Your message dated Sat, 09 Aug 2014 09:39:39 +0000
with message-id <[email protected]>
and subject line Bug#754412: fixed in rsync 3.1.1-2
has caused the Debian Bug report #754412,
regarding rsync: +all hardening not applied
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
754412: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754412
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: rsync
Version: 3.1.1-1
Severity: normal
Tags: patch
Hello,
The additional hardening +all announced in the changelog is not
applied because GNU Make's $(shell ..) doesn't expand environment
variables which are set in the Makefile itself, including
DEB_BUILD_MAINT_OPTIONS.
The attached patch fixes this issue by manually passing
DEB_BUILD_MAINT_OPTIONS to dpkg-buildflags (ugly, but the only
way). The patch also removes the unnecessary setting of
debug-flags (-O2 vs -O0 -g) which is now automatically handled by
dpkg-buildflags (btw. -I is a preprocessor flag -> CPPFLAGS).
An alternative solution would be dh7 style with compat=9 which
respects DEB_BUILD_MAINT_OPTIONS.
Regards
Simon
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
diff -Nru rsync-3.1.1/debian/rules rsync-3.1.1/debian/rules
--- rsync-3.1.1/debian/rules 2014-07-10 14:20:46.000000000 +0200
+++ rsync-3.1.1/debian/rules 2014-07-10 22:02:37.000000000 +0200
@@ -12,7 +12,6 @@
SHELL = /bin/bash
BINS = rsync
-CFLAGS= -Wall -Izlib
INSTALL = install
INSTALL_FILE = $(INSTALL) -p -o root -g root -m 644
INSTALL_PROGRAM = $(INSTALL) -p -o root -g root -m 755
@@ -20,19 +19,11 @@
INSTALL_DIR = $(INSTALL) -p -d -o root -g root -m 755
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
-DPKG_EXPORT_BUILDFLAGS = 1
-CFLAGS += $(shell dpkg-buildflags --get CFLAGS)
-LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS)
-
-CPPFLAGS:=$(shell dpkg-buildflags --get CPPFLAGS)
-
-# policy stuff
-ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
-CFLAGS += -g
-else
-CFLAGS += -g -O2
-endif
+dpkg_buildflags = DEB_BUILD_MAINT_OPTIONS=$(DEB_BUILD_MAINT_OPTIONS) dpkg-buildflags
+CPPFLAGS := -Izlib $(shell $(dpkg_buildflags) --get CPPFLAGS)
+CFLAGS := -Wall $(shell $(dpkg_buildflags) --get CFLAGS)
+LDFLAGS := $(shell $(dpkg_buildflags) --get LDFLAGS)
# backwards compatibility stuff, from dpkg-architecture manpage
DEB_BUILD_ARCH := $(shell dpkg --print-architecture)
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: rsync
Source-Version: 3.1.1-2
We believe that the bug you reported is fixed in the latest version of
rsync, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Paul Slootman <[email protected]> (supplier of updated rsync package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 09 Aug 2014 11:02:31 +0200
Source: rsync
Binary: rsync
Architecture: source amd64
Version: 3.1.1-2
Distribution: unstable
Urgency: low
Maintainer: Paul Slootman <[email protected]>
Changed-By: Paul Slootman <[email protected]>
Description:
rsync - fast, versatile, remote (and local) file-copying tool
Closes: 754412
Changes:
rsync (3.1.1-2) unstable; urgency=low
.
* hardening flags were not applied correctly, debian/rules modified thanks
to patch from Simon Ruderich.
closes:#754412
Checksums-Sha1:
1c6de0cd9e7058c66f70d314ac233ae98ec14c69 1036 rsync_3.1.1-2.dsc
708890622550abde3ab8fc9173d692c23324a242 20472 rsync_3.1.1-2.debian.tar.xz
455814f8d5fd56bfce0d5f4a75b4aa0683311dd5 387914 rsync_3.1.1-2_amd64.deb
Checksums-Sha256:
48f22cd5344702e9cd622745b89f0493c15eedfb1db869c16dbba5a121368d2a 1036
rsync_3.1.1-2.dsc
08b8bdb7c96ed5574057c14b98b02903f502f0efcf728af9aef96ce0644d7466 20472
rsync_3.1.1-2.debian.tar.xz
c2db233d924b52c20dbe7c0d367b50a85cd64f079259d6a4df5e25c6489b1603 387914
rsync_3.1.1-2_amd64.deb
Files:
60a515ffd51eacc3579f7b4dda90c1de 387914 net optional rsync_3.1.1-2_amd64.deb
c47ff552ba7f0f253595edc702e9371d 1036 net optional rsync_3.1.1-2.dsc
7890e5154eb661f85a03b79a700a4ca5 20472 net optional rsync_3.1.1-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlPl5AMACgkQutvvqbTW3hNGdQCfbGxfyfJZi38H5d3s7NkPOjyA
drkAnjqKivTo2AmRMWlVD+opdJdMnM0f
=D3L+
-----END PGP SIGNATURE-----
--- End Message ---
