Package: dpkg
Version: 1.18.24ubuntu1
Severity: normal
Dear Maintainer,
When building packages in 'odd' directory names, building fails. I
traced this to commit 2125e8dd being incomplete. Patch below.
m 558d4b77ed9ddd3902eba6989e82ca9ad8e2d77f Mon Sep 17 00:00:00 2001
From: Dennis Kaarsemaker <den...@kaarsemaker.net>
Date: Fri, 8 Dec 2017 12:39:31 +0100
Subject: [PATCH] Fix building in weird pathnames
2125e8dd forgot to update a location, causing the following build error
when running in 'odd' pathnames (with an @ in it) when running e.g. dh
clean.
Can't use string ("0") as a HASH ref while "strict refs" in use at
/usr/share/perl5/Dpkg/Vendor/Debian.pm line 397.
---
scripts/Dpkg/Vendor/Debian.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm
index e0fd01113..980597b5c 100644
--- a/scripts/Dpkg/Vendor/Debian.pm
+++ b/scripts/Dpkg/Vendor/Debian.pm
@@ -204,7 +204,7 @@ sub _add_build_flags {
# so that we do not need to worry about escaping the characters
# on output.
if ($build_path =~ m/[^-+:.0-9a-zA-Z~\/_]/) {
- $use_feature{fixdebugpath} = 0;
+ $use_feature{reproducible}{fixdebugpath} = 0;
}
}
--
2.15.0-454-g89b61be
-- System Information:
Debian Release: stretch/sid
APT prefers artful-updates
APT policy: (500, 'artful-updates'), (500, 'artful-security'), (500,
'artful'), (100, 'artful-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-16-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dpkg depends on:
ii libbz2-1.0 1.0.6-8.1
ii libc6 2.26-0ubuntu2
ii liblzma5 5.2.2-1.3
ii libselinux1 2.7-1
ii tar 1.29b-2
ii zlib1g 1:1.2.11.dfsg-0ubuntu2
dpkg recommends no packages.
Versions of packages dpkg suggests:
ii apt 1.5.1
pn debsig-verify <none>
-- no debconf information
# Copyright © 2009-2011 Raphaël Hertzog <hert...@debian.org>
# Copyright © 2009, 2011-2017 Guillem Jover <guil...@debian.org>
#
# Hardening build flags handling derived from work of:
# Copyright © 2009-2011 Kees Cook <k...@debian.org>
# Copyright © 2007-2008 Canonical, Ltd.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
package Dpkg::Vendor::Debian;
use strict;
use warnings;
our $VERSION = '0.01';
use Dpkg;
use Dpkg::Gettext;
use Dpkg::ErrorHandling;
use Dpkg::Control::Types;
use parent qw(Dpkg::Vendor::Default);
=encoding utf8
=head1 NAME
Dpkg::Vendor::Debian - Debian vendor object
=head1 DESCRIPTION
This vendor object customizes the behaviour of dpkg scripts for Debian
specific behavior and policies.
=cut
sub run_hook {
my ($self, $hook, @params) = @_;
if ($hook eq 'package-keyrings') {
return ('/usr/share/keyrings/debian-keyring.gpg',
'/usr/share/keyrings/debian-maintainers.gpg');
} elsif ($hook eq 'keyrings') {
warnings::warnif('deprecated', 'deprecated keyrings vendor hook');
return $self->run_hook('package-keyrings', @params);
} elsif ($hook eq 'archive-keyrings') {
return ('/usr/share/keyrings/debian-archive-keyring.gpg');
} elsif ($hook eq 'archive-keyrings-historic') {
return ('/usr/share/keyrings/debian-archive-removed-keys.gpg');
} elsif ($hook eq 'builtin-build-depends') {
return qw(build-essential:native);
} elsif ($hook eq 'builtin-build-conflicts') {
return ();
} elsif ($hook eq 'register-custom-fields') {
} elsif ($hook eq 'extend-patch-header') {
my ($textref, $ch_info) = @params;
if ($ch_info->{'Closes'}) {
foreach my $bug (split(/\s+/, $ch_info->{'Closes'})) {
$$textref .= "Bug-Debian: https://bugs.debian.org/$bug\n";;
