I've been working on more lintian fixes raised by the AA review. Here is
today's batch:
nvml (1.3.1-0ubuntu1~ppa12) bionic; urgency=medium
* Install pmemobj docs into a html subdir
* Enable parallel build (dh $@ --parallel)
* Several lintian fixes:
- binary-control-field-duplicates-source
- duplicate-short-description
- extended-description-is-probably-too-short
- restore lintian override about ldconfig for the debug libraries, but
this time in the -debug packages and not -dev packages.
- using-first-person-in-description
- extended-description-is-probably-too-short
- debian-watch-does-not-check-gpg-signature
- d/p/spelling-fixes.patch: assorted spelling fixes
- useless-autogenerated-doxygen-file
- hardening-no-bindnow
That last one, hardening-no-bindnow, meant I changed the build flags. This is
what is used now:
CPPFLAGS : -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D_REENTRANT
CFLAGS : -g -O2
-fdebug-prefix-map=/home/ubuntu/nvdimm/nvml/nvml-git=. -fstack-protector-strong
-Wformat -Werror=format-security -std=gnu99 -Wall -Werror -pthread
-DSRCVERSION="debian/1.3.1-0ubuntu1_ppa5-92-g79c0594" -O2 -U_FORTIFY_SOURCE
-D_FORTIFY_SOURCE=2 -DJEMALLOC_LIBVMEM -fvisibility=hidden
LDFLAGS : -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now
-Wl,-z,relro -Wl,--fatal-warnings
Before it was:
CPPFLAGS : -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D_REENTRANT
CFLAGS : -g -O2
-fdebug-prefix-map=/home/ubuntu/nvdimm/nvml/nvml-git=. -fstack-protector-strong
-Wformat -Werror=format-security -std=gnu99 -Wall -Werror -pthread
-DSRCVERSION="debian/1.3.1-0ubuntu1_ppa5-91-g0b93979" -O2 -U_FORTIFY_SOURCE
-D_FORTIFY_SOURCE=2 -DJEMALLOC_LIBVMEM -fvisibility=hidden
LDFLAGS : -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,relro
-Wl,--fatal-warnings
(don't mind the version, that's just in my local builds)
There is another flags-related lintian warning that I have to address:
I: libvmem1-debug: hardening-no-fortify-functions
usr/lib/x86_64-linux-gnu/nvml_dbg/libvmem.so.1.0.0
N:
N: This package provides an ELF binary that lacks the use of fortified libc
N: functions. Either there are no potentially unfortified functions called
N: by any routines, all unfortified calls have already been fully validated
N: at compile-time, or the package was not built with the default Debian
N: compiler flags defined by dpkg-buildflags. If built using
N: dpkg-buildflags directly, be sure to import CPPFLAGS.
N:
N: NB: Due to false-positives, Lintian ignores some unprotected functions
N: (e.g. memcpy).
N:
N: Refer to https://wiki.debian.org/Hardening and
N: https://bugs.debian.org/673112 for details.
N:
N: Severity: normal, Certainty: wild-guess
N:
N: Check: binaries, Type: binary, udeb
But since this is about the debug libraries, I think I will just add a
note to READBE.source and/or override it.
** Bug watch added: Debian Bug tracker #673112
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673112
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1752378
Title:
Please add Userspace Packages for NVDIMM support
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1752378/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
