Bug#756174: jackd2 building without any of the required build flags

Reinhard Tartler siretart at gmail.com
Sun Jul 27 14:24:11 UTC 2014


On Sun, Jul 27, 2014 at 1:54 AM, Steve Langasek
<steve.langasek at canonical.com> wrote:
> Package: jackd2
> Version: 1.9.10+20140610git97e0e80b~dfsg-1
> Severity: important
> Tags: patch
> User: ubuntu-devel at lists.ubuntu.com
> Usertags: origin-ubuntu utopic ubuntu-patch
>
> The jackd2 package in Debian unstable does not properly pass dpkg-buildflags
> values to waf.  As a result, the package is built without optimizations
> (-O2), has no debugging symbols available at build time (-g), and doesn't
> use any of the hardening flags that are exported by dpkg-buildflags by
> default on Debian.
>
> The first two of these are violation of a policy "should" (10.1), the last
> is bad for the security of the package.
>
> The attached patch is a minimally-invasive fix for this, which uses
> DEB_MAKE_EXTRA_ARGS to pass the variables to waf.  However, waf is not make,
> so this isn't strictly correct.  There is a waf class in cdbs (available
> since cdbs 0.4.90); I don't know why you're not using it, perhaps you want
> to switch to using that instead.

Jonas, can you take a look at this patch, please?

>
> I would offer a patch to convert the package to dh(1), but considering the
> contents of the Uploaders field I suspect it would not be accepted.

I'm inclined to agree. I guess the "right CDBS philosophy" would be to
have waf support in CDBS, so that debian/rules could be significantly
shortened.

Given that this support is not in place, I wonder if CDBS is the best
helper infrastructure for this package.


-- 
regards,
    Reinhard



More information about the pkg-multimedia-maintainers mailing list