Bug#658929: marked as done (Please enable hardened build flags)

[Debian Bug Tracking System]

Your message dated Mon, 05 Mar 2012 19:38:21 +0000
with message-id <e1s4djh-0007rw...@franck.debian.org>
and subject line Bug#658929: fixed in libav 4:0.8-2
has caused the Debian Bug report #658929,
regarding Please enable hardened build flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
658929: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658929
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: libav
Severity: important
Tags: patch

Please enable hardened build flags through dpkg-buildflags.

Patch attached. The format string checks detect a missing
format string in libavcodec/srtdec.c, please contact upstream
for that.

Cheers,
        Moritz

diff -aur libav-0.8.harden/debian/rules libav-0.8/debian/rules
--- libav-0.8.harden/debian/rules	2012-01-22 21:29:39.000000000 +0100
+++ libav-0.8/debian/rules	2012-02-02 23:40:43.000000000 +0100
@@ -26,8 +26,10 @@
 
 $(info FLAVORS = $(FLAVORS))
 $(info DEB_BUILD_OPTIONS = $(DEB_BUILD_OPTIONS))
-$(info CFLAGS = $(CFLAGS))
-$(info LDFLAGS = $(LDFLAGS))
+
+CFLAGS = `dpkg-buildflags --get CFLAGS`
+CFLAGS += `dpkg-buildflags --get CPPFLAGS`
+LDFLAGS = `dpkg-buildflags --get LDFLAGS`
 
 define dh_install_file_opt_flavor
 	  grep @DEB_HOST_MULTIARCH_OPT@ < $(1).in | \
Nur in libav-0.8/debian: rules~.

--- End Message ---

--- Begin Message ---

Source: libav
Source-Version: 4:0.8-2

We believe that the bug you reported is fixed in the latest version of
libav, which is due to be installed in the Debian FTP archive:

ffmpeg-dbg_0.8-2_amd64.deb
  to main/liba/libav/ffmpeg-dbg_0.8-2_amd64.deb
ffmpeg-doc_0.8-2_all.deb
  to main/liba/libav/ffmpeg-doc_0.8-2_all.deb
ffmpeg_0.8-2_all.deb
  to main/liba/libav/ffmpeg_0.8-2_all.deb
libav-dbg_0.8-2_amd64.deb
  to main/liba/libav/libav-dbg_0.8-2_amd64.deb
libav-doc_0.8-2_all.deb
  to main/liba/libav/libav-doc_0.8-2_all.deb
libav-source_0.8-2_all.deb
  to main/liba/libav/libav-source_0.8-2_all.deb
libav-tools_0.8-2_amd64.deb
  to main/liba/libav/libav-tools_0.8-2_amd64.deb
libav_0.8-2.debian.tar.gz
  to main/liba/libav/libav_0.8-2.debian.tar.gz
libav_0.8-2.dsc
  to main/liba/libav/libav_0.8-2.dsc
libavcodec-dev_0.8-2_amd64.deb
  to main/liba/libav/libavcodec-dev_0.8-2_amd64.deb
libavcodec53_0.8-2_amd64.deb
  to main/liba/libav/libavcodec53_0.8-2_amd64.deb
libavdevice-dev_0.8-2_amd64.deb
  to main/liba/libav/libavdevice-dev_0.8-2_amd64.deb
libavdevice53_0.8-2_amd64.deb
  to main/liba/libav/libavdevice53_0.8-2_amd64.deb
libavfilter-dev_0.8-2_amd64.deb
  to main/liba/libav/libavfilter-dev_0.8-2_amd64.deb
libavfilter2_0.8-2_amd64.deb
  to main/liba/libav/libavfilter2_0.8-2_amd64.deb
libavformat-dev_0.8-2_amd64.deb
  to main/liba/libav/libavformat-dev_0.8-2_amd64.deb
libavformat53_0.8-2_amd64.deb
  to main/liba/libav/libavformat53_0.8-2_amd64.deb
libavutil-dev_0.8-2_amd64.deb
  to main/liba/libav/libavutil-dev_0.8-2_amd64.deb
libavutil51_0.8-2_amd64.deb
  to main/liba/libav/libavutil51_0.8-2_amd64.deb
libpostproc-dev_0.8-2_amd64.deb
  to main/liba/libav/libpostproc-dev_0.8-2_amd64.deb
libpostproc52_0.8-2_amd64.deb
  to main/liba/libav/libpostproc52_0.8-2_amd64.deb
libswscale-dev_0.8-2_amd64.deb
  to main/liba/libav/libswscale-dev_0.8-2_amd64.deb
libswscale2_0.8-2_amd64.deb
  to main/liba/libav/libswscale2_0.8-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 658...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siret...@tauware.de> (supplier of updated libav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 05 Mar 2012 19:47:54 +0100
Source: libav
Binary: libav-tools ffmpeg ffmpeg-dbg libav-dbg libav-source ffmpeg-doc 
libav-doc libavutil51 libavcodec53 libavdevice53 libavformat53 libavfilter2 
libpostproc52 libswscale2 libavutil-dev libavcodec-dev libavdevice-dev 
libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev
Architecture: source amd64 all
Version: 4:0.8-2
Distribution: unstable
Urgency: low
Maintainer: Reinhard Tartler <siret...@debian.org>
Changed-By: Reinhard Tartler <siret...@tauware.de>
Description: 
 ffmpeg     - Multimedia player, server, encoder and transcoder (transitional p
 ffmpeg-dbg - Debug symbols for Libav related packages (transitional package)
 ffmpeg-doc - Documentation of the Libav API (transitional package)
 libav-dbg  - Debug symbols for Libav related packages
 libav-doc  - Documentation of the Libav API
 libav-source - Patched Libav sources
 libav-tools - Multimedia player, server, encoder and transcoder
 libavcodec-dev - Development files for libavcodec
 libavcodec53 - Libav codec library
 libavdevice-dev - Development files for libavdevice
 libavdevice53 - Libav device handling library
 libavfilter-dev - Development files for libavfilter
 libavfilter2 - Libav video filtering library
 libavformat-dev - Development files for libavformat
 libavformat53 - Libav file format library
 libavutil-dev - Development files for libavutil
 libavutil51 - Libav utility library
 libpostproc-dev - Development files for libpostproc
 libpostproc52 - Libav video postprocessing library
 libswscale-dev - Development files for libswscale
