Package: t50 Severity: serious Version: 5.8.3-1 Fixed: 5.8.3-2 We found out that version 5.8.3-1 of t50 is trying to detect the architecture its being build to on Makefile but it fails to do that on some cases, this was detected thanks to the reproducible builds project.
It is known that t50's upstream adds lots of cpu specific code to it, and the main indicator for that has always been the failure to build in a reproducible way. A few days ago I raised a discussion about this problem on the security tools team's list, and we found out that t50 was using the "-ftree-vectorize" flag, while at the same time failing to check the correct architecture it was being build upon. The fix consisted of removing any CPU specific code from the Makefile, thus making the build reproducible and fixing the problems with the build. This is the discussion on the team's mailing list https://lists.debian.org/debian-security-tools/2019/05/msg00001.html -- Samuel Henrique <samueloph>