Your message dated Fri, 29 Jun 2012 10:47:52 +0000
with message-id <e1skyjw-0002w5...@franck.debian.org>
and subject line Bug#679481: fixed in ipsec-tools 1:0.8.0-13
has caused the Debian Bug report #679481,
regarding racoon: Root network daemon compiled without _FORTIFY_SOURCE
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
679481: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679481
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: racoon
Version: 1:0.8.0-12
Severity: serious
Dear Maintainer,
Racoon has a history of network vulnerabilities, running as root on the host.
It is concerning that it is compiled without all hardening options employed.
debian/rules has CFLAGS -D_FORTIFY_SOURCE=0, default debian comipile flags
are for this to be set to 2. This was apparently done to get a 0.8.0 beta
release to comile on i386/i486. Is this 0 setting needed any more?
The linitian warnings given are 'hardening-no-fortify-source' which indicates
the program is compiled with strcpy strcat et al, and strncpy, strncat not
being substituted.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages racoon depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.44
ii ipsec-tools 1:0.8.0-12
ii libc6 2.13-33
ii libcomerr2 1.42.4-3
ii libgssapi-krb5-2 1.10.1+dfsg-1
ii libk5crypto3 1.10.1+dfsg-1
ii libkrb5-3 1.10.1+dfsg-1
ii libldap-2.4-2 2.4.31-1
ii libpam0g 1.1.3-7.1
ii libssl1.0.0 1.0.1c-3
ii perl 5.14.2-12
racoon recommends no packages.
racoon suggests no packages.
-- Configuration Files:
/etc/racoon/psk.txt [Errno 13] Permission denied: u'/etc/racoon/psk.txt'
/etc/racoon/racoon-tool.conf changed [not included]
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: ipsec-tools
Source-Version: 1:0.8.0-13
We believe that the bug you reported is fixed in the latest version of
ipsec-tools, which is due to be installed in the Debian FTP archive:
ipsec-tools_0.8.0-13.debian.tar.gz
to main/i/ipsec-tools/ipsec-tools_0.8.0-13.debian.tar.gz
ipsec-tools_0.8.0-13.dsc
to main/i/ipsec-tools/ipsec-tools_0.8.0-13.dsc
ipsec-tools_0.8.0-13_amd64.deb
to main/i/ipsec-tools/ipsec-tools_0.8.0-13_amd64.deb
racoon_0.8.0-13_amd64.deb
to main/i/ipsec-tools/racoon_0.8.0-13_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 679...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthew Grant <matthewgra...@gmail.com> (supplier of updated ipsec-tools
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 29 Jun 2012 22:22:51 +1200
Source: ipsec-tools
Binary: ipsec-tools racoon
Architecture: source amd64
Version: 1:0.8.0-13
Distribution: unstable
Urgency: low
Maintainer: Matthew Grant <matthewgra...@gmail.com>
Changed-By: Matthew Grant <matthewgra...@gmail.com>
Description:
ipsec-tools - IPsec tools for Linux
racoon - IPsec IKE keying daemon
Closes: 679481 679483
Changes:
ipsec-tools (1:0.8.0-13) unstable; urgency=low
.
* Set CFLAGS _FORTIFY_SOURCE=2 cf 0 (Closes: #679481)
* Make peer_sertfile dnssec DNSSEC validate on linux (Closes: #679483)
Checksums-Sha1:
61cbcf9d70602fad2257edb8e249302c3f5ca192 2040 ipsec-tools_0.8.0-13.dsc
be99f726337839dab5085084070110311316ec40 66913
ipsec-tools_0.8.0-13.debian.tar.gz
35064748e89593914073dd0d820d01886c687c82 102388 ipsec-tools_0.8.0-13_amd64.deb
fc8697e289f9debc9661c05521b35e3d955f8815 450712 racoon_0.8.0-13_amd64.deb
Checksums-Sha256:
1e054e57fed9780f53f4d96f47c1265b7d343623b6c7de18e99fb2974bb2e1b0 2040
ipsec-tools_0.8.0-13.dsc
0803781e0310edcfcbc7879b775fa9b9672d489f7ffddd4371861d9cce51db7c 66913
ipsec-tools_0.8.0-13.debian.tar.gz
8413de2374199769b221014b5e853d53e67658652f38c703544d6a8b2d497dc4 102388
ipsec-tools_0.8.0-13_amd64.deb
19d421ca03fec0f0dd270d019364cb6e3a812221bf9730294d03956ab29efc01 450712
racoon_0.8.0-13_amd64.deb
Files:
47ff27b1434df35d736289a17124c501 2040 net extra ipsec-tools_0.8.0-13.dsc
af945fda54e04f401c013a862e022693 66913 net extra
ipsec-tools_0.8.0-13.debian.tar.gz
1b953ccb25b53080a0ad30b21225f02d 102388 net extra
ipsec-tools_0.8.0-13_amd64.deb
4bb53bfeb288d8161690482832e6a069 450712 net extra racoon_0.8.0-13_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJP7YNOAAoJELx+7lmFzmQ/qn8P/21iLmgysKMTDHs+Li+6oGjm
FrcSwDoQxXC+Fs0QEYi8wqOAc5370Z/79yNRAPzDJdzSwkf6qxPogUQslxhLZ80e
64tzocbYLr5OSAO9vCI2SbXAoyR9mcqm6TgNfUGoRYLHpfIfq4QWWyFU7ULyZM/c
kiBc8vyp25iSw4feRq/EKTVnoP0u987qVu26SYtIcgHpAw9fvIjIS8dPtcWkPb7y
0S3Y0wlKnf5brBkMw8gaieni4CHvSVxwi6Xy5W7yxGltwukebvnAQohmYckpr58Q
kaOUf6AM2w5SgFeH/f2lLWHp6WlarTyViyfN/TXOopIc019kHjiGcdxQWC5XIkDF
9arSfl+TnSo28KWmhRv6DZ35yHORZNbCsaR/4w4A7Cyu25PX1r6YZiiTi1XVTvZ4
/00UOp0bPpdmSQwHFNY8kyLsBTMMC++3VMd29Q+xKNbDVjWkp2bM0GbFbmkZ3h8d
afWMQ8gNneyVRHvLWz5OMcBMI0Aenjvj69ESL753CSJGk6AchGJQdhvW7tWQsHRZ
uSmt5Zl9PjyxUmMstE1j5uBdB/JMNziQ8dlwE+hzwxhtmxb5ySRaXroCdsGGyaSb
Dl0hPRQdJ04Uy+JV+CQBiRhHdRYB1//G4mfGgfO+o2FasPSexMkkZdbX0qRzgP60
6z4QqelD8nfgp6tmId2T
=bx4S
-----END PGP SIGNATURE-----
--- End Message ---
