Bug#671462: marked as done (libnova: CFLAGS hardening flags missing)

To: Maximiliano Curia <maxy@debian.org>
Subject: Bug#671462: marked as done (libnova: CFLAGS hardening flags missing)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 27 Oct 2016 10:27:03 +0000
Message-id: <[🔎] handler.671462.D671462.147756390918304.ackdone@bugs.debian.org>
References: <E1bzhru-00038v-9p@franck.debian.org> <20120504094823.GA14313@ruderich.org>

Your message dated Thu, 27 Oct 2016 10:25:06 +0000
with message-id <E1bzhru-00038v-9p@franck.debian.org>
and subject line Bug#671462: fixed in libnova 0.16-2
has caused the Debian Bug report #671462,
regarding libnova: CFLAGS hardening flags missing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
671462: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=671462
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libnova: CFLAGS hardening flags missing
From: Simon Ruderich <simon@ruderich.org>
Date: Fri, 4 May 2012 11:48:24 +0200
Message-id: <20120504094823.GA14313@ruderich.org>

Source: libnova
Version: 0.14.0-2
Severity: normal
Tags: patch

Dear Maintainer,

The CFLAGS hardening flags are missing because ./configure
overwrites them. For more hardening information please have a
look at [1], [2] and [3].

The attached patch fixes the issue, if possible it should be sent
to upstream.

To check if all flags were correctly enabled you can use
`hardening-check` from the hardening-includes package and check
the build log (for example with blhc [4]) (hardening-check
doesn't catch everything):

    $ hardening-check /usr/bin/libnovaconfig /usr/lib/x86_64-linux-gnu/libnova-0.14.so.0.0.0
    /usr/bin/libnovaconfig:
     Position Independent Executable: no, normal executable!
     Stack protected: no, not found!
     Fortify Source functions: yes
     Read-only relocations: yes
     Immediate binding: no not found!
    /usr/lib/x86_64-linux-gnu/libnova-0.14.so.0.0.0:
     Position Independent Executable: no, regular shared library (ignored)
     Stack protected: yes
     Fortify Source functions: yes (some protected functions found)
     Read-only relocations: yes
     Immediate binding: no not found!

(Position Independent Executable and Immediate binding is not
enabled by default.)

Use find -type f \( -executable -o -name \*.so\* \) -exec
hardening-check {} + on the build result to check all files.

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
[4]: http://ruderich.org/simon/blhc/
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

Description: Use CFLAGS from environment (dpkg-buildflags).
 Necessary for hardening flags.
Author: Simon Ruderich <simon@ruderich.org>
Last-Update: 2012-05-04

--- libnova-0.14.0.orig/configure.in
+++ libnova-0.14.0/configure.in
@@ -63,7 +63,7 @@ AC_CHECK_FUNCS([acosl])
 AC_CHECK_FUNCS([asinl])
 AC_CHECK_FUNCS([atan2l])
 
-CFLAGS=-Wall
+CFLAGS="$CFLAGS -Wall"
 
 # Checks for header files.
 AC_HEADER_STDC
--- libnova-0.14.0.orig/configure
+++ libnova-0.14.0/configure
@@ -12529,7 +12529,7 @@ fi
 done
 
 
-CFLAGS=-Wall
+CFLAGS="$CFLAGS -Wall"
 
 # Checks for header files.
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5

Attachment: signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

To: 671462-close@bugs.debian.org
Subject: Bug#671462: fixed in libnova 0.16-2
From: Maximiliano Curia <maxy@debian.org>
Date: Thu, 27 Oct 2016 10:25:06 +0000
Message-id: <E1bzhru-00038v-9p@franck.debian.org>

Source: libnova
Source-Version: 0.16-2

We believe that the bug you reported is fixed in the latest version of
libnova, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 671462@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Maximiliano Curia <maxy@debian.org> (supplier of updated libnova package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 27 Oct 2016 10:29:14 +0200
Source: libnova
Binary: libnova-0.16-0 libnova-dev
Architecture: source
Version: 0.16-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Krap Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Maximiliano Curia <maxy@debian.org>
Description:
 libnova-0.16-0 - celestial mechanics, astrometry and astrodynamics library
 libnova-dev - development files for libnova astronomical library
Closes: 671462 725775
Changes:
 libnova (0.16-2) unstable; urgency=medium
 .
   * Add new patch: Use-CFLAGS-from-environment.patch.
     Thanks to Simon Ruderich for the patch (Closes: 671462)
   * Update sid version (Closes: 725775)
Checksums-Sha1:
 6f368ef98ab6817d62cf9e7b852b2c170f1032b5 1955 libnova_0.16-2.dsc
 b2000c7511f55df8f772ce4c647168babaec03ee 4360 libnova_0.16-2.debian.tar.xz
Checksums-Sha256:
 d61907b62851bdf3efc24f00aa6e09cccfd2eb94297a63310772b84895c658a3 1955 libnova_0.16-2.dsc
 891bf75ad3f8e1964bd963363dd06e0844cf5e2612743facc36b8b29506350e7 4360 libnova_0.16-2.debian.tar.xz
Files:
 49ffeffae4fa7d3f176fcb8eee6df9f3 1955 libs optional libnova_0.16-2.dsc
 cd84e7b66d17e9ae1f0acfd1690458ae 4360 libs optional libnova_0.16-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYEb2CAAoJEMcZdpmymyMq8woP/1Cr6ouJaZMZLQTCdlX0ZKcO
mfxYvuZKk21pkyUEkPF/kTACZNCacy2f+v7VO8VwXxSlnuoatfi5zJc8a91bzNRB
1OVoqx3Pb3L7mjXeTYyTMBAJ5QCjllH3jbL/KktjK5LU1qAMjiI3b8bWvP61LvE3
fdX10RMotfK6X7Gw8/8h70le/PuqvgrSgzMibmB4+TzDne9/BsDQOWqvBtZCkVZn
c6kqKOOknxTaQ/yj2f76/W07kA6pmjn1dC0Zm2TnC12V5YPs8sJ1MOm/+LvlsC/p
60mtYDYP+zwUPbS46KlZcPsaQdzwbKabhY3+bryIKW1bqFt73XE+hi9Bx3DNWR4C
+o+K3KPx3DOsOsJP7LPk3/TfLVdeIj9r8/XK+lleXZMDDoeQcSAa/86MaoDeV6S7
d60gB51rurn7TdS9ett/YMrm+sVU/Veew0Vn0W9KIHcUUjUw2jL+LaMvgfGT7zA7
PMxYVoeeLZxurRtEOxGJD3pVU5DCJsAm/jvcVYqd957o7TawjTRKxKEUIg94kYE3
lW/4YJ6/EcLwLA/wkEbYiaWGZ7IdWeRcSHiKbGAI6DvM3UzNz++3E1JTU6MSMolS
utXCku03KHikcxmveOIc0SnAa1zchxFLXFUpXDfJE+EB1AUDyLltBM8iEgyUxRP7
5uWiTl3zK9nJ6kHi/UWy
=cCap
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Processing of libnova_0.16-2_source.changes
Next by Date: Bug#725775: marked as done (libnova: New upstream version (0.15.0))
Previous by thread: Processing of libnova_0.16-2_source.changes
Next by thread: Bug#725775: marked as done (libnova: New upstream version (0.15.0))
Index(es):
- Date
- Thread