Your message dated Wed, 14 Mar 2012 20:47:30 +0000 with message-id <e1s7v6y-0006ml...@franck.debian.org> and subject line Bug#663275: fixed in audacity 2.0.0-1 has caused the Debian Bug report #663275, regarding audacity: Hardening flags missing for portmixer to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 663275: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663275 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: audacity Version: 2.0.0~rc8-1 Severity: important Tags: patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear Maintainer, The hardening flags are missing for lib-src/portmixer because the Makefile ignores compiler flags from the environment. For more hardening information please have a look at [1], [2] and [3]. The attached patch fixes the issue. If possible it should be sent upstream. To check if all flags were correctly enabled you can use `hardening-check` from the hardening-includes package and check the build log (hardening-check doesn't catch everything): $ hardening-check /usr/bin/audacity /usr/bin/audacity: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no not found! (Position Independent Executable and Immediate binding is not enabled by default.) Use find -type f \( -executable -o -name \*.so\* \) -exec hardening-check {} + on the build result to check all files. Regards, Simon [1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags [2]: https://wiki.debian.org/HardeningWalkthrough [3]: https://wiki.debian.org/Hardening - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPWqPgAAoJEJL+/bfkTDL5UfoP/3TshdQpTBUKZ6LWbHidWNTI LnN2rsMKll3g5RLbBS5ajHk6CWfpr0ScUf+KcihwT7YjaPZH93QvSHa5xeYrU2xV +P5hL/5MggJlTxtnaM1wDe9c0DN7T1LmGvm8qOTiuOWOVmu0kTFkddKyE9jNv3A5 YygqCihgXPuNZXR9TDVEBsd1th6RGVTQ0tDqQaaVSwGmRaReNdCmW7gbLeIaWuRu HuimLzYsAPoERFaYaNLNqvAoCGz09AEU2ye2p6VjixRTUIVs+A1PLt1tYi4RVojY QOY+P5I9zp1sm5/4TyfsLrfXoVbRrJI/a6uSHrGeUG1OGaN4YddxZVQeRZN0NJCt eaAwnT9x6sFVOuW7AvjTd9kLoLv82BzrAXPXXqPuaj2l1v5wgqTCU/FOUfDagfff Eax09TIbyxt4vzn+8FADkf5XkSVQgXAxhsswu/QQPz/QKlGI4AhMdpAoKuzjn4ms sVNhnzX6oIGWJUGzSgngwRmZlLh1kp2ezMc7sfxCjNTdDKr0CWFW5K4a/+aQy9zk SVBWR+ZRsv/WRLVyTQqpRBaQyVl+zXcXkXD7CygDdv8xiXlAWlSqigHfbVXszYxv FOaC7DDq0t6Qf3bq/ZTvdmgFxUgG2NJnTi8EYhThK5FzB4mcQ47c/8f73nZXNzUR r5OO2u8TuGilAoNVUrGz =+jzP -----END PGP SIGNATURE-----Description: Use build flags from the environment (dpkg-buildflags). Author: Simon Ruderich <si...@ruderich.org> Last-Update: 2012-03-10 --- audacity-2.0.0~rc8.orig/lib-src/portmixer/Makefile.in +++ audacity-2.0.0~rc8/lib-src/portmixer/Makefile.in @@ -9,9 +9,12 @@ AR = @AR@ RANLIB = @RANLIB@ DEFS += @DEFS@ +CFLAGS += @CFLAGS@ CFLAGS += @cflags@ CFLAGS += @include@ +CPPFLAGS = @CPPFLAGS@ + all : $(LIBRARY) tests: @@ -22,7 +25,7 @@ $(LIBRARY): $(OBJECTS) $(RANLIB) $(LIBRARY) %.o : src/%.c - $(CC) $(CFLAGS) $(DEFS) -c $(<) -o $@ + $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c $(<) -o $@ clean : -rm -f $(LIBRARY)
--- End Message ---
--- Begin Message ---Source: audacity Source-Version: 2.0.0-1 We believe that the bug you reported is fixed in the latest version of audacity, which is due to be installed in the Debian FTP archive: audacity-data_2.0.0-1_all.deb to main/a/audacity/audacity-data_2.0.0-1_all.deb audacity-dbg_2.0.0-1_amd64.deb to main/a/audacity/audacity-dbg_2.0.0-1_amd64.deb audacity_2.0.0-1.debian.tar.gz to main/a/audacity/audacity_2.0.0-1.debian.tar.gz audacity_2.0.0-1.dsc to main/a/audacity/audacity_2.0.0-1.dsc audacity_2.0.0-1_amd64.deb to main/a/audacity/audacity_2.0.0-1_amd64.deb audacity_2.0.0.orig.tar.bz2 to main/a/audacity/audacity_2.0.0.orig.tar.bz2 A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 663...