Your message dated Thu, 23 Aug 2018 13:04:30 +0000
with message-id <[email protected]>
and subject line Bug#853265: fixed in blhc 0.08-0.1
has caused the Debian Bug report #853265,
regarding blhc: false positives - mpicc frontend to gcc reported as I
no-compiler-commands
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
853265: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853265
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: blhc
Version: 0.07+20161116+gitbf41976
Severity: normal
Dear Maintainer,
SUMMARY: On https://qa.debian.org/bls/packages/m/mpgrafic.html,
blhc, which is presumably the version of blhc presently in sid, i.e.
blhc-0.07+20161116+gitbf41976, incorrectly labels builds of mpgrafic
as "I no-compiler-commands", although mpgrafic does *both* fortran and C
compilation using frontends to gcc.
DETAILS:
The program mpgrafic uses MPI (message passing library) to run on
multiple computers with non-shared memory. Typical MPI
implementations (openmpi, mpich) provide the developer with front ends
to C and fortran compilers, which are called `mpicc' and `mpifort' (or
older: mpif90), respectively. Mpgrafic uses both of these - the main
code is in fortran, some is in C. The build logs
https://buildd.debian.org/status/fetch.php?pkg=mpgrafic&arch=amd64&ver=0.3.10-1&stamp=1485681787&raw=1
https://buildd.debian.org/status/fetch.php?pkg=mpgrafic&arch=arm64&ver=0.3.10-1&stamp=1485681802&raw=1
https://buildd.debian.org/status/fetch.php?pkg=mpgrafic&arch=i386&ver=0.3.10-1&stamp=1485681858&raw=1
each contain three lines equal or similar to:
mpicc -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2
-fdebug-prefix-map=/«PKGBUILDDIR»=. -fstack-protector-strong -Wformat
-Werror=format-security -c -o parallel_io.o parallel_io.c
which to a human reader, clearly indicate that the C compilation is
done with the gcc backend, using the expected hardening options. But
blhc misses this.
ELEMENTS OF A SOLUTION:
(1) One-way detection: mpicc compilation with hardening:
Blhc should be able to check for regex's such as
"mpicc.*-D_FORTIFY_SOURCE=2.*-fstack-protector-strong.*-Wformat.*-Werror=format-security"
and allow for different valid orderings of these options.
In this case, it would be safe to override the "no-compiler-commands"
info message, and to consider that hardening is enabled.
But probably (2) would be a safer, more modular option:
(2) Detecting mpicc as a front end to gcc:
The build log
https://buildd.debian.org/status/fetch.php?pkg=mpgrafic&arch=amd64&ver=0.3.10-1&stamp=1485681787&raw=1
contains (with line numbers):
680 checking for gcc... gcc
681 checking whether we are using the GNU C compiler... yes
682 checking whether gcc accepts -g... yes
683 checking for gcc option to accept ISO C89... none needed
684 checking whether gcc understands -c and -o together... yes
685 checking for style of include used by make... GNU
686 checking dependency style of gcc... none
687 checking for main in -lgcc... yes
688 checking for cblas_dgemv in -lgslcblas... yes
689 checking for gsl_spline_init in -lgsl... yes
690 checking for mpicc... mpicc
While the configure order of checking for gcc and mpicc might not, in
general, give lines that are this close to one another, maybe the whole
`configure' section of the build log could be searched to see if both
the GNU C compiler and mpicc are configured. In that case, the usual
checks for absence of hardening options can be made later in the perl
script, where "mpicc" is the name of the compiler.
COMMENT:
I'm not sure if any hardening options are valid and recommended for
gfortran - which is a fortran front end to gcc.
-- System Information:
Debian Release: sid
Architecture: amd64 (x86_64), arm64, i386
--- End Message ---
--- Begin Message ---
Source: blhc
Source-Version: 0.08-0.1
We believe that the bug you reported is fixed in the latest version of
blhc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fabian Wolff <[email protected]> (supplier of updated blhc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 22 Aug 2018 18:04:09 +0200
Source: blhc
Binary: blhc
Architecture: source all
Version: 0.08-0.1
Distribution: unstable
Urgency: medium
Maintainer: Jari Aalto <[email protected]>
Changed-By: Fabian Wolff <[email protected]>
Description:
blhc - build log hardening check
Closes: 853265
Changes:
blhc (0.08-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Add upstream signing key and adjust watch file accordingly.
* New upstream release (Closes: #853265).
* Upgrade to debhelper compat level 11.
* Upgrade to Standards-Version 4.2.0.
* Install NEWS file as NEWS.gz, not as upstream changelog.
