Paul, On 03/07/2013 06:29 AM, Paul Johnson wrote: > version 5 is the version we've been using "around here" for a few > years. There never was an official -5 in Debian, of course, and I'm > starting to see why.
Fair enough. >> Two things to mention here: that I stripped "-O2 -g" as well, because >> these are defaults, anyway. "hardening=+all" causes -fPIE to be added to >> the CFLAGS, which in turn causes compilation errors, so I dropped that line. >> > > Let me double check that you see same. After putting in the change you > do, lintian still hates me: > > W: blt: hardening-no-relro usr/lib/libBLT.2.4.so.8.4 > W: blt: hardening-no-fortify-functions usr/lib/libBLT.2.4.so.8.4 > W: blt: hardening-no-relro usr/lib/libBLT.2.4.so.8.5 > W: blt: hardening-no-fortify-functions usr/lib/libBLT.2.4.so.8.5 > W: blt: hardening-no-relro usr/lib/libBLTlite.2.4.so.8.4 > W: blt: hardening-no-fortify-functions usr/lib/libBLTlite.2.4.so.8.4 > W: blt: hardening-no-relro usr/lib/libBLTlite.2.4.so.8.5 > W: blt: hardening-no-fortify-functions usr/lib/libBLTlite.2.4.so.8.5 > > I put back in all the hardening options, except pie, still same result. Only disabling PIE might be more sensible than removing the hardening flags entirely, yeah. > I did not understand your next point about LDFLAGS, but now I am > starting to understand. The flags are happening because the flags > "-Wl,-z,relro" are not getting tacked onto the end of the linker > command. You think that's the problem? Exactly. configure overrides LDFLAGS entirely, but the Makefile.in doesn't use it, anyway. Instead it uses SHLIB_LD_FLAGS. The LDFLAGS set in debian/rules don't make it there, so the linker gets invoked w/o them. > Me neither. All that stuff is from the previous package maintainers. To be honest, I tend to revamp the packaging. Or at least try to reduce clutter a lot. Some of the changes to configure.in should better be integrated upstream. Are you in contact with some upstream author? Maybe they can take a look at 02-debian-all.diff and strip it down. > Well, if I had written this code, I might be able to predict & > understand the effect of a change like that. As it is, wouldn't you > rather leave the image file in a place you know actually runs? Well, I actually *don't* know it runs. But yeah, it's certainly not a top priority. > Thanks very much for your help. Supposing that the hardening warnings > are related to the linker thing, maybe I can find a way to slide in > those flags and see if the warnings are solved. Just for fun. It's not even just for fun. There's a good reason for hardening... Anyway, good luck. Regards Markus Wanner -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
