Your message dated Sat, 02 Jun 2012 19:51:40 +0000 with message-id <E1SauMO-0001aL-4R@franck.debian.org> and subject line Bug#669183: fixed in pkg-kde-tools 0.15.0 has caused the Debian Bug report #669183, regarding pkg-kde-tools: LDFLAGS hardening flags overwritten when using variables.mk to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 669183: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669183 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: pkg-kde-tools: LDFLAGS hardening flags overwritten when using variables.mk
- From: Simon Ruderich <simon@ruderich.org>
- Date: Wed, 18 Apr 2012 02:13:00 +0200
- Message-id: <20120418001300.GA16945@ruderich.org>
Package: pkg-kde-tools Version: 0.14.3 Severity: normal Tags: patch Dear Maintainer, The LDFLAGS hardening flags are missing when a package includes variables.mk. For more hardening information please have a look at [1], [2] and [3]. The attached patch fixes the issue. It also updates README.Debian to prevent the overwrite of hardening flags and adds CPPFLAGS to CFLAGS which are otherwise ignored by cmake. I found no way to enable DEB_KDE_LINK_WITH_AS_NEEDED without including variables.mk. But for compat=9 there is another simple way. Just add this at the top of debian/rules: export DEB_LDFLAGS_MAINT_APPEND = -Wl,--no-undefined -Wl,--as-needed Works fine for all build systems which respect LDFLAGS and is documented in dpkg-buildflags(1). Maybe you could add that to README.Debian as well. Regards, Simon [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags [2]: https://wiki.debian.org/HardeningWalkthrough [3]: https://wiki.debian.org/Hardening -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9diff -Nru pkg-kde-tools-0.14.3/debian/README.Debian pkg-kde-tools-0.14.3.1~debhelper1/debian/README.Debian --- pkg-kde-tools-0.14.3/debian/README.Debian 2011-04-25 09:39:21.000000000 +0200 +++ pkg-kde-tools-0.14.3.1~debhelper1/debian/README.Debian 2012-04-18 01:52:47.000000000 +0200 @@ -68,9 +68,9 @@ mkdir -p builddir cd builddir && cmake .. \ -DCMAKE_INSTALL_PREFIX=/usr \ - -DCMAKE_C_FLAGS="$(CFLAGS)" \ - -DCMAKE_LD_FLAGS="-Wl,-z,defs" \ - -DCMAKE_CXX_FLAGS="$(CXXFLAGS)" \ + -DCMAKE_C_FLAGS="$(CPPFLAGS) $(CFLAGS)" \ + -DCMAKE_LD_FLAGS="$(LDFLAGS) -Wl,-z,defs" \ + -DCMAKE_CXX_FLAGS="$(CPPFLAGS) $(CXXFLAGS)" \ -DCMAKE_SKIP_RPATH=ON \ -DCMAKE_VERBOSE_MAKEFILE=ON \ $(DEB_CMAKE_KDE4_FLAGS) diff -Nru pkg-kde-tools-0.14.3/makefiles/1/variables.mk pkg-kde-tools-0.14.3.1~debhelper1/makefiles/1/variables.mk --- pkg-kde-tools-0.14.3/makefiles/1/variables.mk 2011-03-27 14:13:44.000000000 +0200 +++ pkg-kde-tools-0.14.3.1~debhelper1/makefiles/1/variables.mk 2012-04-18 01:52:01.000000000 +0200 @@ -47,7 +47,7 @@ ifneq (,$(DEB_KDE_LINKER_FLAGS)) DEB_CMAKE_CUSTOM_FLAGS += \ - -DCMAKE_SHARED_LINKER_FLAGS="$(DEB_KDE_LINKER_FLAGS)" \ - -DCMAKE_MODULE_LINKER_FLAGS="$(DEB_KDE_LINKER_FLAGS)" \ - -DCMAKE_EXE_LINKER_FLAGS="$(DEB_KDE_LINKER_FLAGS)" + -DCMAKE_SHARED_LINKER_FLAGS="$(LDFLAGS) $(DEB_KDE_LINKER_FLAGS)" \ + -DCMAKE_MODULE_LINKER_FLAGS="$(LDFLAGS) $(DEB_KDE_LINKER_FLAGS)" \ + -DCMAKE_EXE_LINKER_FLAGS="$(LDFLAGS) $(DEB_KDE_LINKER_FLAGS)" endifAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: 669183-close@bugs.debian.org
- Subject: Bug#669183: fixed in pkg-kde-tools 0.15.0
- From: Modestas Vainius <modax@debian.org>
- Date: Sat, 02 Jun 2012 19:51:40 +0000
- Message-id: <E1SauMO-0001aL-4R@franck.debian.org>
