Your message dated Fri, 18 May 2012 23:32:46 +0000
with message-id <[email protected]>
and subject line Bug#665278: fixed in gtkhtml4.0 4.4.2-1
has caused the Debian Bug report #665278,
regarding gtkhtml4.0: Hardening flags missing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
665278: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665278
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gtkhtml4.0
Version: 4.2.2-1
Severity: important
Tags: patch
Dear Maintainer,
The hardening flags are missing because CDBS can't use
DEB_*_MAINT_APPEND and DEB_BUILD_MAINT_OPTIONS directly but needs
buildflags.mk.
The following patch fixes that, it also uses +all to
automatically enable (possible) future hardening flags.
diff -Nru gtkhtml4.0-4.2.2/debian/rules gtkhtml4.0-4.2.2/debian/rules
--- gtkhtml4.0-4.2.2/debian/rules 2011-12-16 19:50:12.000000000 +0100
+++ gtkhtml4.0-4.2.2/debian/rules 2012-03-22 20:15:07.000000000 +0100
@@ -9,7 +9,10 @@
GNOME_MODULE := gtkhtml
export DEB_LDFLAGS_MAINT_APPEND=-Wl,-z,defs -Wl,--as-needed -Wl,-O1
-export DEB_BUILD_MAINT_OPTIONS=hardening=+pie,+bindnow
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+# CDBS only supports DEB_*_MAINT_APPEND and DEB_BUILD_MAINT_OPTIONS via
+# buildflags.mk.
+include /usr/share/dpkg/buildflags.mk
DEB_CONFIGURE_EXTRA_FLAGS += --enable-static
To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (hardening-check doesn't catch everything):
$ hardening-check /usr/lib/libgtkhtml-editor-4.0.so.0.0.0
/usr/lib/debug/usr/lib/libgtkhtml-4.0.so.0.0.0
/usr/lib/debug/usr/lib/libgtkhtml-editor-4.0.so.0.0.0
/usr/lib/libgtkhtml-4.0.so.0.0.0
/usr/lib/libgtkhtml-editor-4.0.so.0.0.0:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: unknown, no protectable libc functions used
Read-only relocations: yes
Immediate binding: yes
/usr/lib/debug/usr/lib/libgtkhtml-4.0.so.0.0.0:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: unknown, not linked against libc
Read-only relocations: yes
Immediate binding: no not found!
/usr/lib/debug/usr/lib/libgtkhtml-editor-4.0.so.0.0.0:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: unknown, not linked against libc
Read-only relocations: yes
Immediate binding: no not found!
/usr/lib/libgtkhtml-4.0.so.0.0.0:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes
(Position Independent Executable and Immediate binding is not
enabled by default.)
Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.
Regards,
Simon
[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: gtkhtml4.0
Source-Version: 4.4.2-1
We believe that the bug you reported is fixed in the latest version of
gtkhtml4.0, which is due to be installed in the Debian FTP archive:
gtkhtml4.0_4.4.2-1.debian.tar.gz
to main/g/gtkhtml4.0/gtkhtml4.0_4.4.2-1.debian.tar.gz
gtkhtml4.0_4.4.2-1.dsc
to main/g/gtkhtml4.0/gtkhtml4.0_4.4.2-1.dsc
gtkhtml4.0_4.4.2.orig.tar.xz
to main/g/gtkhtml4.0/gtkhtml4.0_4.4.2.orig.tar.xz
libgtkhtml-4.0-0_4.4.2-1_amd64.deb
to main/g/gtkhtml4.0/libgtkhtml-4.0-0_4.4.2-1_amd64.deb
libgtkhtml-4.0-common_4.4.2-1_all.deb
to main/g/gtkhtml4.0/libgtkhtml-4.0-common_4.4.2-1_all.deb
libgtkhtml-4.0-dbg_4.4.2-1_amd64.deb
to main/g/gtkhtml4.0/libgtkhtml-4.0-dbg_4.4.2-1_amd64.deb
libgtkhtml-4.0-dev_4.4.2-1_amd64.deb
to main/g/gtkhtml4.0/libgtkhtml-4.0-dev_4.4.2-1_amd64.deb
libgtkhtml-editor-4.0-0_4.4.2-1_amd64.deb
to main/g/gtkhtml4.0/libgtkhtml-editor-4.0-0_4.4.2-1_amd64.deb
libgtkhtml-editor-4.0-dev_4.4.2-1_amd64.deb
to main/g/gtkhtml4.0/libgtkhtml-editor-4.0-dev_4.4.2-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jordi Mallach <[email protected]> (supplier of updated gtkhtml4.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 14 May 2012 11:19:50 +0200
Source: gtkhtml4.0
Binary: libgtkhtml-4.0-0 libgtkhtml-4.0-dev libgtkhtml-4.0-dbg
libgtkhtml-editor-4.0-0 libgtkhtml-4.0-common libgtkhtml-editor-4.0-dev
Architecture: source all amd64
Version: 4.4.2-1
Distribution: experimental
Urgency: low
Maintainer: Debian Evolution Maintainers
<[email protected]>
Changed-By: Jordi Mallach <[email protected]>
Description:
libgtkhtml-4.0-0 - HTML rendering/editing library - runtime files
libgtkhtml-4.0-common - HTML rendering/editing library - common data
libgtkhtml-4.0-dbg - HTML rendering/editing library - debug files
libgtkhtml-4.0-dev - HTML rendering/editing library - development files
libgtkhtml-editor-4.0-0 - HTML rendering/editing library - editor widget
libgtkhtml-editor-4.0-dev - HTML rendering/editing library - editor widget
development files
Closes: 660942 665278
Changes:
gtkhtml4.0 (4.4.2-1) experimental; urgency=low
.
