Your message dated Sat, 13 Jun 2015 16:12:11 +0000 with message-id <e1z3o2v-0007db...@franck.debian.org> and subject line Bug#759751: fixed in libutempter 1.1.6-1 has caused the Debian Bug report #759751, regarding libutempter: Please enable hardening compiler flags to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 759751: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759751 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libutempter Version: 1.1.5-4 Severity: normal Tags: patch Hello, libutempter provides a setgid binary and therefore should enable all possible compiler hardening options. The attached patch enables compat=9 to automatically use hardening flags from dpkg-buildpackage. However the build system has a bug which drops compiler flags from the environment and therefore the second attached patch is also necessary. It should be sent upstream. Regards Simon -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9diff -Nru libutempter-1.1.5/debian/compat libutempter-1.1.5/debian/compat --- libutempter-1.1.5/debian/compat 2010-04-22 13:18:45.000000000 +0200 +++ libutempter-1.1.5/debian/compat 2014-08-30 00:57:19.000000000 +0200 @@ -1 +1 @@ -7 +9 diff -Nru libutempter-1.1.5/debian/rules libutempter-1.1.5/debian/rules --- libutempter-1.1.5/debian/rules 2010-04-22 13:28:17.000000000 +0200 +++ libutempter-1.1.5/debian/rules 2014-08-30 00:57:57.000000000 +0200 @@ -1,5 +1,7 @@ #!/usr/bin/make -f +export DEB_BUILD_MAINT_OPTIONS := hardening=+all + %: dh $@ --parallel --list-missingDescription: Use build flags from environment (dpkg-buildflags). Necessary for hardening flags. Author: Simon Ruderich <si...@ruderich.org> Last-Update: 2014-08-30 TODO: This patch should be sent upstream! Index: libutempter-1.1.5/Makefile =================================================================== --- libutempter-1.1.5.orig/Makefile +++ libutempter-1.1.5/Makefile @@ -40,8 +40,8 @@ WARNINGS = -W -Wall -Waggregate-return - -Wmissing-format-attribute -Wmissing-noreturn \ -Wmissing-prototypes -Wpointer-arith -Wredundant-decls \ -Wshadow -Wstrict-prototypes -Wwrite-strings -CPPFLAGS = -std=gnu99 $(WARNINGS) -DLIBEXECDIR=\"$(libexecdir)\" -CFLAGS = $(RPM_OPT_FLAGS) +CPPFLAGS := -std=gnu99 $(WARNINGS) -DLIBEXECDIR=\"$(libexecdir)\" $(CPPFLAGS) +CFLAGS := $(RPM_OPT_FLAGS) $(CFLAGS) LDLIBS = all: $(TARGETS) @@ -53,7 +53,7 @@ $(PROJECT): utempter.c $(LINK.c) -Wl,-z,now,-stats $(LDLIBS) $< $(OUTPUT_OPTION) $(SHAREDLIB): iface.os $(MAP) - $(LINK.o) -shared \ + $(LINK.o) $(LDFLAGS) -shared \ -Wl,-soname,$(SONAME),--version-script=$(MAP),-z,defs,-stats \ -lc $< $(OUTPUT_OPTION)signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: libutempter Source-Version: 1.1.6-1 We believe that the bug you reported is fixed in the latest version of libutempter, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 759...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Felix Geyer <fge...@debian.org> (supplier of updated libutempter package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 13 Jun 2015 16:56:04 +0200 Source: libutempter Binary: libutempter-dev libutempter0 Architecture: source Version: 1.1.6-1 Distribution: unstable Urgency: medium Maintainer: Debian Krap Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Felix Geyer <fge...@debian.org> Description: libutempter-dev - privileged helper for utmp/wtmp updates (development) libutempter0 - privileged helper for utmp/wtmp updates (runtime) Closes: 545184 698590 698858 747483 759751 Changes: libutempter (1.1.6-1) unstable; urgency=medium . * Team upload. * New upstream release. * Switch to debhelper compat level 9. - Exports build flags. * Don't overwrite build flags from the environment in the Makefile. - Add Add keep_env_build_flags.diff * Add a watch file, thanks to David Gilman. (Closes: #747483) * Add Vcs-* control fields. * Improve package descriptions. * Retire utempter system group. (Closes: #698858, #545184) - Make /usr/lib/utempter root:root owned. (Closes: #698590) * Bump Standards-Version to 3.9.6, no changes needed. * Enable hardening flags pie and bindnow. (Closes: #759751) - Add filter_pie_shared_lib.diff so the PIE flags are filtered when building the shared library. Checksums-Sha1: 3d095f9955eed03845671149ac35d9f76ffb40f8 1996 libutempter_1.1.6-1.dsc 1964279755290c4b576f2db0ed518e2b45a9ca53 15705 libutempter_1.1.6.orig.tar.bz2 f0d1010e206fc829b5fd76f60f4fdf81694a97d5 9228 libutempter_1.1.6-1.debian.tar.xz Checksums-Sha256: 841ab58ca4eb3ba2ade4ad1c1c9f30d087c4142bfea3a710b5ad88b32581a18b 1996 libutempter_1.1.6-1.dsc b898565f31ced7e5c1fa0a2eaa0f6ff0ed862b5fe375d26375b64bfbdfeac397 15705 libutempter_1.1.6.orig.tar.bz2 91f7330136aea42c843fd9386b7e6bba4ec888a921039565161c6a6ca5d05dbc 9228 libutempter_1.1.6-1.debian.tar.xz Files: e42f96162c4f21b3f762f7cdb2514099 1996 libs optional libutempter_1.1.6-1.dsc b43827806923903aba2bc7cd3a2d45b7 15705 libs optional libutempter_1.1.6.orig.tar.bz2 4baabda07b79f4f4e042fd25f689f5fd 9228 libs optional libutempter_1.1.6-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVfESaAAoJEP4ixv2DE11FxmwP/0QxZrFFE6n8dXkazXcUFwPp 2PPwaVvC1mZmhegbXi5P4ORb5dBsiJi9z80FJxsfnqAsmJru4uDobRepDuLjq5Nx B62HVEVJ/ddxq6pzvyHdc9MTNXzEKVf9WyitHOpNTlBYGgQw8DriXOPrl1GiCzsc Or0btzjdaVt7DXkNI2oEbrCYHISHC9txazgIXbbrCYqsFcQdqCNb2MGhBtcM8DTq TMqPM5z4wfSlSM+mj75cPUOpvN7RCgTpjBseWj7mtu+5mtN2zAaJwsHI7TBsi8xM ZvSDoa8EFe5hn/6BhwrtkZekVuw1t2r7TUGk9QRETXZwYCnsjA9zYN0YJ7cGofkb eNw1q1IQUYXVC7CvFbzXxgypfAOwaf/9bmGBcX+8K8SJ7t0flXvcHTmy3p5YdhAs Srfess8Fdq7sUxGvRz2iWIwFuXQYUJciveXmMAYfmQmXHes6eGok3GNG9mUxDNCf dwbyKluXXOs3FChMS593sjZeSWrkCigcFURF4tbEttzkrftJCzupIHZRQgTgaYGU NvyIiY+2u4LSWt861xhWX6pJcEaDyjjrLijMcHu3rNdtswR7+1sBBgkPVBdVKER3 CXB8SgsxksobBZMrtlDYfogBtggzC6Bbotb5HWQaooErQ6UfZjHys3Duel0uiiy4 comxOLjucYIymuWRzi3D =HsPx -----END PGP SIGNATURE-----
--- End Message ---