Source: pkg-kde-tools Source-Version: 0.15.0 We believe that the bug you reported is fixed in the latest version of pkg-kde-tools, which is due to be installed in the Debian FTP archive: libdlrestrictions-dev_0.15.0_amd64.deb to main/p/pkg-kde-tools/libdlrestrictions-dev_0.15.0_amd64.deb libdlrestrictions1_0.15.0_amd64.deb to main/p/pkg-kde-tools/libdlrestrictions1_0.15.0_amd64.deb pkg-kde-tools_0.15.0.dsc to main/p/pkg-kde-tools/pkg-kde-tools_0.15.0.dsc pkg-kde-tools_0.15.0.tar.bz2 to main/p/pkg-kde-tools/pkg-kde-tools_0.15.0.tar.bz2 pkg-kde-tools_0.15.0_all.deb to main/p/pkg-kde-tools/pkg-kde-tools_0.15.0_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 669183@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Modestas Vainius <modax@debian.org> (supplier of updated pkg-kde-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 02 Jun 2012 21:45:25 +0300 Source: pkg-kde-tools Binary: pkg-kde-tools libdlrestrictions1 libdlrestrictions-dev Architecture: source all amd64 Version: 0.15.0 Distribution: unstable Urgency: low Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Modestas Vainius <modax@debian.org> Description: libdlrestrictions-dev - development files for the DLRestrictions library libdlrestrictions1 - library that implements library compatibility checks for dlopen() pkg-kde-tools - various packaging tools and scripts for KDE Applications Closes: 657806 669183 Changes: pkg-kde-tools (0.15.0) unstable; urgency=low . * Team upload. . [ Modestas Vainius ] * Bump Standards-Version to 3.9.3: no changes needed. * Install pkgkde-git as an alias for pkgkde-vcs with VCS type forced to git. * Implement pkgkde-git clone and update-config subcommands. * Make variables.mk respect LDFLAGS from environment. Thanks to Simon Ruderich for the patch. (Closes: #669183) * pkgkde-symbolshelper: output covariant return trunks with c++ tag since the symbol name contains an arch-specific offset. (Closes: #657806) . [ José Manuel Santamaría Lema ] * Add a workaround for cmake bug #653916 (cmake ignores CPPFLAGS) in qt-kde-team/2/dhmk.mk. Checksums-Sha1: 94de29d88a80ad36f136dc2aa0f84978ad12465a 1198 pkg-kde-tools_0.15.0.dsc cceebfe23dcd27d235b54dae91d2e97ebb478999 101909 pkg-kde-tools_0.15.0.tar.bz2 c5e46484d4fe0a56765aba4bbde73e23fe168272 107846 pkg-kde-tools_0.15.0_all.deb ec18eba170da032302ee268a99c6989839c0ba8b 20378 libdlrestrictions1_0.15.0_amd64.deb 74f00045ad49c722526a2bc51401deb0115dd501 16466 libdlrestrictions-dev_0.15.0_amd64.deb Checksums-Sha256: 4d07cf1cf3915ccbbb179e9fbe18fd7f13e585cc2b4858241b9500dfaebe5351 1198 pkg-kde-tools_0.15.0.dsc 6de07e91fd759e7b704cd9a55726df4ee1db1ccce5f056fb8acfb6ef927ceb42 101909 pkg-kde-tools_0.15.0.tar.bz2 6e613e8db61c7e0ffc06a5a8d4e190ae8a5a6c3728c0df85cebaa219c0d45768 107846 pkg-kde-tools_0.15.0_all.deb d6dbcf57d63a79342877a6d0399b9e36798f3a68dfcd81d377c3d7a4301d6d2d 20378 libdlrestrictions1_0.15.0_amd64.deb dbe707e1ce4d1d63697eb1cfbc3e15ff8160c8159896e5ae5624d6c0d6eb9800 16466 libdlrestrictions-dev_0.15.0_amd64.deb Files: c4b998113cac54faed0117f8b54dea2d 1198 devel extra pkg-kde-tools_0.15.0.dsc 81306b8da09d85e826f13222f4b27ebe 101909 devel extra pkg-kde-tools_0.15.0.tar.bz2 c187b66a9568d134682f323293d6bfd5 107846 devel extra pkg-kde-tools_0.15.0_all.deb ba0c567e8449eee7f2586c806c5d1d68 20378 libs extra libdlrestrictions1_0.15.0_amd64.deb d774ef3f7a7b6712340417ceaabc7a34 16466 libdevel extra libdlrestrictions-dev_0.15.0_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk/Ka2AACgkQHO9JRnPq4hS7AwCeIrJR6zZ/hKV0rrfuPmw3/OP+ oU8AoOMGhK7ys1uPPs+tj6tp8Azc681l =BzlJ -----END PGP SIGNATURE-----
--- End Message ---