Bug#859413: marked as done (libhdf4 shouldn't disable PIE)

Mon, 03 Apr 2017 06:09:35 -0700 

Your message dated Mon, 03 Apr 2017 13:04:46 +0000
with message-id <[email protected]>
and subject line Bug#859413: fixed in libhdf4 4.2.12-2
has caused the Debian Bug report #859413,
regarding libhdf4 shouldn't disable PIE
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
859413: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859413
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: libhdf4
Version: 4.2.12-1
Severity: important
Tags: patch

With gcc in stretch defaulting to PIE, hardening=+all,-pie changed
semantics from "enable hardening but not PIE" to "enable all hardening
and explicitely disable the default PIE".
The latter is usually not intended.

For packages like libhdf4 that include static libraries the situation
is even worse, since non-PIE static libraries cannot be used with
the stretch gcc unless -no-pie is explicitly passed when linking.

The -pie in hardening flags was in some cases required in pre-stretch
releases to avoid build failures caused by (incorrectly) passing -fPIE
to the compiler when building shared libraries or plugins.
This problem does no longer exist.

Please apply the following patch:

--- debian/rules.old    2017-04-03 10:46:45.000000000 +0000
+++ debian/rules        2017-04-03 10:47:06.000000000 +0000
@@ -6,7 +6,7 @@
 #
 
 # Enable hardening build flags
-export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
 
 DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH)
 
@@ -24,9 +24,9 @@
 CXX  := g++
 LIBS := -ljpeg -lz -lm
 
-CFLAGS  = $(shell DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie dpkg-buildflags 
--get CFLAGS)
-CFLAGS += $(shell DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie dpkg-buildflags 
--get CPPFLAGS)
-LDFLAGS = $(shell DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie dpkg-buildflags 
--get LDFLAGS)
+CFLAGS  = $(shell DEB_BUILD_MAINT_OPTIONS=hardening=+all dpkg-buildflags --get 
CFLAGS)
+CFLAGS += $(shell DEB_BUILD_MAINT_OPTIONS=hardening=+all dpkg-buildflags --get 
CPPFLAGS)
+LDFLAGS = $(shell DEB_BUILD_MAINT_OPTIONS=hardening=+all dpkg-buildflags --get 
LDFLAGS)
 
 ifneq (,$(findstring verbose,$(DEB_BUILD_OPTIONS)))
    DH_VERBOSE=1

--- End Message ---
--- Begin Message --- 
Source: libhdf4
Source-Version: 4.2.12-2

