * Add debian/watch file.
   * Fix typo in hardening flags; Change  to =all,-pie ;
     Use DEB_LDFLAGS_MAINT_APPEND. Closes: #697387.
   * Enable parallel build. Closes: #723938.
   * Depend on libcurl4-gnutls-dev | libcurl-dev. Closes: #722701.
Checksums-Sha1: 
 97912aacb2c0875491081d8f653ebf269f0033de 2132 libdap_3.12.0-1.dsc
 dbbed87e6e7bbd7d4a4cc4d064285a1eb8c7909b 1572392 libdap_3.12.0.orig.tar.gz
 5e6b6974ad9c967546b4ef318bdc230cbf805d89 8969 libdap_3.12.0-1.debian.tar.gz
 bd9bfb08dd7104916a031cc1db197f5110545b75 341908 libdap11_3.12.0-1_i386.deb
 a7199a8dd42d764ba13b034f610fa66477a086b5 156534 libdapclient3_3.12.0-1_i386.deb
 40216793068a9032e80caa496b85f91ccc4d4977 99104 libdapserver7_3.12.0-1_i386.deb
 bce1a5608f0eb3d8308f48f16c65c0723a1bebe1 94480 libdap-bin_3.12.0-1_i386.deb
 a29bca444d10a82f3147ca5e0b76accfb8d1a69b 524000 libdap-dev_3.12.0-1_i386.deb
 01c33c41bf1ddc4c4f71d002b8a56697ab54779d 59875110 libdap-doc_3.12.0-1_all.deb
Checksums-Sha256: 
 815c7b7198976e7c1908306948bf058a7460edfd0675e0652ce5162cfee53839 2132 
libdap_3.12.0-1.dsc
 d7120c979ad85a7cbffaf0f14cd8d2ffb2fc15d2e447c7685441a35f0aa15ec4 1572392 
libdap_3.12.0.orig.tar.gz
 f6725b31411993e3f3fa625de416edca48bcb2d3133380132c34f42e6294de33 8969 
libdap_3.12.0-1.debian.tar.gz
 4ace00e15dafb5c2c67f9b91f4b2bf94a66c28c12e8c1540b9e59695753d1087 341908 
libdap11_3.12.0-1_i386.deb
 8c04b7442dc5672a0e11cb64238fca866a6f976b73968c4714bba849e9b45aad 156534 
libdapclient3_3.12.0-1_i386.deb
 f68479ce47737c6c81de1e94f8fc6b438bdcebffb4f8948d33449ceec32741f0 99104 
libdapserver7_3.12.0-1_i386.deb
 e8387b2c9654fbc411640614d56fff42e86e033b3462b16a740c4349b2faf8b3 94480 
libdap-bin_3.12.0-1_i386.deb
 47272f08bb8645991895253eed18e475af3c235ca4ba990f6b9b5211f6b16598 524000 
libdap-dev_3.12.0-1_i386.deb
 f61acce132143ca834445b293b35807010fa2d3442766174fb8971063856fd12 59875110 
libdap-doc_3.12.0-1_all.deb
Files: 
 ede622cec0575a540e9edb8d767432a6 2132 utils optional libdap_3.12.0-1.dsc
 f2dde9f4233d5c1daf2f0e97ba06c277 1572392 utils optional 
libdap_3.12.0.orig.tar.gz
 d68e6824a3eb20c90361f05b81b270d7 8969 utils optional 
libdap_3.12.0-1.debian.tar.gz
 6341f3fe963dc3943ca33fc163d9d009 341908 libs optional 
libdap11_3.12.0-1_i386.deb
 04cadf919d1ff386ec27d3dac8d04d51 156534 libs optional 
libdapclient3_3.12.0-1_i386.deb
 e8298d3588a55ddccc13d62c9b2ca644 99104 libs optional 
libdapserver7_3.12.0-1_i386.deb
 5d90c4f65792eb372be3f712a5491165 94480 utils optional 
libdap-bin_3.12.0-1_i386.deb
 ed27324d93b9d5430fe49b3a3f5569ac 524000 libdevel optional 
libdap-dev_3.12.0-1_i386.deb
 7db786ab4241ec8237125dfb2e966ceb 59875110 doc optional 
libdap-doc_3.12.0-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCAAGBQJSYHGXAAoJEN9LdrZRJ3QsE4IP/3/nqYSSqToW7zt8y6ElZH8Z
KztCmiQTDa72+AR//hsfJoejPcDsX0VYiqtOCYdygbKQC+fmzAPCsYnyzu35UDaD
MsaMw2B9g8VI/ZVafu7cx3wyxBMNRkCfs1gEQXXptzcT974guKWUecGaVqmjjlCS
GCWWyCx4LHx3fOvI53bqFHbFPRr+gpMetiw6+cVXYwIXvOyqbdXLUKqTMzkuXjK7
6FYpbN3icpaYrsSLrPN8/2jt69+FkIBKLTXmiqr08WHgo54wXnL6E7PFB4b2TwSL
ALNKPr7BQCRdDdwwMnKAhEFGl6dLQY3Zr4kc+HSB6VFZZU5rRDIljEPb7B3lASTZ
aEr8HXWKNmtKra6Yhja2eWI+01V8wUD0AyKBd+MDpESHLdzKE0OuSbaPfRCIma8B
SBCmjIDBG+pgjD2Jd44Mp8t2r+TuNqElRyTem4Gpy5DVZMthGotDsDrDDNICY9ij
s6fdQhgiWezw0vSktuxpZ4xjIjoiJUFwG50Pnj9cOa6zpfTsCm9lyooFO6mP6ZMK
rKhgYuz/hYMUxviF6i/qvNLlYwQduB2yF9FwVCh0YMaoKJDh0yJkFB/rPMVeuIB2
3aZFy5QEiAoLhKyKKV4vQ++8xwKMk+A2mYqVouRanIyuxCTx2Y+83JbJgj8rKWxt
ggQFoELYHrf/UCgnidK6
=9Aas
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to