Package: gnustep-make Version: 2.7.0-1 Severity: important $ gnustep-config --objc-flags -MMD -MP -Wdate-time -D_FORTIFY_SOURCE=2 -DGNUSTEP -DGNUSTEP_BASE_LIBRARY=1 -DGNU_GUI_LIBRARY=1 -DGNU_RUNTIME=1 -DGNUSTEP_BASE_LIBRARY=1 -fno-strict-aliasing -fexceptions -fobjc-exceptions -D_NATIVE_OBJC_EXCEPTIONS -pthread -fPIC -Wall -DGSWARN -DGSDIAGNOSE -Wno-import -g -O2 -fdebug-prefix-map=/build/gnustep-make-2.7.0=. -fstack-protector-strong -Wformat -Werror=format-security -g -O2 -fdebug-prefix-map=/build/gnustep-make-2.7.0=. -fstack-protector-strong -Wformat -Werror=format-security -fgnu-runtime -fconstant-string-class=NSConstantString -I. -I/home/yavor/GNUstep/Library/Headers -I/usr/local/include/GNUstep -I/usr/include/GNUstep
$ gnustep-config --base-libs -rdynamic -Wl,-z,relro -Wl,-z,now -shared-libgcc -pthread -fexceptions -fgnu-runtime -L/home/yavor/GNUstep/Library/Libraries -L/usr/local/lib -L/usr/lib -lgnustep-base -lobjc -lm $ gnustep-config --variable=CPPFLAGS -Wdate-time -D_FORTIFY_SOURCE=2 Both /usr/share/GNUstep/Makefiles/config.make and /usr/bin/gnustep-config have hardcoded Debian-specific flags which are obviously used also when building GNUstep software unrelated to Debian packaging. This is clearly a bug, most probably inherited from gnustep-make's debian/rules and the hardening stuff. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=bg_BG.utf8, LC_CTYPE=bg_BG.utf8 (charmap=UTF-8), LANGUAGE=bg_BG.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages gnustep-make depends on: ii gnustep-common 2.7.0-1 ii gobjc 4:7.2.0-1d1 ii perl 5.26.0-8 gnustep-make recommends no packages. Versions of packages gnustep-make suggests: ii gnustep-make-doc 2.7.0-1 -- no debconf information