* New upstream release.
* Add myself to uploaders.
* Watch for .xz tarballs.
* Update Vcs-* fields.
* Drop 01_deprecated.patch: obsolete.
* Update Standards-Version to 3.9.3, with no changes needed.
* Bump shlibs.
* Enable all hardening flags, and include buildflags.mk so they are
actually parsed. Thanks, Simon Ruderich! Closes: #665278
* Add gsettings-desktop-schemas-dev to libgtkhtml-4.0-dev's
dependencies, as per .pc file. Thanks, Dmitrijs Ledkovs! Closes: #660942
* Strip leading debian/tmp/ from .install files.
* Replace manual dh_bugfiles call with a bump to cdbs (>= 0.4.90).
* Add --list-missing to dh_install call.
* Stop configuring with --enable-static and drop .a files.
* Drop dh-autoreconf, we don't need it anymore.
Checksums-Sha1:
e655008297dd6b9c5cc372d066baf27f23375e37 2273 gtkhtml4.0_4.4.2-1.dsc
d30eee15256cd04d22515bf14a64fe954a474b58 1082752 gtkhtml4.0_4.4.2.orig.tar.xz
2a0ce3fd92f6f1fd07a731f4872488338e80b440 12642 gtkhtml4.0_4.4.2-1.debian.tar.gz
0386507a9ada59d07611deb2eb771d38c2b263eb 602294
libgtkhtml-4.0-common_4.4.2-1_all.deb
961c3373b1b7e510ca9d1158600ba28733743b02 419522
libgtkhtml-4.0-0_4.4.2-1_amd64.deb
d6acd8614ba88306d2453d809da46d3d81f2256a 79196
libgtkhtml-4.0-dev_4.4.2-1_amd64.deb
7eca48831ae9628d53bbb9a88c98973d24512ebb 1619650
libgtkhtml-4.0-dbg_4.4.2-1_amd64.deb
1e6053de9f2ebfca70ce330ede4cccf16162933f 152158
libgtkhtml-editor-4.0-0_4.4.2-1_amd64.deb
0036f91faf881354b92dac02ffaee6a763514162 73278
libgtkhtml-editor-4.0-dev_4.4.2-1_amd64.deb
Checksums-Sha256:
7fb0455ad40eb765fde6b3e3b079051cf5cf7863a95e3792525fa56e3f57fe22 2273
gtkhtml4.0_4.4.2-1.dsc
96b0d561a697c0b85dbe0e6a0d220012765a3aa4f2a9e8ffddd520891094e694 1082752
gtkhtml4.0_4.4.2.orig.tar.xz
33ce2b83ea8833bbd7eecea65436cadf0f16c83b3b407947b2e68e0ea953c699 12642
gtkhtml4.0_4.4.2-1.debian.tar.gz
9df94470ecdb3213396c7d0b7490e8635b19b0e24eb9fdfa6d6e7483b4be54b3 602294
libgtkhtml-4.0-common_4.4.2-1_all.deb
a737751ddae62d4c2dbec0f90dd35c9f189721c913dc0e6cb6af0017ba078740 419522
libgtkhtml-4.0-0_4.4.2-1_amd64.deb
f36dc3b94f5cd9cc2055aee4406626f110947043e3d1c2b74233294a00fb2ef6 79196
libgtkhtml-4.0-dev_4.4.2-1_amd64.deb
b62f26d12f82b4b575eda72d547f3279e4de5294316e9cbeb8c52bf75e0914f8 1619650
libgtkhtml-4.0-dbg_4.4.2-1_amd64.deb
a345dc4dda2d9e55f25b75ff0c014dcd91cab000bc9f181d53d5be187c7af72f 152158
libgtkhtml-editor-4.0-0_4.4.2-1_amd64.deb
75c9265814ddf8369c8f3ac45facfb75121608d48bff30aaa74d6c9ae7a5e0fc 73278
libgtkhtml-editor-4.0-dev_4.4.2-1_amd64.deb
Files:
5b617cbedccc9e7b748ee65a8151ec28 2273 gnome optional gtkhtml4.0_4.4.2-1.dsc
a47f76ec473c69b27af642a0dd6658f7 1082752 gnome optional
gtkhtml4.0_4.4.2.orig.tar.xz
b0b8d621a3508e5ecae869aa5d74ba89 12642 gnome optional
gtkhtml4.0_4.4.2-1.debian.tar.gz
030f660759919c2f748543e5852686cb 602294 libs optional
libgtkhtml-4.0-common_4.4.2-1_all.deb
721209888591201db8eca92dd2edf869 419522 libs optional
libgtkhtml-4.0-0_4.4.2-1_amd64.deb
1ce5a66b59ce22daada32d570ec2a7ba 79196 libdevel optional
libgtkhtml-4.0-dev_4.4.2-1_amd64.deb
63d07f2c1af624e4b15335d030e22410 1619650 debug extra
libgtkhtml-4.0-dbg_4.4.2-1_amd64.deb
0fa24a22c5dde256f9cf35754cd0224c 152158 libs optional
libgtkhtml-editor-4.0-0_4.4.2-1_amd64.deb
ba107378e5c48f6eedcf27b716be69c9 73278 libdevel extra
libgtkhtml-editor-4.0-dev_4.4.2-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk+22SIACgkQJYSUupF6Il5VxgCeMMebfnEg65LPzKoUyRrACN9R
jbgAoKhfYVsHnviEncC8SZrE/i3sVLz/
=b34i
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-evolution-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-evolution-maintainers
