On Wed, Mar 14, 2012 at 11:04:16PM +, Dominic Hargreaves wrote:
On Wed, Feb 22, 2012 at 06:16:16PM +0100, Moritz Muehlenhoff wrote:
If it's only 30 packages we should rather push it into debhelper 9 now
if that's okay with Joey.
I'll make sure the 30 packages get rebuilt.
I
On Mon, 26 Mar 2012 18:46:54 +0100, Dominic Hargreaves wrote:
Just wanted to check - are you happy to prod the buildd maintainers
into making sure that debhelper = 9.20120312 is installed, or should
I? I'd like to make sure that the changes I've got queued up don't
get forgotten about.
(Is
Hi Dominic
On Wed, Mar 14, 2012 at 11:06:45PM +, Dominic Hargreaves wrote:
libdbd-pg-perl
To be rebuilt by Moritz
Maybe for this one, we could first wait one further day, to have the
2.19.0 upload in wheezy? It contains the fix for CVE-2012-1151.
To all involved, many thanks for your
On Wed, Feb 22, 2012 at 06:16:16PM +0100, Moritz Muehlenhoff wrote:
If it's only 30 packages we should rather push it into debhelper 9 now
if that's okay with Joey.
I'll make sure the 30 packages get rebuilt.
I believe that debhelper 9.20120312 implements what we need.
Niko pointed out a
On Sun, Feb 12, 2012 at 09:28:48PM +0100, Moritz Mühlenhoff wrote:
These four Perl modules had a DSA since 2006 and are not pure Perl:
So, once the fixed debhelper is installed on buildds:
libhtml-parser-perl
Ready for upload
libdbd-pg-perl
To be rebuilt by Moritz
libimager-perl
Ready
On Tue, Feb 21, 2012 at 01:38:07PM +0200, Niko Tyni wrote:
Problems/thoughts:
Most of this got addressed with the implementation that landed in
5.14.2-9, so I think we're fine now. Concluding notes:
- we're invoking dpkg-buildflags in two places (debian/rules and
debian/config.debian), and
On Thu, Feb 23, 2012 at 10:24:50PM +, Dominic Hargreaves wrote:
On Thu, Feb 23, 2012 at 11:49:31AM +0200, Niko Tyni wrote:
I've pushed a slightly refined version of the patch. I'll file such a
wishlist bug if/when this ends up in sid.
Thanks. I'm inclined to release the current
On Sun, Feb 12, 2012 at 09:27:24PM +0100, Moritz Mühlenhoff wrote:
If the missing format string is variable and controlled externally (e.g.
if read from a file or from network communication), please file it
with RC severity and the security tag. (If it's a popular Perl module,
please
On Tue, Feb 21, 2012 at 10:21:04PM +, Dominic Hargreaves wrote:
I'm in much the same situation as well; fairly limited hack time at
the moment.
So, not that this probably helps much, but: in order to make some
progress with this, you could commit your patch as-is, and also open
a
On Thu, Feb 23, 2012 at 11:49:31AM +0200, Niko Tyni wrote:
On Tue, Feb 21, 2012 at 10:21:04PM +, Dominic Hargreaves wrote:
I'm in much the same situation as well; fairly limited hack time at
the moment.
So, not that this probably helps much, but: in order to make some
progress
On Tue, Feb 21, 2012 at 10:37:48PM +, Dominic Hargreaves wrote:
Trying to pull a few of the subthreads together:
On Sun, Feb 12, 2012 at 09:24:40PM +0100, Moritz Mühlenhoff wrote:
On Sun, Feb 12, 2012 at 02:54:59PM +0200, Niko Tyni wrote:
That's a good point about the timeframe. So
On Fri, Feb 17, 2012 at 12:36:21PM +0200, Niko Tyni wrote:
(cc's trimmed for the implementation details)
If we have consensus on that, the way forward as I see it:
Dominic, I'm not sure if you're fine with that plan?
- prepare a perl upload in unstable that is built with the hardened flags
On Tue, Feb 21, 2012 at 01:38:07PM +0200, Niko Tyni wrote:
On Fri, Feb 17, 2012 at 12:36:21PM +0200, Niko Tyni wrote:
(cc's trimmed for the implementation details)
If we have consensus on that, the way forward as I see it:
Dominic, I'm not sure if you're fine with that plan?
Yes.
Trying to pull a few of the subthreads together:
On Sun, Feb 12, 2012 at 09:24:40PM +0100, Moritz Mühlenhoff wrote:
On Sun, Feb 12, 2012 at 02:54:59PM +0200, Niko Tyni wrote:
That's a good point about the timeframe. So there's no real hurry with
the proposed debhelper changes in option A,
On Tue, 21 Feb 2012 22:37:48 +, Dominic Hargreaves wrote:
Given the messages I've quoted above, deferring debhelper changes until
v10 makes most sense. This means we can file bugs on the release goal
packages to use the invocations manually in the meantime, as well as
a wishlist bug on
On Sun, Feb 12, 2012 at 09:24:40PM +0100, Moritz Mühlenhoff wrote:
On Sun, Feb 12, 2012 at 02:54:59PM +0200, Niko Tyni wrote:
On Fri, Feb 10, 2012 at 11:29:09PM +0200, Niko Tyni wrote:
A. make debhelper pass all of CFLAGS, CPPFLAGS, and LDFLAGS down to
ExtUtils::MakeMaker and
gregor herrmann wrote:
Assuming they are all uploaded and all arch:any (and only looking at
packages in the Debian perl Group):
% grep 9 */debian/compat | wc -l
31
Well, it seems easy enough to test 30 packages. It would help if someone
developed a patch before there are too many more.
