Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package shadow 4.2-3. This version includes a fix (indeed a workaround) to enforce hardened builds, as the last binNMU apparently dropped them for some architectures (#770273 which I forgot to close in the changelog because the issue was indeed reported to me in private, I fixed it but then reported the bug). For the record, I made a quick check with the security team to get their input about the fix beign The Right Thing, given my personal low skills in such issues and Moritz ack'ed the fix to be correct (and suggested me to switch shadow to dh, which will probably be done post-jessie). diff -Nru shadow-4.2/debian/changelog shadow-4.2/debian/changelog --- shadow-4.2/debian/changelog 2014-05-04 19:50:31.000000000 +0200 +++ shadow-4.2/debian/changelog 2014-11-19 21:59:09.000000000 +0100 @@ -1,3 +1,12 @@ +shadow (1:4.2-3) unstable; urgency=low + + * Enforce hardened builds to workaround cdbs sometimes not building + with hardening flags as in 1:4.2-2+b1 + Thanks to Dr. Markus Waldeck for pointing the issue and Simon Ruderich + For providing a working patch. + + -- Christian Perrier <bubu...@debian.org> Wed, 19 Nov 2014 21:59:09 +0100 + shadow (1:4.2-2) unstable; urgency=low * The "Soumaintrain" release diff -Nru shadow-4.2/debian/control shadow-4.2/debian/control --- shadow-4.2/debian/control 2014-04-30 22:28:06.000000000 +0200 +++ shadow-4.2/debian/control 2014-11-19 21:49:09.000000000 +0100 @@ -5,6 +5,7 @@ Standards-Version: 3.9.5 Uploaders: Christian Perrier <bubu...@debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.franc...@centraliens.net> Build-Depends: dh-autoreconf, gettext, libpam0g-dev, debhelper (>= 6.0.7~), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [linux-any], libsemanage1-dev [linux-any], gnome-doc-utils (>= 0.4.3), bison, libaudit-dev [linux-any] + ,hardening-wrapper Vcs-Git: git://anonscm.debian.org/git/pkg-shadow/shadow.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-shadow/shadow.git;a=summary Homepage: http://pkg-shadow.alioth.debian.org/ diff -Nru shadow-4.2/debian/rules shadow-4.2/debian/rules --- shadow-4.2/debian/rules 2014-04-30 22:28:06.000000000 +0200 +++ shadow-4.2/debian/rules 2014-11-19 21:49:09.000000000 +0100 @@ -3,6 +3,8 @@ DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) +export DEB_BUILD_HARDENING=1 + # Enable PIE, BINDNOW, and possible future flags. export DEB_BUILD_MAINT_OPTIONS = hardening=+all unblock shadow/1:4.2-3 -- System Information: Debian Release: jessie/sid Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
