Bug#725865: marked as done (Please enable hardening options)

[Debian Bug Tracking System]

Your message dated Fri, 21 Feb 2014 01:18:49 +0000
with message-id <e1wgeln-00021l...@franck.debian.org>
and subject line Bug#725865: fixed in wpa 1.1-1
has caused the Debian Bug report #725865,
regarding Please enable hardening options
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
725865: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725865
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: wpasupplicant
Version: 1.0-3
Severity: wishlist
Tags: patch security


Hi,

Please consider the following patch to enable hardening options as
described on:
https://wiki.debian.org/Hardening

The patch works for me

Regards,
        Florent

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.8-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages wpasupplicant depends on:
ii  adduser           3.113+nmu3
ii  initscripts       2.88dsf-43
ii  libc6             2.17-93
ii  libdbus-1-3       1.6.14-1
ii  libncurses5       5.9+20130608-1
ii  libnl-3-200       3.2.21-1
ii  libnl-genl-3-200  3.2.21-1
ii  libpcsclite1      1.8.8-4+b1
ii  libreadline5      5.2+dfsg-2
ii  libssl1.0.0       1.0.1e-3
ii  libtinfo5         5.9+20130608-1
ii  lsb-base          4.1+Debian12

wpasupplicant recommends no packages.

Versions of packages wpasupplicant suggests:
pn  libengine-pkcs11-openssl  <none>
pn  wpagui                    <none>


--- /tmp/rules.old	2013-10-09 11:30:14.785568570 +0100
+++ debian/rules	2013-10-09 11:30:22.001174678 +0100
@@ -1,11 +1,14 @@
 #!/usr/bin/make -f
 
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+include /usr/share/dpkg/buildflags.mk
+
 # The build system doesn't use CPPFLAGS, pass them to CFLAGS/CXXFLAGS to
 # enable the missing (hardening) flags
 CFLAGS   += -MMD -Wall $(CPPFLAGS)
 CXXFLAGS += $(CPPFLAGS)
 
