[DRE-maint] Bug#725062: ruby-rmagick: FTBFS when specifying hardening parameters

Gunnar Wolf gwolf at gwolf.org
Mon Sep 30 23:44:58 UTC 2013 

Package: ruby-rmagick
Version: 2.13.2-1
Severity: normal

When building this package (minor revision that adds support under
Ruby 2.0), the package builds successfully, but spews the following
Lintian warnings:

    ------------------------------------------------------------
    | W: ruby-rmagick: hardening-no-relro usr/lib/ruby/vendor_ruby/1.9.1/x86_64-linux/RMagick2.so
    | N: 
    | N:    This package provides an ELF binary that lacks the "read-only
    | N:    relocation" link flag. This package was likely not built with the
    | N:    default Debian compiler flags defined by dpkg-buildflags. If built using
    | N:    dpkg-buildflags directly, be sure to import LDFLAGS.
    | N:    
    | N:    Refer to http://wiki.debian.org/Hardening for details.
    | N:    
    | N:    Severity: normal, Certainty: certain
    | N:    
    | N:    Check: binaries, Type: binary, udeb
    | N: 
    | W: ruby-rmagick: hardening-no-relro usr/lib/x86_64-linux-gnu/ruby/vendor_ruby/2.0.0/RMagick2.so
    ------------------------------------------------------------

Following the above advice, I tried by adding the following patch, but
failed as the C code turned some warnings into errors — Particularly,
I got (at least) two "format not a string literal and no format
arguments" complaints in rmutil.c, i.e. at:

    ------------------------------------------------------------
    | void
    | rm_fatal_error_handler(const ExceptionType severity, const char *reason, const char *description)
    | {
    |    rb_raise(Class_FatalImageMagickError, GetLocaleExceptionMessage(severity, reason));
    |    description = description;
    | }
    ------------------------------------------------------------

I was unable to dig deeper into this, and decided to ask for somebody
else's help to fix it :-} Hence this bug.

Thanks for any help,

diff --git a/debian/changelog b/debian/changelog
index f72a755..595e2fe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 ruby-rmagick (2.13.2-1) unstable; urgency=low
 
   * New upstream release
+  * Bumped up dh_compat level to 9; added dependency on dpkg-dev to
+    include build-hardening flags
 
  -- Gunnar Wolf <gwolf at debian.org>  Mon, 30 Sep 2013 17:32:27 -0500
 
diff --git a/debian/compat b/debian/compat
index 7f8f011..ec63514 100644
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-7
+9
diff --git a/debian/control b/debian/control
index ad89013..2e2be56 100644
--- a/debian/control
+++ b/debian/control
@@ -3,9 +3,9 @@ Section: ruby
 Priority: optional
 Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
 Uploaders: Antonio Terceiro <terceiro at softwarelivre.org>, Gunnar Wolf <gwolf at debian.org>, Vincent Fourmond <fourmond at debian.org>
-Build-Depends: debhelper (>= 7.0.50~), gem2deb (>= 0.3.0~), 
+Build-Depends: debhelper (>= 9), gem2deb (>= 0.3.0~), 
                libmagickcore-dev (>= 7:6.6.0.4-2~), libwmf-bin, 
-               ghostscript, gsfonts, libmagickwand-dev
+               ghostscript, gsfonts, libmagickwand-dev, dpkg-dev (>= 1.16.1~)
 Standards-Version: 3.9.4
 Vcs-Git: git://anonscm.debian.org/pkg-ruby-extras/ruby-rmagick.git
 Vcs-Browser: http://anonscm.debian.org/gitweb?p=pkg-ruby-extras/ruby-rmagick.git;a=summary
diff --git a/debian/rules b/debian/rules
index 38f1f63..5d5f444 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,6 +11,9 @@
 # If you need to specify the .gemspec (eg there is more than one)
 #export DH_RUBY_GEMSPEC=gem.gemspec
 
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+
 %:
        dh $@ --buildsystem=rubysetuprb --with ruby
 


-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.8-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ruby-rmagick depends on:
ii  libc6                         2.17-93
ii  libmagickcore5                8:6.7.7.10-6
ii  libruby1.9.1                  1.9.3.448-1
ii  libruby2.0                    2.0.0.299-2
ii  ruby1.8 [ruby-interpreter]    1.8.7.358-8
ii  ruby1.9.1 [ruby-interpreter]  1.9.3.448-1
ii  ruby2.0 [ruby-interpreter]    2.0.0.299-2

ruby-rmagick recommends no packages.

ruby-rmagick suggests no packages.

-- no debconf information

More information about the Pkg-ruby-extras-maintainers mailing list