Bug#657853: Building perl with hardened build flags

Tue Feb 7 22:13:58 UTC 2012

On Tue, Feb 07, 2012 at 08:48:12PM +0000, Dominic Hargreaves wrote:
> I've just kicked off a test rebuild of all CPAN 
> modules in Debian with the perl from experimental, to try and catch any
> severe breakage introduced by this.

Early indications from my rebuilds indicate that we will have some
new FTBFS bugs with

-Wformat-security -Werror=format-security

So far (for all lib*-perl, alphabetically, up to libc):

libapache2-mod-perl2:

cc -c  -I/build/dom-libapache2-mod-perl2_2.0.5-5-i386-x1v_OO/libapache2-mod-perl2-2.0.5/src/modules/perl -I/build/dom-libapache2-mod-perl2_2.0.5-5-i386-
x1v_OO/libapache2-mod-perl2-2.0.5/xs -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/us
r/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -I/usr/include/apache2 -D_REENTRANT -D_GNU_SOURCE -DDEBIAN -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DMOD_PERL -DMP_USE_GTOP -DMP_COMPAT_1X -Wall      -DVERSION=\"0.009000\" -DXS_VERSION=\"0.009000\" -fPIC "-I/usr/lib/perl/5.14/CORE"  -DMP_HAVE_APR_LIBS Pool.c
In file included from Pool.xs:26:0:
/build/dom-libapache2-mod-perl2_2.0.5-5-i386-x1v_OO/libapache2-mod-perl2-2.0.5/xs/APR/Pool/APR__Pool.h: In function 'mpxs_cleanup_run':
/build/dom-libapache2-mod-perl2_2.0.5-5-i386-x1v_OO/libapache2-mod-perl2-2.0.5/xs/APR/Pool/APR__Pool.h:315:9: error: format not a string literal and no format arguments [-Werror=format-security]
cc1: some warnings being treated as errors

libberkeleydb-perl:

cc -c  -I/usr/local/BerkeleyDB/include -D_REENTRANT -D_GNU_SOURCE -DDEBIAN -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wform
at -Wformat-security -Werror=format-security -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64    -DVERSION=\"0
.49\" -DXS_VERSION=\"0.49\" -fPIC "-I/usr/lib/perl/5.14/CORE"   BerkeleyDB.c
BerkeleyDB.xs: In function 'softCrash':
BerkeleyDB.xs:948:5: error: format not a string literal and no format arguments [-Werror=format-security]
BerkeleyDB.xs: In function 'XS_BerkeleyDB__Env__db_appinit':
BerkeleyDB.xs:2697:7: warning: too many arguments for format [-Wformat-extra-args]
BerkeleyDB.xs:2709:11: warning: too many arguments for format [-Wformat-extra-args]
BerkeleyDB.c: In function 'XS_BerkeleyDB__Env_DB_ENV':
BerkeleyDB.c:3194:13: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
BerkeleyDB.xs: In function 'XS_BerkeleyDB__Unknown__db_open_unknown':
BerkeleyDB.xs:3630:10: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
cc1: some warnings being treated as errors

Moritz, could you comment on your preferred way of dealing with
communicating/fixing this problem for packages which inherit build
flags from perl? I'll post a complete list of affected packages to
debian-perl once the rebuilds are complete.

Thanks,
Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)