* Update Vcs-Git and Vcs-Browser fields to new Salsa URLs.
* Mark blhc as Multi-Arch: foreign, as recommended by the Multiarch
hinter.
Checksums-Sha1:
06f93d802d95aafa995d7dc8b319ec987a1ff55b 2025 blhc_0.08-0.1.dsc
1c7cf4ccea6255f4c0b9db097c80a90d6308711b 66634 blhc_0.08.orig.tar.gz
90bc2710ce5ad39991dad5131bf523ba28aa7f14 833 blhc_0.08.orig.tar.gz.asc
fd5ff1e1fc294080cbeb46f9ce5bc89a43afe218 10248 blhc_0.08-0.1.debian.tar.xz
5ab8d4d206bca0f6bfab493d78b0dbcaf2036e36 28476 blhc_0.08-0.1_all.deb
7bd98075bf36f5ac14c91e89795956834453ec60 5356 blhc_0.08-0.1_amd64.buildinfo
Checksums-Sha256:
484ab775a5207af0a478ec312829081d6b103a51e891168c219a12b1cb695afa 2025
blhc_0.08-0.1.dsc
529f2449f31c8dcf4b72c997c5112d7e4aba233180f5f9cda8de11b6460d1da5 66634
blhc_0.08.orig.tar.gz
8ab5d74822ec721b6d98c120dcbc39ff1eb36be55c51c895aa72c04b1295af63 833
blhc_0.08.orig.tar.gz.asc
97937a2f80bc9f0bd7076e918f0a5ffac6b4f490a22216bb142d5bded577a669 10248
blhc_0.08-0.1.debian.tar.xz
57b444245fa92cfd9cadc705ad0cb6d6a150c4bda8ee1ab2ddf74e001c9f76ca 28476
blhc_0.08-0.1_all.deb
21f6395d0a7461b9768e72ecb500c03ceb15264aee663abf3c5c653f8a229ef0 5356
blhc_0.08-0.1_amd64.buildinfo
Files:
e80e6cb24967094531e436a8fdd6d275 2025 utils optional blhc_0.08-0.1.dsc
de654b98e21c96c2345fd57963d88840 66634 utils optional blhc_0.08.orig.tar.gz
c2e3e57843a1ea0a7b32bddd02c9b6c5 833 utils optional blhc_0.08.orig.tar.gz.asc
61e4dd088cacad58347cf6be1f2d35db 10248 utils optional
blhc_0.08-0.1.debian.tar.xz
e2603ea150c18b175d06af6faf20bb40 28476 utils optional blhc_0.08-0.1_all.deb
e622a69f85bd32ecf1d96bbdf13704a1 5356 utils optional
blhc_0.08-0.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEI3pUsQKHKL8A7zH00Ot2KGX8XjYFAlt+orMACgkQ0Ot2KGX8
XjZqwg//dAuPlNGJ7OCr8J7y4pioQMi2CTPB1XXvsJf31fsSc1xj8ILUsvSKyHwI
TAJHyfEs8kS9wxbIpWtOzvMP93plnAaSqTABsyXXW2K2oGGssp+MCKBGvDeMweXl
BUO5ECQvc1JLp7+F9r4CCSff5uTXVm7IpEeWOEUfadc5uUDge7J5B3AyBQTHIR0W
gOPywo2aaN5/yCKiFDJHwuWFwljtYcwXMUqlBgWKFNpIwHp57EPhKWYQ9Vfrs5/8
JWuYxfqbYU+G6KL7auikd2KRg1rzUb4KtycE/IhWFfNPF2zW3k5zVmOfbthm+7fn
EIRaR9t3UvavedkeDxkbGVLX4whcsdMNW2nfmCGNQGAAdyEGST0j/2WmBdTDMdyR
egPwFj8W8bM30S+/cua2JLeKkYtwuN1tcV36oWVJEKjlzWuAyksQ2wUyMgByiDki
ztEjssKLTSbk/Q+W4A3iR8UK8GJ6UPqWfEZodtUMMFRku5zzk6XsL5CzPLuVokdl
5LPR3lezAUKkRhh0oNtb+YwLL0Puvn6KTtSH7szkUEOPQBqaNIrXIuH17GOFrajO
6z8GzB4WNRGbrVHbTzVcNeo8IIyPSumyA6aN+ztHj8chyahVzCBJwkhQOIGVQh3/
GaV+tvtSWRMoQSPR8+BgEQWQUtX3HBMpC4R0Or9rNUyzCt4GMDU=
=Z1QK
-----END PGP SIGNATURE-----
--- End Message ---