}
}
# XXX: Layer violation...
require Dpkg::Vendor::Ubuntu;
my $b =
Dpkg::Vendor::Ubuntu::find_launchpad_closes($ch_info->{'Changes'});
foreach my $bug (@$b) {
$$textref .= "Bug-Ubuntu: https://bugs.launchpad.net/bugs/$bug\n";;
}
} elsif ($hook eq 'update-buildflags') {
$self->_add_build_flags(@params);
} elsif ($hook eq 'builtin-system-build-paths') {
return qw(/build/);
} else {
return $self->SUPER::run_hook($hook, @params);
}
}
sub _parse_feature_area {
my ($self, $area, $use_feature) = @_;
require Dpkg::BuildOptions;
# Adjust features based on user or maintainer's desires.
my $opts = Dpkg::BuildOptions->new(envvar => 'DEB_BUILD_OPTIONS');
$opts->parse_features($area, $use_feature);
$opts = Dpkg::BuildOptions->new(envvar => 'DEB_BUILD_MAINT_OPTIONS');
$opts->parse_features($area, $use_feature);
}
sub _add_build_flags {
my ($self, $flags) = @_;
# Default feature states.
my %use_feature = (
future => {
lfs => 0,
},
qa => {
bug => 0,
canary => 0,
},
reproducible => {
timeless => 1,
fixdebugpath => 1,
},
sanitize => {
address => 0,
thread => 0,
leak => 0,
undefined => 0,
},
hardening => {
# XXX: This is set to undef so that we can cope with the brokenness
# of gcc managing this feature builtin.
pie => undef,
stackprotector => 1,
stackprotectorstrong => 1,
fortify => 1,
format => 1,
relro => 1,
bindnow => 0,
},
);
my %builtin_feature = (
hardening => {
pie => 1,
},
);
## Setup
# Adjust features based on user or maintainer's desires.
foreach my $area (sort keys %use_feature) {
$self->_parse_feature_area($area, $use_feature{$area});
}
require Dpkg::Arch;
my $arch = Dpkg::Arch::get_host_arch();
my ($abi, $libc, $os, $cpu) = Dpkg::Arch::debarch_to_debtuple($arch);
unless (defined $abi and defined $libc and defined $os and defined $cpu) {
warning(g_("unknown host architecture '%s'"), $arch);
($abi, $os, $cpu) = ('', '', '');
}
## Area: future
if ($use_feature{future}{lfs}) {
my ($abi_bits, $abi_endian) = Dpkg::Arch::debarch_to_abiattrs($arch);
my $cpu_bits = Dpkg::Arch::debarch_to_cpubits($arch);
if ($abi_bits == 32 and $cpu_bits == 32) {
$flags->append('CPPFLAGS',
'-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64');
}
}
## Area: qa
# Warnings that detect actual bugs.
if ($use_feature{qa}{bug}) {
foreach my $warnflag (qw(array-bounds clobbered volatile-register-var
implicit-function-declaration)) {
$flags->append('CFLAGS', "-Werror=$warnflag");
$flags->append('CXXFLAGS', "-Werror=$warnflag");
}
}
# Inject dummy canary options to detect issues with build flag propagation.
if ($use_feature{qa}{canary}) {
require Digest::MD5;
my $id = Digest::MD5::md5_hex(int rand 4096);
foreach my $flag (qw(CPPFLAGS CFLAGS OBJCFLAGS CXXFLAGS OBJCXXFLAGS)) {
$flags->append($flag, "-D__DEB_CANARY_${flag}_${id}__");
}
$flags->append('LDFLAGS', "-Wl,-z,deb-canary-${id}");
}
## Area: reproducible
my $build_path;
# Mask features that might have an unsafe usage.
if ($use_feature{reproducible}{fixdebugpath}) {
require Cwd;
$build_path = $ENV{DEB_BUILD_PATH} || Cwd::cwd();
