Your message dated Tue, 05 Nov 2013 21:19:45 +0000 with message-id <[email protected]> and subject line Bug#663524: fixed in ktorrent 4.3.1-2 has caused the Debian Bug report #663524, regarding ktorrent: CPPFLAGS hardening flags missing to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 663524: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663524 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: ktorrent Version: 4.2.0-1 Severity: important Tags: patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear Maintainer, The CPPFLAGS hardening flags are missing because CMake ignores them by default. The following patch fixes the issue by adding them to CFLAGS/CXXFLAGS. For more hardening information please have a look at [1], [2] and [3]. diff -Nru ktorrent-4.2.0/debian/rules ktorrent-4.2.0/debian/rules --- ktorrent-4.2.0/debian/rules 2012-03-10 22:04:39.000000000 +0100 +++ ktorrent-4.2.0/debian/rules 2012-03-12 00:36:29.000000000 +0100 @@ -1,5 +1,10 @@ #!/usr/bin/make -f +# CMake doesn't use CPPFLAGS, pass them to CFLAGS/CXXFLAGS to enable the +# missing (hardening) flags. +export DEB_CFLAGS_MAINT_APPEND = $(shell dpkg-buildflags --get CPPFLAGS) +export DEB_CXXFLAGS_MAINT_APPEND = $(shell dpkg-buildflags --get CPPFLAGS) + #DEB_KDE_LINK_WITH_AS_NEEDED := yes override_dh_auto_configure: To check if all flags were correctly enabled you can use `hardening-check` from the hardening-includes package and check the build log (hardening-check doesn't catch everything): $ hardening-check /usr/bin/ktupnptest /usr/bin/ktorrent /usr/bin/ktmagnetdownloader ... /usr/bin/ktupnptest: Position Independent Executable: no, normal executable! Stack protected: no, not found! Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no not found! /usr/bin/ktorrent: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no not found! /usr/bin/ktmagnetdownloader: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no not found! ... (Position Independent Executable and Immediate binding is not enabled by default.) Use find -type f \( -executable -o -name \*.so\* \) -exec hardening-check {} + on the build result to check all files. Regards, Simon [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags [2]: https://wiki.debian.org/HardeningWalkthrough [3]: https://wiki.debian.org/Hardening - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPXTeIAAoJEJL+/bfkTDL58U4P/jy8Unvmsn3OivuICxI5H6P1 2z6llYfn3NsG9Jsd4IA574rzlced6/XU6RURJwXv+diXyZBnPNoW1aMj9P6tkO/V mp7KfZxkWaY9S/KklR+Lw/smP+VlaxK14VBNJQoas7LucxAHQHT2OHFk+zHPQu3Y NFB3/qJ6EoauQiaEqTbNXJi2luFTXeqFeWV7WB9r7kFawUA4kT+pcf+HlKFZZ4WG QXekKzNsoEEf3IhBd+EOC0Q4JZmASvAhqtasoZmw71KnVypP50m+9/cbKNIloP+Y 4IdGXsuqaMEnLKaLM0+UIsZoKLklO6awEvmDpgefzoI/ttHO2iKiwp4ns9XaZwt5 01gFQCsXM+iXgC4wjMQ7JkY/ZfMDDxYuS4q21AoPp0+La9ow690KKQmL3EV3yyUI HyFHKVIaUfSRl59LgP4w88mSwZMmjY5DAYc1LT0g9hxJlmzQVOtXttaP05zEFKIx JVuOcM6fdewwGkss361pyRa1ox9VUS6Sy7x3yej3d3E02j181xz0A3fJq2wIcnRi wOtkr4E6NslQqTFyTE9QNFSTBHgfvTHkWmXYriJnryGDctolxSKBFhbCE2iglxM/ BIwbBgoAMBIGWCsalSw6LDsenDS11FA/tWN6qhUTg4xzryWm1C5tzSxh8pYNuVOC WOohdkjSf4IYK6vo/cnt =cbfg -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: ktorrent Source-Version: 4.3.1-2 We believe that the bug you reported is fixed