Your message dated Fri, 18 Oct 2013 13:03:38 +0000 with message-id <[email protected]> and subject line Bug#697387: fixed in libdap 3.12.0-1 has caused the Debian Bug report #697387, regarding libdap: Typo in DEB_BUILD_MAINT_OPTIONS prevents enabling all hardening flags to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 697387: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697387 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libdap Version: 3.11.1-12 Severity: normal Tags: patch Dear Maintainer, There's a typo in debian/rules which prevents enabling all hardening flags (+allx instead of +all): diff -Nru libdap-3.11.1/debian/rules libdap-3.11.1/debian/rules --- libdap-3.11.1/debian/rules 2012-12-22 09:56:59.000000000 +0100 +++ libdap-3.11.1/debian/rules 2013-01-04 16:57:43.000000000 +0100 @@ -5,7 +5,7 @@ LIBDIR:=/usr/lib/$(DEB_HOST_MULTIARCH) # To enable all, uncomment following line -DEB_BUILD_MAINT_OPTIONS:= hardening=+allx +DEB_BUILD_MAINT_OPTIONS:= hardening=+all DEB_CFLAGS_MAINT_APPEND:= -Wall -pedantic export DEB_BUILD_MAINT_OPTIONS export DEB_CFLAGS_MAINT_APPEND However there might be one problem with this change. +all enables PIE and it might be possible that dap-config passes these build flags to other programs which will cause problems if the programs are not also built as PIE. Please check the output of dap-config for -fPIE in CFLAGS and -fPIE -pie in LDFLAGS and strip them if necessary in the script. Another option would be to use +all,-pie which doesn't built the library with PIE (PIE is only relevant for binaries and libdap only ships a single binary and is mostly used as library so this should be fine too). Instead of using LDFLAGS in the override_dh_auto_configure you could also use DEB_LDFLAGS_MAINT_APPEND like you did for DEB_CFLAGS_MAINT_APPEND, the following patch applies both changes: diff -Nru libdap-3.11.1/debian/rules libdap-3.11.1/debian/rules --- libdap-3.11.1/debian/rules 2012-12-22 09:56:59.000000000 +0100 +++ libdap-3.11.1/debian/rules 2013-01-04 17:07:47.000000000 +0100 @@ -5,10 +5,12 @@ LIBDIR:=/usr/lib/$(DEB_HOST_MULTIARCH) # To enable all, uncomment following line -DEB_BUILD_MAINT_OPTIONS:= hardening=+allx +DEB_BUILD_MAINT_OPTIONS:= hardening=+all DEB_CFLAGS_MAINT_APPEND:= -Wall -pedantic +DEB_LDFLAGS_MAINT_APPEND:= -Wl,--as-needed export DEB_BUILD_MAINT_OPTIONS export DEB_CFLAGS_MAINT_APPEND +export DEB_LDFLAGS_MAINT_APPEND #export DH_VERBOSE=1 @@ -24,7 +26,7 @@ dh_autoreconf --as-needed override_dh_auto_configure: - LDFLAGS="$(LDFLAGS) -Wl,--as-needed" dh_auto_configure -- --with-gnu-ld + dh_auto_configure -- --with-gnu-ld override_dh_auto_build: dh_auto_build Regards, Simon -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: libdap Source-Version: 3.12.0-1 We believe that the bug you reported is fixed in the latest version of libdap, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alastair McKinstry <[email protected]> (supplier of updated libdap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 17 Oct 2013 22:12:11 +0100 Source: libdap Binary: libdap11 libdapclient3 libdapserver7 libdap-bin libdap-dev libdap-doc Architecture: source i386 all Version: 3.12.0-1 Distribution: unstable Urgency: low Maintainer: Alastair McKinstry <[email protected]> Changed-By: Alastair McKinstry <[email protected]> Description: libdap-bin - Binaries for the libdap Data Access Protocol library libdap-dev - Development files (headers and static libraries) for libdap libdap-doc - Documentation for the libdap Data Access Protocol library libdap11 - Open-source Project for a Network Data Access Protocol library libdapclient3 - Client library for the