[Debian GNUstep maintainers] Bug#879085: gnustep-make: Hardcodes hardening flags as default flags

Yavor Doganov yavor at gnu.org
Thu Oct 19 07:11:41 UTC 2017 

Package: gnustep-make
Version: 2.7.0-1
Severity: important

$ gnustep-config --objc-flags
-MMD -MP -Wdate-time -D_FORTIFY_SOURCE=2 -DGNUSTEP -DGNUSTEP_BASE_LIBRARY=1 -DGNU_GUI_LIBRARY=1 -DGNU_RUNTIME=1 -DGNUSTEP_BASE_LIBRARY=1 -fno-strict-aliasing -fexceptions -fobjc-exceptions -D_NATIVE_OBJC_EXCEPTIONS -pthread -fPIC -Wall -DGSWARN -DGSDIAGNOSE -Wno-import -g -O2 -fdebug-prefix-map=/build/gnustep-make-2.7.0=. -fstack-protector-strong -Wformat -Werror=format-security -g -O2 -fdebug-prefix-map=/build/gnustep-make-2.7.0=. -fstack-protector-strong -Wformat -Werror=format-security -fgnu-runtime -fconstant-string-class=NSConstantString -I. -I/home/yavor/GNUstep/Library/Headers -I/usr/local/include/GNUstep -I/usr/include/GNUstep

$ gnustep-config --base-libs
-rdynamic -Wl,-z,relro -Wl,-z,now -shared-libgcc -pthread -fexceptions -fgnu-runtime -L/home/yavor/GNUstep/Library/Libraries -L/usr/local/lib -L/usr/lib -lgnustep-base -lobjc -lm

$ gnustep-config --variable=CPPFLAGS
-Wdate-time -D_FORTIFY_SOURCE=2

Both /usr/share/GNUstep/Makefiles/config.make and
/usr/bin/gnustep-config have hardcoded Debian-specific flags which are
obviously used also when building GNUstep software unrelated to Debian
packaging.  This is clearly a bug, most probably inherited from
gnustep-make's debian/rules and the hardening stuff.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=bg_BG.utf8, LC_CTYPE=bg_BG.utf8 (charmap=UTF-8), LANGUAGE=bg_BG.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnustep-make depends on:
ii  gnustep-common  2.7.0-1
ii  gobjc           4:7.2.0-1d1
ii  perl            5.26.0-8

gnustep-make recommends no packages.

Versions of packages gnustep-make suggests:
ii  gnustep-make-doc  2.7.0-1

-- no debconf information

More information about the pkg-GNUstep-maintainers mailing list