--
[Thanks for taking this to the list; should've done that myself.
Just a couple of quick comments for now.]
On Sat, Feb 11, 2012 at 01:51:19PM +, Dominic Hargreaves wrote:
On Fri, Feb 10, 2012 at 11:29:09PM +0200, Niko Tyni wrote:
On Thu, Feb 09, 2012 at 08:44:25PM +, Dominic
On Sun, Feb 12, 2012 at 02:54:59PM +0200, Niko Tyni wrote:
[Thanks for taking this to the list; should've done that myself.
Just a couple of quick comments for now.]
On Sat, Feb 11, 2012 at 01:51:19PM +, Dominic Hargreaves wrote:
On Fri, Feb 10, 2012 at 11:29:09PM +0200, Niko Tyni
[Adding Joey Hess to CC]
On Sun, Feb 12, 2012 at 02:54:59PM +0200, Niko Tyni wrote:
[Thanks for taking this to the list; should've done that myself.
Just a couple of quick comments for now.]
On Sat, Feb 11, 2012 at 01:51:19PM +, Dominic Hargreaves wrote:
On Fri, Feb 10, 2012 at
On Sat, Feb 11, 2012 at 01:51:19PM +, Dominic Hargreaves wrote:
- 13 packages newly FTBFS with the perl from experimental installed
- of those, 12 are -Werror=format-security issues
It would be nice to fix all the packages first, but it's probably not
a sensible approach.
On Sun, Feb 12, 2012 at 06:52:18PM +, Dominic Hargreaves wrote:
That's a good point about the timeframe. So there's no real hurry with
the proposed debhelper changes in option A, they can be done after wheezy.
Except perhaps for the modules which are specifically included in
the wheezy
Moritz Mühlenhoff wrote:
A. make debhelper pass all of CFLAGS, CPPFLAGS, and LDFLAGS down to
ExtUtils::MakeMaker and ExtUtils::CBuilder via suitable command line
invocations (it currently passes only CFLAGS, starting with compat
level 9)
I would prefer this strategy.
On Sun, 12 Feb 2012 17:12:31 -0400, Joey Hess wrote:
A. make debhelper pass all of CFLAGS, CPPFLAGS, and LDFLAGS down to
ExtUtils::MakeMaker and ExtUtils::CBuilder via suitable command
line
invocations (it currently passes only CFLAGS, starting with compat
level
[Adding debian-perl, since the decisions we take might have a wide
impact].
On Fri, Feb 10, 2012 at 11:29:09PM +0200, Niko Tyni wrote:
On Thu, Feb 09, 2012 at 08:44:25PM +, Dominic Hargreaves wrote:
Going back to square one, I see three options for pushing
the hardening flags to the XS
On Thu, Feb 09, 2012 at 08:44:25PM +, Dominic Hargreaves wrote:
On Wed, Feb 08, 2012 at 09:46:22AM +0200, Niko Tyni wrote:
I suspect we need to patch ExtUtils::CBuilder to invoke dpkg-buildflags
at XS module build time rather than blindly use $Config{ccflags} from
perl. That way XS
On Wed, Feb 08, 2012 at 09:46:22AM +0200, Niko Tyni wrote:
On Tue, Feb 07, 2012 at 10:13:58PM +, Dominic Hargreaves wrote:
On Tue, Feb 07, 2012 at 08:48:12PM +, Dominic Hargreaves wrote:
I've just kicked off a test rebuild of all CPAN
modules in Debian with the perl from
On Wed, Feb 08, 2012 at 06:58:53PM +0100, Moritz Mühlenhoff wrote:
On Tue, Feb 07, 2012 at 10:13:58PM +, Dominic Hargreaves wrote:
Moritz, could you comment on your preferred way of dealing with
communicating/fixing this problem for packages which inherit build
flags from perl? I'll
On Tue, Feb 07, 2012 at 10:13:58PM +, Dominic Hargreaves wrote:
Moritz, could you comment on your preferred way of dealing with
communicating/fixing this problem for packages which inherit build
flags from perl? I'll post a complete list of affected packages to
debian-perl once the
Hello,
As discussed in http://bugs.debian.org/657853/ we are adding various
hardening build flags to the perl build in Debian, as part of a Debian
release goal[1].
The version currently in Debian experimental has the following additional
flags defined:
ccflags: add -D_FORTIFY_SOURCE=2 -g -O2
On Tue, Feb 07, 2012 at 08:48:12PM +, Dominic Hargreaves wrote:
I've just kicked off a test rebuild of all CPAN
modules in Debian with the perl from experimental, to try and catch any
severe breakage introduced by this.
Early indications from my rebuilds indicate that we will have some
On Tue, Feb 07, 2012 at 10:13:58PM +, Dominic Hargreaves wrote:
On Tue, Feb 07, 2012 at 08:48:12PM +, Dominic Hargreaves wrote:
I've just kicked off a test rebuild of all CPAN
modules in Debian with the perl from experimental, to try and catch any
severe breakage introduced by
32 matches
Mail list logo