 libswscale2 - Libav video scaling library
Closes: 658929 660978
Changes: 
 libav (4:0.8-2) unstable; urgency=low
 .
   [ Reinhard Tartler ]
   * confflags: use --enable-pic instead of manually messing with cflags
   * Import post 0.8 patches
   * Bugfix: expects wrong preset file extension (Closes: #660978)
     Thanks to Laurento <laurento.fritte...@gmail.com> for spotting this.
 .
   [ Alessio Treglia ]
   * Fix maintainer's name.
 .
   [ Fabian Greffrath ]
   * Enable hardened build flags through dpkg-buildflags (Closes: #658929).
   * Fix format string vulnerability detected by -Wformat-security.
   * Filter out system-wide setting of -Bsymbolic-functions to avoid FTBFS.
   * Set CPPFLAGS separately.
Checksums-Sha1: 
 a24f6a5cb5a204653d405b79d9e686557cee6247 3017 libav_0.8-2.dsc
 93512c1c2b267493c3fac4be9b9593f19b7dc740 90629 libav_0.8-2.debian.tar.gz
 acb89f68ab0f96f64d08628e5e8fa54d5dc17e24 649104 libav-tools_0.8-2_amd64.deb
 3266c1fa21e2eef9f9ed0686344126afd7b37484 38738 ffmpeg_0.8-2_all.deb
 998f288f895624316390cab0ee214843c35efca3 38816 ffmpeg-dbg_0.8-2_amd64.deb
 9d0367a5b617a80aae781b34e7e2b1c841b035e8 10226538 libav-dbg_0.8-2_amd64.deb
 6d29db2f4d17bc3f1edc3cdb9a40008558839c12 27441016 libav-source_0.8-2_all.deb
 1a81e11a0c61e558b843680fe0422afb14f19273 38774 ffmpeg-doc_0.8-2_all.deb
 44310f032f309b6d60a02620c1e1356d031ee8f1 21700272 libav-doc_0.8-2_all.deb
 d7cdb40e775e44c903cd003ba022d08fea05c310 96496 libavutil51_0.8-2_amd64.deb
 6b25b5213fca6474093acc78cac96110cb549f61 2959690 libavcodec53_0.8-2_amd64.deb
 38e9d3b654f5b8e50c57177367e782a2d7ccadef 66424 libavdevice53_0.8-2_amd64.deb
 d97413e5fb5d44039aee4c909d9554fdc7a304f9 524602 libavformat53_0.8-2_amd64.deb
 61bd6443b8a494987d41cde1803da48ab120fc42 118348 libavfilter2_0.8-2_amd64.deb
 62b1fd19ff7d3aeecb9cf2500668f602de44b53f 100478 libpostproc52_0.8-2_amd64.deb
 8cb8bd9f590451fa453abb4e8c2736197e8ca287 129050 libswscale2_0.8-2_amd64.deb
 9d937da4a46c52fdf5f64cd0e339de1858d8b6c1 147622 libavutil-dev_0.8-2_amd64.deb
 fac70d5e0715b15f8b85a5a4462bb3be1088c107 3468872 libavcodec-dev_0.8-2_amd64.deb
 bbdc71b2cd2189ceba427bae9433e0ff97a3006a 69284 libavdevice-dev_0.8-2_amd64.deb
 6ae49f603d47618fb05ae9989a92fb1c35876d90 707678 libavformat-dev_0.8-2_amd64.deb
 5655bdeabdd804c009419b888b12ea15bc1470aa 150270 libavfilter-dev_0.8-2_amd64.deb
 95b57a54c3faafcfb5ba1631707c689e83211bad 101076 libpostproc-dev_0.8-2_amd64.deb
 f740cfe853714811f0f3b219250ec0e5108a6636 151102 libswscale-dev_0.8-2_amd64.deb
Checksums-Sha256: 
 979df8770ec610273f3371311ec41902a5f20de6118de3d75a3ec88fd446c596 3017 
libav_0.8-2.dsc
 8c92e0a9415221d94e0156c0b4a6425848b38f51c37b8721366f4d2ddc86a9fc 90629 
libav_0.8-2.debian.tar.gz
 c9aadb1a53c1d7f007fd0fbe41a9cb35463e52bc516c29f26cb8e24b9c6dbc68 649104 
libav-tools_0.8-2_amd64.deb
 a6c94b2966d351e74633f5e6b3a6ffc689e9ab897f39610383c0e821090ccb5b 38738 
ffmpeg_0.8-2_all.deb
 ce4d1f5ed189a4c74a579db95dc63fda7701042e8327cd156a077d914ddd6d0e 38816 
ffmpeg-dbg_0.8-2_amd64.deb
 19487ad085d3a3493534a4000a2404ff6ae1632d07f021b6a4be2847aa1c619d 10226538 
libav-dbg_0.8-2_amd64.deb
 acc01ffe3ebe371574f40e38bc3ea7dc708b77ef5e8863f11a6a79254696f896 27441016 
libav-source_0.8-2_all.deb
 224cb9bf57b551221331d0dc9ad6beaff793e748423b639365a589cd5a521811 38774 
ffmpeg-doc_0.8-2_all.deb
 c6c5285383a1aab402f2f64802fa9f99577e944a62603eaf220acd29d8b53554 21700272 
libav-doc_0.8-2_all.deb
 c4d91e65873f840d9e558517e4c031c823b33d43acf4ce88ad1f78ad38df306f 96496 
libavutil51_0.8-2_amd64.deb
 cc4d8005aea96aa59c9b3374ee769282eda2699dd9f37afaeadee54dd5038dcd 2959690 