-UCFLAGS  = -MMD -Wall -g -Os
+UCFLAGS  = -MMD -Wall -g -Os -fPIC
 
 BINDIR   = /sbin
 V = 1

--- End Message ---

--- Begin Message ---

Source: wpa
Source-Version: 1.1-1

We believe that the bug you reported is fixed in the latest version of
wpa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 725...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Lippers-Hollmann <s....@gmx.de> (supplier of updated wpa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 21 Feb 2014 01:07:28 +0100
Source: wpa
Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb
Architecture: source amd64
Version: 1.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian wpasupplicant Maintainers 
<pkg-wpa-de...@lists.alioth.debian.org>
Changed-By: Stefan Lippers-Hollmann <s....@gmx.de>
Description: 
 hostapd    - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authentica
 wpagui     - graphical user interface for wpa_supplicant
 wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
 wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Closes: 678147 685685 690536 711063 725865 728092 734422 737109 737465
Changes: 
 wpa (1.1-1) unstable; urgency=medium
 .
   * New upstream release:
     - drop 11_wpa_gui_ftbfs_gcc_4_7, applied upstream.
     - drop EAP-TLS-server_fix-TLS-Message-length-validation, applied upstream.
     - fixes:
       - EAP access point constantly roaming with proactive key caching
         (Closes: #711063).
   * enable IBSS RSN, thanks to Nicolas Cavallari <batch...@free.fr>
     (Closes: #678147).
   * enable simple AP support for wpasupplicant, thanks to Patrik Flykt
     <patrik.fl...@linux.intel.com> (Closes: #690536).
   * use the readline6, wpa_cli doesn't link to openssl.
   * link with --as-needed.
   * compress binaries with xz.
   * debian/get-orig-source: switch to xz compressed upstream tarballs.
   * debian/get-orig-source: adapt for the post 1.x upstream branch.
   * debian/get-orig-source: support named snapshots, see debian/README.source
     for detailed syntax and semantics.
   * debian/README.source: explain fetching git snapshots by specifying their
     git hash.
   * debian/README.source: update to match current reality and apply grammar
     fixes.
   * debian/README.source: drop trailing whitespace.
   * fix hardening flags, thanks a lot to Florent Daigniere
     <nextg...@freenetproject.org> (Closes: #725865).
   * debian/control: fold dependencies.
   * bump standards version to 3.9.5, no changes necessary.
   * reflect reality and adapt the maintainer mail address not to claim
     representing Ubuntu.
   * drop wheezy-specific comments in the configuration files.
   * glob 'wpa-password' as well and hide its debugging output, this hopefully
     closes: #728092.
   * enable EAP-FAST, openssl in Debian is now new enough (Closes: #685685).
   * update to new alioth URIs (vcs-field-not-canonical).
   * add Keywords entry for desktop files (desktop-entry-lacks-keywords-entry).
   * functions.sh: s/particuarly/particularly/, thanks to Vincent Lefevre
     <vinc...@vinc17.net> (Closes: #734422).
   * fix FTBS using gcc-4.8 by linking with -ldl on kfreebsd-any; the udeb
     packages don't provide EAP support and are therefore unaffected. This is
     already accounted for by the upstream Makefile, however wrongly depending
     on !CONFIG_DRIVER_BSD, while it is actually depending on the target libc
     rather than the kernel (Closes: #737465). Thanks to Cyril Brulebois
     <k...@debian.org> and Steven Chamberlain <ste...@pyro.eu.org>.
   * import "hostapd: Fix WDS VLAN bridge handling" by Felix Fietkau
     <n...@openwrt.org> from upstream, thanks to Mark Hindley
     <m...@hindley.org.uk> (Closes: #737109).
   * drop build-conflicts with libqt3-dev as the package is no longer available
     >= lenny, thanks to Michael Biebl <bi...@debian.org>.
   * drop pre-dependency on dpkg (>= 1.15.6~), data.tar.xz-member-without-dpkg-
     pre-depends is no longer a problem after Ubuntu lucid is EOL. Thanks to
     Michael Biebl for noticing.
   * drop build-dependency on libdbus-glib-1-dev, it is no longer required for
     dbus-binding-tool, thanks to Michael Biebl.
   * allow parallel building.
   * fix spelling s/algorith/algorithm/.
   * add lintian overrides for false positive spelling complaints.
Checksums-Sha1: 
 097dc4139d098af5bc65f6a8140c59576e52d6a7 2370 wpa_1.1-1.dsc
 37607bf2574c586eac9dfa59f33c47a082f9c4e9 1377520 wpa_1.1.orig.tar.xz
 3f1b9762030aa6fc15bf6e622916c3b93d612531 73836 wpa_1.1-1.debian.tar.xz
 190c0758901b80ec79992f76e3ccea1f3e1334a9 416942 hostapd_1.1-1_amd64.deb
 e7cde11e25acaeec07d2040d9d65b1bff4369a13 331770 wpagui_1.1-1_amd64.deb
 27f1559ce06095ef91a46947c8e42fd8b3d0c34f 704466 wpasupplicant_1.1-1_amd64.deb
 2283844b8b5a7b742dd155522069a75f174505df 157368 
wpasupplicant-udeb_1.1-1_amd64.udeb
Checksums-Sha256: 
 e814e09174bbdc595818f2553928ab18a8a1e2c0d94b427ca70f6c8420a270d2 2370 
wpa_1.1-1.dsc
 01c842c26ec94aae45c26e0755a34d5bb629505610119f63ce971c8dc390ea09 1377520 
wpa_1.1.orig.tar.xz
 df917c6ab87d8829f0d0c4683c6390508ac725bc19721de37357f1557bf65528 73836 
wpa_1.1-1.debian.tar.xz
 3e10c602801a947c69ac5f742af50fbcaec934b859cc900a24ac7797daf5a5c3 416942 
hostapd_1.1-1_amd64.deb
 3ad6abf7e8f49c1c673bcb95d630b9fc01e2ca954b78a54b6b9d4ef610c8759c 331770 
wpagui_1.1-1_amd64.deb
 2582d4894b38dbef1a2eed0c8ee7808aaf884f2d88b2faca454b547280306c6d 704466 
wpasupplicant_1.1-1_amd64.deb
 91350fa6983ff889e1562da6ee885d29db8549def93d614276497bf7e433c2c2 157368 
wpasupplicant-udeb_1.1-1_amd64.udeb
Files: 
 f6e33f14afb223ec763aba04d68f3b2b 2370 net optional wpa_1.1-1.dsc
 adda2fa2716964dd5769592d79101fc8 1377520 net optional wpa_1.1.orig.tar.xz
 792146a582108e7f5c31390eecd53141 73836 net optional wpa_1.1-1.debian.tar.xz
 7bb1155d3c135bc0235ac9dde5848d66 416942 net optional hostapd_1.1-1_amd64.deb
 ac2a81b2cf7f272c6e51fa8fa5295659 331770 net optional wpagui_1.1-1_amd64.deb
 a15c6543dbdfdac870d1a346fa4d970b 704466 net optional 
wpasupplicant_1.1-1_amd64.deb
 20510f6a4372ad5d34e2d47b8aaa1420 157368 debian-installer standard 
wpasupplicant-udeb_1.1-1_amd64.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTBqYKAAoJEGrh3w1gjyLcvk4P/1Tvg8v64FPj6pQ2SCy5etMz
Wetxdafgdt5XSfeFzj2KJOdnSkCEl6e8EvjR9SH8HAP6UAC9pcM5V5PdepucqoaM
qO4fu7lLmV8hwqQ1FukwmFrIiwcpJlp0oedw2YuAbrOCBIH/2omK53Ufx6fOIdTS
TMnhbdq8Tu68LybXAMYU+yZxD7AhxQPBp182SfGKqT2BuNdE37npnGA6v6tup/kk
rL0lqunNiGlM7qcskOQTsS0O+mL2ghra8dc50kKu0M7nUSYFh+eZ0vH72GlPFy27
GgLtks8BCZtZQLdNf++gWKfukdKXWfznd65wb6tzDKWq1ucbtuDZU9m4loTqDtcC
RABORlFWvehdartLUbve2UlzzHPeexRBSq9Z9E9aEl5c5as+BAy8agECsHZiVRV3
d+fgI8f3pNPJGjpf9GtTyttrP0spryDQmT+BvJJDu+ljmd52Xpw9Wsd4dJHh2CwY
HUGXHouMblqGsyGOeREJ22twnsqzhSDRFE9ZUDcGpFJePMOs/GeywSAGcqRBr7Po
7fQ3BEdKnHuFxWW5Vjdo8bhBJoi2tgqo+DOMzg2Hp7PBbkiVmy8XkH7rY0rqs9j/
qIOd/pKwfaNUhSRCT28jDQX0InxntUyv5z026nPQAWwoEpRFzEKOeXalVBRu8T59
NoWxBU7g/PJj+bNxi4W+
=5n4F
-----END PGP SIGNATURE-----

--- End Message ---