We believe that the bug you reported is fixed in the latest version of
libhdf4, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bas Couwenberg <[email protected]> (supplier of updated libhdf4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 03 Apr 2017 14:28:06 +0200
Source: libhdf4
Binary: libhdf4-0 libhdf4-dev libhdf4g-dev libhdf4-0-alt libhdf4-alt-dev 
libhdf4-doc hdf4-tools
Architecture: source amd64 all
Version: 4.2.12-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GIS Project <[email protected]>
Changed-By: Bas Couwenberg <[email protected]>
Description:
 hdf4-tools - Hierarchical Data Format library -- runtime package
 libhdf4-0  - Hierarchical Data Format library (embedded NetCDF)
 libhdf4-0-alt - Hierarchical Data Format library (without NetCDF)
 libhdf4-alt-dev - Hierarchical Data Format development files (without NetCDF)
 libhdf4-dev - Hierarchical Data Format development files (embedded NetCDF)
 libhdf4-doc - Hierarchical Data Format library -- documentation
 libhdf4g-dev - Hierarchical Data Format library -- transitional development 
pack
Closes: 859413
Changes:
 libhdf4 (4.2.12-2) unstable; urgency=medium
 .
   * Team upload.
   * Enable PIE hardening flags.
     (closes: #859413)
   * Drop unused lintian overrides for hardening-no-pie.
Checksums-Sha1:
 b81bcaeb1609a4a7946f8918ffa02158b6059907 2389 libhdf4_4.2.12-2.dsc
 1a0b5443bee82f9a8353aa61182de3de166367f5 72556 libhdf4_4.2.12-2.debian.tar.xz
 cd92479f8bdd8f2ae74ff57768a8e8ed4b12fbe6 552428 
hdf4-tools-dbgsym_4.2.12-2_amd64.deb
 56c3b2adafcb9c26a13e515fce4db0f85ada1325 245184 hdf4-tools_4.2.12-2_amd64.deb
 deff70a258dd77d6a75beb90458cd2760a12344b 650564 
libhdf4-0-alt-dbgsym_4.2.12-2_amd64.deb
 70caee90cc118c4b49f6c8bd3f9211133a22a333 275754 
libhdf4-0-alt_4.2.12-2_amd64.deb
 eae4184e3af65d3a0af09c319bb29097c027c4c9 738386 
libhdf4-0-dbgsym_4.2.12-2_amd64.deb
 3c4eae5b829915dd57b18cb954e6c825340d35e4 311318 libhdf4-0_4.2.12-2_amd64.deb
 d92f283cce7a89b76751e236fc20dfbbb8c1090e 378492 
libhdf4-alt-dev_4.2.12-2_amd64.deb
 e426fa3938c1a5174e4d88a865f45605b131fbd6 425328 libhdf4-dev_4.2.12-2_amd64.deb
 57ad554988b875f317ffd5bb19f20390b7c3e0bc 68496 libhdf4-doc_4.2.12-2_all.deb
 749f4cc8fedfc0e8f9ea647e2c651fd366871683 7794 libhdf4_4.2.12-2_amd64.buildinfo
 37f3a0526bfca15753df854469168a2d1c200b22 14516 libhdf4g-dev_4.2.12-2_all.deb
Checksums-Sha256:
 4536424f294529244d8eaa4318502cb91b6f3d637cb6270d19baaac3df84cf8b 2389 
libhdf4_4.2.12-2.dsc
 66d4b695de4815e5e46e172f519dcbbe525000004cae126cb58216e16a35829d 72556 
libhdf4_4.2.12-2.debian.tar.xz
 a14efa2ef1c1aa58f6a87eaebca22de5d738dccc71fb51f0978090d0eace34ba 552428 
hdf4-tools-dbgsym_4.2.12-2_amd64.deb
 b5b53f02bf8a7bd5c7612a57e668df0386ef2a89ff086ad5a13dee6e4e247cbd 245184 
hdf4-tools_4.2.12-2_amd64.deb
 5bc6aa33c231dc6dd24da4d6973b4d4d7719fdecc56976f706e809fcb9f6a913 650564 