# If we have any unsafe character in the path, disable the flag,
# so that we do not need to worry about escaping the characters
# on output.
if ($build_path =~ m/[^-+:.0-9a-zA-Z~\/_]/) {
$use_feature{reproducible}{fixdebugpath} = 0;
}
}
# Warn when the __TIME__, __DATE__ and __TIMESTAMP__ macros are used.
if ($use_feature{reproducible}{timeless}) {
$flags->append('CPPFLAGS', '-Wdate-time');
}
# Avoid storing the build path in the debug symbols.
if ($use_feature{reproducible}{fixdebugpath}) {
my $map = '-fdebug-prefix-map=' . $build_path . '=.';
$flags->append('CFLAGS', $map);
$flags->append('CXXFLAGS', $map);
$flags->append('OBJCFLAGS', $map);
$flags->append('OBJCXXFLAGS', $map);
$flags->append('FFLAGS', $map);
$flags->append('FCFLAGS', $map);
$flags->append('GCJFLAGS', $map);
}
## Area: sanitize
# Handle logical feature interactions.
if ($use_feature{sanitize}{address} and $use_feature{sanitize}{thread}) {
# Disable the thread sanitizer when the address one is active, they
# are mutually incompatible.
$use_feature{sanitize}{thread} = 0;
}
if ($use_feature{sanitize}{address} or $use_feature{sanitize}{thread}) {
# Disable leak sanitizer, it is implied by the address or thread ones.
$use_feature{sanitize}{leak} = 0;
}
if ($use_feature{sanitize}{address}) {
my $flag = '-fsanitize=address -fno-omit-frame-pointer';
$flags->append('CFLAGS', $flag);
$flags->append('CXXFLAGS', $flag);
$flags->append('LDFLAGS', '-fsanitize=address');
}
if ($use_feature{sanitize}{thread}) {
my $flag = '-fsanitize=thread';
$flags->append('CFLAGS', $flag);
$flags->append('CXXFLAGS', $flag);
$flags->append('LDFLAGS', $flag);
}
if ($use_feature{sanitize}{leak}) {
$flags->append('LDFLAGS', '-fsanitize=leak');
}
if ($use_feature{sanitize}{undefined}) {
my $flag = '-fsanitize=undefined';
$flags->append('CFLAGS', $flag);
$flags->append('CXXFLAGS', $flag);
$flags->append('LDFLAGS', $flag);
}
## Area: hardening
# Mask builtin features that are not enabled by default in the compiler.
my %builtin_pie_arch = map { $_ => 1 } qw(
amd64 arm64 armel armhf i386 kfreebsd-amd64 kfreebsd-i386
mips mipsel mips64el powerpc ppc64 ppc64el s390x sparc sparc64
);
if (not exists $builtin_pie_arch{$arch}) {
$builtin_feature{hardening}{pie} = 0;
}
# Mask features that are not available on certain architectures.
if ($os !~ /^(?:linux|kfreebsd|knetbsd|hurd)$/ or
$cpu =~ /^(?:hppa|avr32)$/) {
# Disabled on non-(linux/kfreebsd/knetbsd/hurd).
# Disabled on hppa, avr32
# (#574716).
$use_feature{hardening}{pie} = 0;
}
if ($cpu =~ /^(?:ia64|alpha|hppa|nios2)$/ or $arch eq 'arm') {
# Stack protector disabled on ia64, alpha, hppa, nios2.
# "warning: -fstack-protector not supported for this target"
# Stack protector disabled on arm (ok on armel).
# compiler supports it incorrectly (leads to SEGV)
$use_feature{hardening}{stackprotector} = 0;
}
if ($cpu =~ /^(?:ia64|hppa|avr32)$/) {
# relro not implemented on ia64, hppa, avr32.
$use_feature{hardening}{relro} = 0;
}
# Mask features that might be influenced by other flags.
if ($flags->{build_options}->has('noopt')) {
# glibc 2.16 and later warn when using -O0 and _FORTIFY_SOURCE.
$use_feature{hardening}{fortify} = 0;