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Benjamin Drung <bdr...@debian.org> (supplier of updated audacity package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 14 Mar 2012 14:43:28 +0100 Source: audacity Binary: audacity audacity-data audacity-dbg Architecture: source amd64 all Version: 2.0.0-1 Distribution: unstable Urgency: low Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Benjamin Drung <bdr...@debian.org> Description: audacity - fast, cross-platform audio editor audacity-data - fast, cross-platform audio editor (data) audacity-dbg - fast, cross-platform audio editor (debug) Closes: 663275 Changes: audacity (2.0.0-1) unstable; urgency=low . * New upstream release. * Drop fix-glib-include-error.patch (fixed upstream). * Use build flags from the environment for portmixer. Thanks to Simon Ruderich <si...@ruderich.org> (Closes: #663275) Checksums-Sha1: fe6a81c4528de1e0e911552cc8c06bac228badd8 2697 audacity_2.0.0-1.dsc 0175474e63c51aaa97df9b45574f7f307f1d3bc8 6625078 audacity_2.0.0.orig.tar.bz2 e20be0a3fa7d3d578f7f1fe3b2e61b7c039de490 23050 audacity_2.0.0-1.debian.tar.gz c49c7e71d39e1f682c8e1b69e103ed6acb4fcee5 2631326 audacity_2.0.0-1_amd64.deb 650d08c90ac4938641c20060c0d924ef0d3b90bc 2639180 audacity-data_2.0.0-1_all.deb f2b2753f01ff5025a49666a4b717f7e5f4131f97 17394850 audacity-dbg_2.0.0-1_amd64.deb Checksums-Sha256: ce5519232a1d15f5806a6408bde5a0d2fc182ccf562cc4916f2081f61992998f 2697 audacity_2.0.0-1.dsc d849288ca5f90764d497953e7d2744e269bfbb6f71840762c66419e4c68aeb6a 6625078 audacity_2.0.0.orig.tar.bz2 c045b9d100f548d1aa9b23d57bf497a6654e275a5c777d98ce4e5fbc005f5a35 23050 audacity_2.0.0-1.debian.tar.gz 5f363899bbd5ca5f9145698ded7d968a41caeadd7918481bf5f8f3021edb8b56 2631326 audacity_2.0.0-1_amd64.deb 59f6dcdcd7362dbe00032e37eba28c2fb7554afa3198cba195d682488a2134e8 2639180 audacity-data_2.0.0-1_all.deb 2c2e1669befe3cacf330a14f2de201f269a34d4d2c6769b2e68cae7e3106dda0 17394850 audacity-dbg_2.0.0-1_amd64.deb Files: 73059e6b1c3c5d58400dbb8248cf96ca 2697 sound optional audacity_2.0.0-1.dsc 094b7001af29818cd84961b83397377f 6625078 sound optional audacity_2.0.0.orig.tar.bz2 43f67669939edcb47949a2be561e947c 23050 sound optional audacity_2.0.0-1.debian.tar.gz 66296ed12c8ad00addd61957ecfb31f8 2631326 sound optional audacity_2.0.0-1_amd64.deb f70c92303ff35a5ebeeb88fc818a6bad 2639180 sound optional audacity-data_2.0.0-1_all.deb 5527332aa3bc7bb0b172e10766f84206 17394850 debug extra audacity-dbg_2.0.0-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCgAGBQJPYQF3AAoJEBWetcTvyHdMgVwP/iEN1m3Ce2xPPiPejHuBj+99 4Mq78kZYW0ksEn5CP0vy9rylrjD/POFP36qfwdcwdZhjETfKt9CUrBZs2aq5xwpr HDjYvwQAJlWTBnCgD3aBSreuGnJI8LTpVr06BsUnDhR0DrTCYy1cPdO1zkIjJ5kI UL+Kgx/xHbyqaROTDF9i84vR1DrwUSvLETeJ4+B69KtXdo9YWFyh9XAZZZIrbX55 lB+gIOGEszOsx2HZxED5pdboF1677Vibr5GJX1sp2NFVHuF0h4sHvfs5oBzVzYgs HKav8fo7COZwqhPQnjy8x444Bq7GoIZ/kCkIlJGuFunii+W8HBK4eHrDP9SWAXfz +myacxIf0uY5PgNsK9FBmVNJMRQ6h845HkACTZ31zgwAesrjQWj9P6gc2BSdJnq0 4Z1b6/0M+CMsYG5lbz78gP83I0kxVDTmP+ywG/9S5yduJldesqbkwjMGu7xL6PlV Vd8gq04/2lmkQhzn40nXqz9p60PgILnBMhDBZ61PrODIxEem7TG7SiljMZvabRqi pc0aZBHUIL+fOD4UPfbhPVL+gipTPeIx3UrS9CjUKlLD6YKZ9HkiSHTx3rGA3N15 yqYmEvH+z6pIBwMrmbHJYZZ7fy9VBTgmIpRd83lwfGLnveTVVcFeYesk8K0yGbbH 7wqrnwPuF9LL3l2Han82 =mpPV -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