in the latest version of ktorrent, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Modestas Vainius <[email protected]> (supplier of updated ktorrent package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 05 Nov 2013 21:27:06 +0200 Source: ktorrent Binary: ktorrent ktorrent-data plasma-widget-ktorrent ktorrent-dbg Architecture: source amd64 all Version: 4.3.1-2 Distribution: unstable Urgency: low Maintainer: Debian KDE Extras Team <[email protected]> Changed-By: Modestas Vainius <[email protected]> Description: ktorrent - BitTorrent client based on the KDE platform ktorrent-data - KTorrent data and other architecture independent files ktorrent-dbg - KTorrent debugging symbols plasma-widget-ktorrent - KTorrent Plasma widget Closes: 663524 717010 721049 722628 Changes: ktorrent (4.3.1-2) unstable; urgency=low . * Do not build tests like before KDE 4.10. Fixes FTBFS (Closes: #722628) * Do not link with deprecated kutils library. (Closes: #717010) Patch: dont_link_with_kutils.patch * Build with hardening flags. (Closes: #663524) * Bump Standards-Version to 3.9.5: no further changes needed. * Update Vcs URLs to canonical ones. * Upload to unstable. (Closes: #721049) * Disable KIO Magnet. It is considered obsolete (and might be buggy). * Require nepomuk-core-dev for KDE 4.9 or above (requirement of kdepimlibs). Checksums-Sha1: 6197999d0fa70d432b1091e3b703a0a57e57036e 1826 ktorrent_4.3.1-2.dsc 43b56c9e424eacbde1c06a81829b2f72f36454a4 27653 ktorrent_4.3.1-2.debian.tar.gz 0b66f7d9dc69db492edc721a414be32b9a75063d 993978 ktorrent_4.3.1-2_amd64.deb 82e57c9fa11bad6501463773a0f61e1f8913b9a0 1487972 ktorrent-data_4.3.1-2_all.deb 4eec397531ba824a464d1ac4f9e7654f43216166 85322 plasma-widget-ktorrent_4.3.1-2_amd64.deb a321391ef20d6550d2294d6c31006ef9d757f491 17590698 ktorrent-dbg_4.3.1-2_amd64.deb Checksums-Sha256: f8ff0a2a9bffb22bec9be8d80aa81f0b0bf5d89f756fc4ff42783e56b56cd125 1826 ktorrent_4.3.1-2.dsc 84841c164dfbe4e0b3b1c6485e428a6aea5fcbf4e3edb3014cc1c09efa29b7a7 27653 ktorrent_4.3.1-2.debian.tar.gz d7296ecab10a995ed91ff4015bc579a7044170c66ae96a7341a4c87d06dab9d1 993978 ktorrent_4.3.1-2_amd64.deb 4da95ae07dd984208911965f0d8e4af4a64f370a7ca7e6823f44e9f7b36fbd63 1487972 ktorrent-data_4.3.1-2_all.deb d31698cc208a0e93aa52b95e9dac46ee1cc7b27a675944c8565be3a785ceb9d2 85322 plasma-widget-ktorrent_4.3.1-2_amd64.deb 31a626b9eec3574bac8e7b437962b0b7c6f1933eda8812108280ccf240c9100b 17590698 ktorrent-dbg_4.3.1-2_amd64.deb Files: 3ce7fa00a2d6982f3f6ba5acd668b87a 1826 net optional ktorrent_4.3.1-2.dsc 4d67e0b82281f9c796a28bc458953a8c 27653 net optional ktorrent_4.3.1-2.debian.tar.gz 40868f491f56936a22f8e692d7b8fd2a 993978 net optional ktorrent_4.3.1-2_amd64.deb 1ceef151d3b00bf949e27e737163be20 1487972 net optional ktorrent-data_4.3.1-2_all.deb c12fcc5699b47e901874ec3fc321c218 85322 kde optional plasma-widget-ktorrent_4.3.1-2_amd64.deb ab83b4da6c168c1d2e6c81e4dd9dc11c 17590698 debug extra ktorrent-dbg_4.3.1-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iEYEARECAAYFAlJ5TooACgkQHO9JRnPq4hTQvQCfb6o+6NWplHkZGmxEwMTPkaMw XB4An0/OBevsOK1vrdhIHGZSfjQyuSG0 =i+T+ -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ pkg-kde-extras mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