libavcodec53_0.8-2_amd64.deb
 062875966bc5a433281fcf7cf2c07ce6ed40a0aa07a0ae19394358c776e35a0a 66424 
libavdevice53_0.8-2_amd64.deb
 ecbbbdddca398e10f2e9a00e2cc0e0df3d38e1da530c41cf0b975f608705601d 524602 
libavformat53_0.8-2_amd64.deb
 84f2a9086796de9c1883493bf4e44be1587a9ff674a3bc3ec21bea9ed79c1dab 118348 
libavfilter2_0.8-2_amd64.deb
 d449e5a6c6cf2f2f31041e925d5827971b03ec183977744726486ed50c491955 100478 
libpostproc52_0.8-2_amd64.deb
 6de12d5c0b19f94fc87e1759bcd7628a293386d3233ee3f1c75618630612be38 129050 
libswscale2_0.8-2_amd64.deb
 46b88dc0f2e942cc889e82736f7872841e8cd5420f1cc8974376656122cae5ee 147622 
libavutil-dev_0.8-2_amd64.deb
 258ad138c03334aefc2f4edff2e555e9165296fc641788777e576641e834fbfd 3468872 
libavcodec-dev_0.8-2_amd64.deb
 312dc4b932be7a0c1f75928e52a776e216aadde53522299c83fa71d475d71273 69284 
libavdevice-dev_0.8-2_amd64.deb
 64c7f3580025eb2325f825788d61c4fc35538496ec7df1901c9b3e2ed9d11960 707678 
libavformat-dev_0.8-2_amd64.deb
 3320b2490bb38f7203c2a898e1e3538ef9e6a0dc35e265d1110761598ea09559 150270 
libavfilter-dev_0.8-2_amd64.deb
 6650e6eea53a9e17a9ae5f103b395a223d700a186b4a9df3b65727ef272bd39b 101076 
libpostproc-dev_0.8-2_amd64.deb
 297fb9f19cf20c2bd5db0e2b846a3820a0700375483be389387684e5b346c81a 151102 
libswscale-dev_0.8-2_amd64.deb
Files: 
 532880e65ede410f374952551610b0d3 3017 libs optional libav_0.8-2.dsc
 43966883056495ade2e38fe3817e3c86 90629 libs optional libav_0.8-2.debian.tar.gz
 3babeb815a6537e2257992a1e605a524 649104 video optional 
libav-tools_0.8-2_amd64.deb
 29f82efbb5192c43e2b9d87533ba72d0 38738 oldlibs extra ffmpeg_0.8-2_all.deb
 831ea5c0b4eb413a785169ea74147ee4 38816 oldlibs extra ffmpeg-dbg_0.8-2_amd64.deb
 bb8ad915e566fc9f432e5f0f465b6f38 10226538 debug extra libav-dbg_0.8-2_amd64.deb
 70e56b04feb1b282163ff9a73d9ebc84 27441016 devel optional 
libav-source_0.8-2_all.deb
 59cb737df3c234d827b65781ed13f6cd 38774 oldlibs extra ffmpeg-doc_0.8-2_all.deb
 191ecafdf439e3825e46df1a17db8c91 21700272 doc optional libav-doc_0.8-2_all.deb
 00a3f7e609a0e17b9a303b7dedd31c1a 96496 libs optional 
libavutil51_0.8-2_amd64.deb
 49775111ed68532457f119b452a6fe92 2959690 libs optional 
libavcodec53_0.8-2_amd64.deb
 fd9f2e8e3caf4fef072b6ccfebaa092c 66424 libs optional 
libavdevice53_0.8-2_amd64.deb
 a7964126e26e74ca7a9e53a20d473ff4 524602 libs optional 
libavformat53_0.8-2_amd64.deb
 d0bf44ff5ca184d45c5b88f46cdcf315 118348 libs optional 
libavfilter2_0.8-2_amd64.deb
 0924a75d1638c87f9bee87f205375208 100478 libs optional 
libpostproc52_0.8-2_amd64.deb
 93df324bff114ed6237aea71a237beb4 129050 libs optional 
libswscale2_0.8-2_amd64.deb
 9d2cdd5e97753f3fb800ca28e777337a 147622 libdevel optional 
libavutil-dev_0.8-2_amd64.deb
 530b727261399a8dc4bea27092972a70 3468872 libdevel optional 
libavcodec-dev_0.8-2_amd64.deb
 9d0961efd1ddf5d34c364929564e1bb2 69284 libdevel optional 
libavdevice-dev_0.8-2_amd64.deb
 edb91112c801704c11e72b4c1a11d2a9 707678 libdevel optional 
libavformat-dev_0.8-2_amd64.deb
 afdef415d71f92433f1f916b59ca4987 150270 libdevel optional 
libavfilter-dev_0.8-2_amd64.deb
 c38693420bf5bb30d5ee885c88aded4d 101076 libdevel optional 
libpostproc-dev_0.8-2_amd64.deb
 b2e2e92e63704ea766f95690b09b77af 151102 libdevel optional 
libswscale-dev_0.8-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Debian Powered!

iEYEARECAAYFAk9VDsgACgkQmAg1RJRTSKT2qwCfYPf96jhgsV0BXAqYp0leO9Jk
EHkAn2T/zEVVrIQW0rUWtPto06OILrPS
=MQAu
-----END PGP SIGNATURE-----

--- End Message ---

_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers