Bug#657853: Please enable hardened build flags
Niko Tyni
ntyni at debian.org
Mon Feb 6 06:55:25 UTC 2012
On Sun, Feb 05, 2012 at 10:28:55PM +0000, Dominic Hargreaves wrote:
> On Sun, Feb 05, 2012 at 08:44:15PM +0200, Niko Tyni wrote:
> > On Sun, Jan 29, 2012 at 02:02:31PM +0100, Moritz Muehlenhoff wrote:
> > > Package: perl
> > > Version: 5.14.2-6
> > > Severity: important
> > >
> > > Please enable hardened build flags through dpkg-buildflags.
> >
> > While perl builds fine on amd64 with the attached patch, I'm slightly
> > uneasy about pushing it to unstable without wider testing.
>
> Have you verified the output from hardening-flags before and after,
> both of perl and of a sample XS module (I used libimager-perl as a test).
No - I just checked the build log, $Config{ccflags} and the like.
Will do that when I have the time.
> Probably not a bad idea. We'll need to binnmu all XS modules to pick
> up the hardening flags anyway, so it'd be as well to make sure that
> we've test-rebuilt those if not Arch: all packages.
Also, maybe check with upstream that there aren't any known issues with
these flags?
> I see that you fixed the problem that I identified in [1] with cppflags
> not getting set by including them in ccflags.
>
> [1] <http://lists.alioth.debian.org/pipermail/perl-maintainers/2012-January/002886.html>
I'd sort of missed that mail, sorry. Yes, I think this is the only
way to get cppflags into the build.
Putting the ldflags into lddlflags along with -shared is rather ugly,
but I couldn't come up with anything better.
--
Niko
More information about the Perl-maintainers
mailing list