--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package shadow 4.2-3. This version includes a fix
(indeed a workaround) to enforce hardened builds, as the last binNMU
apparently dropped them for some architectures (#770273 which I forgot
to close in the changelog because the issue was indeed reported to me
in private, I fixed it but then reported the bug).
For the record, I made a quick check with the security team to get
their input about the fix beign The Right Thing, given my personal low
skills in such issues and Moritz ack'ed the fix to be correct (and
suggested me to switch shadow to dh, which will probably be done
post-jessie).
diff -Nru shadow-4.2/debian/changelog shadow-4.2/debian/changelog
--- shadow-4.2/debian/changelog 2014-05-04 19:50:31.000000000 +0200
+++ shadow-4.2/debian/changelog 2014-11-19 21:59:09.000000000 +0100
@@ -1,3 +1,12 @@
+shadow (1:4.2-3) unstable; urgency=low
+
+ * Enforce hardened builds to workaround cdbs sometimes not building
+ with hardening flags as in 1:4.2-2+b1
+ Thanks to Dr. Markus Waldeck for pointing the issue and Simon Ruderich
+ For providing a working patch.
+
+ -- Christian Perrier <bubulle@debian.org> Wed, 19 Nov 2014 21:59:09 +0100
+
shadow (1:4.2-2) unstable; urgency=low
* The "Soumaintrain" release
diff -Nru shadow-4.2/debian/control shadow-4.2/debian/control
--- shadow-4.2/debian/control 2014-04-30 22:28:06.000000000 +0200
+++ shadow-4.2/debian/control 2014-11-19 21:49:09.000000000 +0100
@@ -5,6 +5,7 @@
Standards-Version: 3.9.5
Uploaders: Christian Perrier <bubulle@debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>
Build-Depends: dh-autoreconf, gettext, libpam0g-dev, debhelper (>= 6.0.7~), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [linux-any], libsemanage1-dev [linux-any], gnome-doc-utils (>= 0.4.3), bison, libaudit-dev [linux-any]
+ ,hardening-wrapper
Vcs-Git: git://anonscm.debian.org/git/pkg-shadow/shadow.git
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-shadow/shadow.git;a=summary
Homepage: http://pkg-shadow.alioth.debian.org/
diff -Nru shadow-4.2/debian/rules shadow-4.2/debian/rules
--- shadow-4.2/debian/rules 2014-04-30 22:28:06.000000000 +0200
+++ shadow-4.2/debian/rules 2014-11-19 21:49:09.000000000 +0100
@@ -3,6 +3,8 @@
DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
+export DEB_BUILD_HARDENING=1
+
# Enable PIE, BINDNOW, and possible future flags.
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
unblock shadow/1:4.2-3
-- System Information:
Debian Release: jessie/sid
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
On 2014-11-21 07:21, Christian Perrier wrote:
Please unblock package shadow 4.2-3. This version includes a fix
(indeed a workaround) to enforce hardened builds, as the last binNMU
apparently dropped them for some architectures (#770273 which I forgot
to close in the changelog because the issue was indeed reported to me
in private, I fixed it but then reported the bug).
For the record, I made a quick check with the security team to get
their input about the fix beign The Right Thing, given my personal low
skills in such issues and Moritz ack'ed the fix to be correct (and
suggested me to switch shadow to dh, which will probably be done
post-jessie).
Looks good to me. Unblocked.
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
<directhex> i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits
--- End Message ---