Bug#657853: Building perl with hardened build flags
Niko Tyni
ntyni at debian.org
Sat Mar 3 06:47:32 UTC 2012
On Thu, Feb 23, 2012 at 10:24:50PM +0000, Dominic Hargreaves wrote:
> On Thu, Feb 23, 2012 at 11:49:31AM +0200, Niko Tyni wrote:
> > I've pushed a slightly refined version of the patch. I'll file such a
> > wishlist bug if/when this ends up in sid.
>
> Thanks. I'm inclined to release the current package to sid this weekend.
Reviewing the package, I noticed that -fstack-protector disappears from
ccflags with the current patch (compared against -7):
- cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
+ cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
I assume this is because the option is given twice to Configure,
which then purges one of them as a duplicate, and we later substitute
the other away.
As this affects all XS module packages not using dpkg-buildflags, I
don't think it's acceptable for sid. I've put a note on debian/changelog
and held off uploading for the time being. Will try to come up with
something better.
--
Niko Tyni ntyni at debian.org
More information about the Perl-maintainers
mailing list