Network Data Access Protocol libdapserver7 - Server library for the Network Data Access Protocol Closes: 697387 722701 723938 Changes: libdap (3.12.0-1) unstable; urgency=low . * New upstream release. - No longer need curl-types-remove.patch * Add debian/watch file. * Fix typo in hardening flags; Change to =all,-pie ; Use DEB_LDFLAGS_MAINT_APPEND. Closes: #697387. * Enable parallel build. Closes: #723938. * Depend on libcurl4-gnutls-dev | libcurl-dev. Closes: #722701. Checksums-Sha1: 97912aacb2c0875491081d8f653ebf269f0033de 2132 libdap_3.12.0-1.dsc dbbed87e6e7bbd7d4a4cc4d064285a1eb8c7909b 1572392 libdap_3.12.0.orig.tar.gz 5e6b6974ad9c967546b4ef318bdc230cbf805d89 8969 libdap_3.12.0-1.debian.tar.gz bd9bfb08dd7104916a031cc1db197f5110545b75 341908 libdap11_3.12.0-1_i386.deb a7199a8dd42d764ba13b034f610fa66477a086b5 156534 libdapclient3_3.12.0-1_i386.deb 40216793068a9032e80caa496b85f91ccc4d4977 99104 libdapserver7_3.12.0-1_i386.deb bce1a5608f0eb3d8308f48f16c65c0723a1bebe1 94480 libdap-bin_3.12.0-1_i386.deb a29bca444d10a82f3147ca5e0b76accfb8d1a69b 524000 libdap-dev_3.12.0-1_i386.deb 01c33c41bf1ddc4c4f71d002b8a56697ab54779d 59875110 libdap-doc_3.12.0-1_all.deb Checksums-Sha256: 815c7b7198976e7c1908306948bf058a7460edfd0675e0652ce5162cfee53839 2132 libdap_3.12.0-1.dsc d7120c979ad85a7cbffaf0f14cd8d2ffb2fc15d2e447c7685441a35f0aa15ec4 1572392 libdap_3.12.0.orig.tar.gz f6725b31411993e3f3fa625de416edca48bcb2d3133380132c34f42e6294de33 8969 libdap_3.12.0-1.debian.tar.gz 4ace00e15dafb5c2c67f9b91f4b2bf94a66c28c12e8c1540b9e59695753d1087 341908 libdap11_3.12.0-1_i386.deb 8c04b7442dc5672a0e11cb64238fca866a6f976b73968c4714bba849e9b45aad 156534 libdapclient3_3.12.0-1_i386.deb f68479ce47737c6c81de1e94f8fc6b438bdcebffb4f8948d33449ceec32741f0 99104 libdapserver7_3.12.0-1_i386.deb e8387b2c9654fbc411640614d56fff42e86e033b3462b16a740c4349b2faf8b3 94480 libdap-bin_3.12.0-1_i386.deb 47272f08bb8645991895253eed18e475af3c235ca4ba990f6b9b5211f6b16598 524000 libdap-dev_3.12.0-1_i386.deb f61acce132143ca834445b293b35807010fa2d3442766174fb8971063856fd12 59875110 libdap-doc_3.12.0-1_all.deb Files: ede622cec0575a540e9edb8d767432a6 2132 utils optional libdap_3.12.0-1.dsc f2dde9f4233d5c1daf2f0e97ba06c277 1572392 utils optional libdap_3.12.0.orig.tar.gz d68e6824a3eb20c90361f05b81b270d7 8969 utils optional libdap_3.12.0-1.debian.tar.gz 6341f3fe963dc3943ca33fc163d9d009 341908 libs optional libdap11_3.12.0-1_i386.deb 04cadf919d1ff386ec27d3dac8d04d51 156534 libs optional libdapclient3_3.12.0-1_i386.deb e8298d3588a55ddccc13d62c9b2ca644 99104 libs optional libdapserver7_3.12.0-1_i386.deb 5d90c4f65792eb372be3f712a5491165 94480 utils optional libdap-bin_3.12.0-1_i386.deb ed27324d93b9d5430fe49b3a3f5569ac 524000 libdevel optional libdap-dev_3.12.0-1_i386.deb 7db786ab4241ec8237125dfb2e966ceb 59875110 doc optional libdap-doc_3.12.0-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCAAGBQJSYHGXAAoJEN9LdrZRJ3QsE4IP/3/nqYSSqToW7zt8y6ElZH8Z KztCmiQTDa72+AR//hsfJoejPcDsX0VYiqtOCYdygbKQC+fmzAPCsYnyzu35UDaD MsaMw2B9g8VI/ZVafu7cx3wyxBMNRkCfs1gEQXXptzcT974guKWUecGaVqmjjlCS GCWWyCx4LHx3fOvI53bqFHbFPRr+gpMetiw6+cVXYwIXvOyqbdXLUKqTMzkuXjK7 6FYpbN3icpaYrsSLrPN8/2jt69+FkIBKLTXmiqr08WHgo54wXnL6E7PFB4b2TwSL ALNKPr7BQCRdDdwwMnKAhEFGl6dLQY3Zr4kc+HSB6VFZZU5rRDIljEPb7B3lASTZ aEr8HXWKNmtKra6Yhja2eWI+01V8wUD0AyKBd+MDpESHLdzKE0OuSbaPfRCIma8B SBCmjIDBG+pgjD2Jd44Mp8t2r+TuNqElRyTem4Gpy5DVZMthGotDsDrDDNICY9ij s6fdQhgiWezw0vSktuxpZ4xjIjoiJUFwG50Pnj9cOa6zpfTsCm9lyooFO6mP6ZMK rKhgYuz/hYMUxviF6i/qvNLlYwQduB2yF9FwVCh0YMaoKJDh0yJkFB/rPMVeuIB2 3aZFy5QEiAoLhKyKKV4vQ++8xwKMk+A2mYqVouRanIyuxCTx2Y+83JbJgj8rKWxt ggQFoELYHrf/UCgnidK6 =9Aas -----END PGP SIGNATURE-----
--- End Message ---