libhdf4-0-alt-dbgsym_4.2.12-2_amd64.deb
 b827e4cabfcfc6029943223632fe90a59d0d9cf1516fb10b3747199e1ce17ac9 275754 
libhdf4-0-alt_4.2.12-2_amd64.deb
 ed3edee3cb89faa2124457e61d9dab9b612bad054d150f8636502f35936214a0 738386 
libhdf4-0-dbgsym_4.2.12-2_amd64.deb
 70fa926a0abe512c353ca9e07b252c186801f9a98977130d49dd0446cb094de8 311318 
libhdf4-0_4.2.12-2_amd64.deb
 57a6ac8045b379dab1d7f7b5e46b37471d420b6682a49997e5c99fe353e8f82a 378492 
libhdf4-alt-dev_4.2.12-2_amd64.deb
 e66ad71f26746fe641335776f91fe07d6a254068bef7e03c73443333010df87a 425328 
libhdf4-dev_4.2.12-2_amd64.deb
 28429fdb5c8acf16ffc6aae8fdf47c3d09df8cd73740b4e1f5f3b1e074cec8ca 68496 
libhdf4-doc_4.2.12-2_all.deb
 09b1aa3b45b3eb6958bff7ec56a906d1f73e34ff3c4bd2ad7e41d638b747bc26 7794 
libhdf4_4.2.12-2_amd64.buildinfo
 7082f71226ceabc0b059f298f66944071a81e74c89653a221611ed4a4785751d 14516 
libhdf4g-dev_4.2.12-2_all.deb
Files:
 dbec950097d2c8e6ccb2620ab133e8b5 2389 graphics optional libhdf4_4.2.12-2.dsc
 1a98bb2af4ecaa323498119d40a15f59 72556 graphics optional 
libhdf4_4.2.12-2.debian.tar.xz
 a39e764688d06d3d3afe70407bd1a85c 552428 debug extra 
hdf4-tools-dbgsym_4.2.12-2_amd64.deb
 2d8216fe488e8fa545c31b01e604c5c5 245184 graphics optional 
hdf4-tools_4.2.12-2_amd64.deb
 a0e2163bc7825a37c96491da6f5e071d 650564 debug extra 
libhdf4-0-alt-dbgsym_4.2.12-2_amd64.deb
 ca8688d54fac514657f683c2664453f1 275754 libs extra 
libhdf4-0-alt_4.2.12-2_amd64.deb
 b3280513d1a2e0d66a1da51ffce566cd 738386 debug extra 
libhdf4-0-dbgsym_4.2.12-2_amd64.deb
 a3ab34988a2b7fce3de622afc38489f5 311318 libs optional 
libhdf4-0_4.2.12-2_amd64.deb
 c9bd12edc05e13870165d2969510c237 378492 libdevel extra 
libhdf4-alt-dev_4.2.12-2_amd64.deb
 1ca2da86d73f2c3baf8a0e8a486ed612 425328 libdevel optional 
libhdf4-dev_4.2.12-2_amd64.deb
 7785c831f4a139df17882f440a3794cb 68496 doc optional 
libhdf4-doc_4.2.12-2_all.deb
 5da3d2ba8fa45be19bb5df272a1492f4 7794 graphics optional 
libhdf4_4.2.12-2_amd64.buildinfo
 7b45dbc333296940095e0a3b8d8e0d00 14516 libdevel optional 
libhdf4g-dev_4.2.12-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJY4kMxAAoJEGdQ8QrojUrxrIEQALfWKiClqKHLTvsmn3hriO1R
BjNWMQljDsWYHG1m6LZ/wX9Pzf8LGYfdrSkgnIe3B7EdV+Nyxr+CjV5AT1K0k7oA
oE/CqQQkUunD9mVU4RrMDjUq4vF/epZIihPlG2StBat+MtWJB1boh6PkPhQ2A7BZ
4Kyty9RV4kdP9KtzzkcUN9GrWGNiitZyheTGvLnvMUPR8erE0TO+6vcLuFGTGSmP
La8rpnFexFuk3v6Uil/MURMYp6/x5L/cFntPzp/1IFQV90NpHysXy9+E47utjVsk
1c1TRcup3pjstppjdAI6bBCNQuhJ+GutgKadQIfDXqNSRh/5xjYmhemOPaHTiEK7
h557XO3PC037ovBm2SteEE3sd61nMcZFRd9s9swmDfc6ZaUx2c5I9GyGujaCduUg
/ecCQ9KbdGsHC3smesYDNLHb3WNDEA3lPdRYU0Lf7Xf31IDhe9O0yFcQG0r6Z4Rk
52HRAv5IUeRJN6sc3r3HxvjbGBvT6hRTtVsjDk7ve9ty8GTN4wOTcSaWgzNXOTFJ
3jsQqRFiCic8VPFsPAmpqn+YFX5koUc2TEl8y2p0p7BZWJ7888vOXWd8TqjKBJo8
jry4FHAP5Ka8Akq0zkyuvcu2nXJAigBEFMwCosAbQ6HDq8vXZXPOvcEYWsROiogF
51j9IbwDr4kKZTWhdL0Z
=xrrq
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to