}
# Handle logical feature interactions.
if ($use_feature{hardening}{relro} == 0) {
# Disable bindnow if relro is not enabled, since it has no
# hardening ability without relro and may incur load penalties.
$use_feature{hardening}{bindnow} = 0;
}
if ($use_feature{hardening}{stackprotector} == 0) {
# Disable stackprotectorstrong if stackprotector is disabled.
$use_feature{hardening}{stackprotectorstrong} = 0;
}
# PIE
if (defined $use_feature{hardening}{pie} and
$use_feature{hardening}{pie} and
not $builtin_feature{hardening}{pie}) {
my $flag = "-specs=$Dpkg::DATADIR/pie-compile.specs";
$flags->append('CFLAGS', $flag);
$flags->append('OBJCFLAGS', $flag);
$flags->append('OBJCXXFLAGS', $flag);
$flags->append('FFLAGS', $flag);
$flags->append('FCFLAGS', $flag);
$flags->append('CXXFLAGS', $flag);
$flags->append('GCJFLAGS', $flag);
$flags->append('LDFLAGS', "-specs=$Dpkg::DATADIR/pie-link.specs");
} elsif (defined $use_feature{hardening}{pie} and
not $use_feature{hardening}{pie} and
$builtin_feature{hardening}{pie}) {
my $flag = "-specs=$Dpkg::DATADIR/no-pie-compile.specs";
$flags->append('CFLAGS', $flag);
$flags->append('OBJCFLAGS', $flag);
$flags->append('OBJCXXFLAGS', $flag);
$flags->append('FFLAGS', $flag);
$flags->append('FCFLAGS', $flag);
$flags->append('CXXFLAGS', $flag);
$flags->append('GCJFLAGS', $flag);
$flags->append('LDFLAGS', "-specs=$Dpkg::DATADIR/no-pie-link.specs");
}
# Stack protector
if ($use_feature{hardening}{stackprotectorstrong}) {
my $flag = '-fstack-protector-strong';
$flags->append('CFLAGS', $flag);
$flags->append('OBJCFLAGS', $flag);
$flags->append('OBJCXXFLAGS', $flag);
$flags->append('FFLAGS', $flag);
$flags->append('FCFLAGS', $flag);
$flags->append('CXXFLAGS', $flag);
$flags->append('GCJFLAGS', $flag);
} elsif ($use_feature{hardening}{stackprotector}) {
my $flag = '-fstack-protector --param=ssp-buffer-size=4';
$flags->append('CFLAGS', $flag);
$flags->append('OBJCFLAGS', $flag);
$flags->append('OBJCXXFLAGS', $flag);
$flags->append('FFLAGS', $flag);
$flags->append('FCFLAGS', $flag);
$flags->append('CXXFLAGS', $flag);
$flags->append('GCJFLAGS', $flag);
}
# Fortify Source
if ($use_feature{hardening}{fortify}) {
$flags->append('CPPFLAGS', '-D_FORTIFY_SOURCE=2');
}
# Format Security
if ($use_feature{hardening}{format}) {
my $flag = '-Wformat -Werror=format-security';
$flags->append('CFLAGS', $flag);
$flags->append('CXXFLAGS', $flag);
$flags->append('OBJCFLAGS', $flag);
$flags->append('OBJCXXFLAGS', $flag);
}
# Read-only Relocations
if ($use_feature{hardening}{relro}) {
$flags->append('LDFLAGS', '-Wl,-z,relro');
}
# Bindnow
if ($use_feature{hardening}{bindnow}) {
$flags->append('LDFLAGS', '-Wl,-z,now');
}
## Commit
# Set used features to their builtin setting if unset.
foreach my $area (sort keys %builtin_feature) {
foreach my $feature (keys %{$builtin_feature{$area}}) {
$use_feature{$area}{$feature} //= $builtin_feature{$area}{$feature};
}
}
# Store the feature usage.
foreach my $area (sort keys %use_feature) {
while (my ($feature, $enabled) = each %{$use_feature{$area}}) {
$flags->set_feature($area, $feature, $enabled);
}
}
}
=head1 CHANGES
=head2 Version 0.xx
This is a private module.
=cut
1;
