[DRE-maint] Bug#725062: ruby-rmagick: FTBFS when specifying hardening parameters
Gunnar Wolf
gwolf at gwolf.org
Mon Sep 30 23:44:58 UTC 2013
Package: ruby-rmagick
Version: 2.13.2-1
Severity: normal
When building this package (minor revision that adds support under
Ruby 2.0), the package builds successfully, but spews the following
Lintian warnings:
------------------------------------------------------------
| W: ruby-rmagick: hardening-no-relro usr/lib/ruby/vendor_ruby/1.9.1/x86_64-linux/RMagick2.so
| N:
| N: This package provides an ELF binary that lacks the "read-only
| N: relocation" link flag. This package was likely not built with the
| N: default Debian compiler flags defined by dpkg-buildflags. If built using
| N: dpkg-buildflags directly, be sure to import LDFLAGS.
| N:
| N: Refer to http://wiki.debian.org/Hardening for details.
| N:
| N: Severity: normal, Certainty: certain
| N:
| N: Check: binaries, Type: binary, udeb
| N:
| W: ruby-rmagick: hardening-no-relro usr/lib/x86_64-linux-gnu/ruby/vendor_ruby/2.0.0/RMagick2.so
------------------------------------------------------------
Following the above advice, I tried by adding the following patch, but
failed as the C code turned some warnings into errors — Particularly,
I got (at least) two "format not a string literal and no format
arguments" complaints in rmutil.c, i.e. at:
------------------------------------------------------------
| void
| rm_fatal_error_handler(const ExceptionType severity, const char *reason, const char *description)
| {
| rb_raise(Class_FatalImageMagickError, GetLocaleExceptionMessage(severity, reason));
| description = description;
| }
------------------------------------------------------------
I was unable to dig deeper into this, and decided to ask for somebody
else's help to fix it :-} Hence this bug.
Thanks for any help,
diff --git a/debian/changelog b/debian/changelog
index f72a755..595e2fe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
ruby-rmagick (2.13.2-1) unstable; urgency=low
* New upstream release
+ * Bumped up dh_compat level to 9; added dependency on dpkg-dev to
+ include build-hardening flags
-- Gunnar Wolf <gwolf at debian.org> Mon, 30 Sep 2013 17:32:27 -0500
diff --git a/debian/compat b/debian/compat
index 7f8f011..ec63514 100644
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-7
+9
diff --git a/debian/control b/debian/control
index ad89013..2e2be56 100644
--- a/debian/control
+++ b/debian/control
@@ -3,9 +3,9 @@ Section: ruby
Priority: optional
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
Uploaders: Antonio Terceiro <terceiro at softwarelivre.org>, Gunnar Wolf <gwolf at debian.org>, Vincent Fourmond <fourmond at debian.org>
-Build-Depends: debhelper (>= 7.0.50~), gem2deb (>= 0.3.0~),
+Build-Depends: debhelper (>= 9), gem2deb (>= 0.3.0~),
libmagickcore-dev (>= 7:6.6.0.4-2~), libwmf-bin,
- ghostscript, gsfonts, libmagickwand-dev
+ ghostscript, gsfonts, libmagickwand-dev, dpkg-dev (>= 1.16.1~)
Standards-Version: 3.9.4
Vcs-Git: git://anonscm.debian.org/pkg-ruby-extras/ruby-rmagick.git
Vcs-Browser: http://anonscm.debian.org/gitweb?p=pkg-ruby-extras/ruby-rmagick.git;a=summary
diff --git a/debian/rules b/debian/rules
index 38f1f63..5d5f444 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,6 +11,9 @@
# If you need to specify the .gemspec (eg there is more than one)
#export DH_RUBY_GEMSPEC=gem.gemspec
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+
%:
dh $@ --buildsystem=rubysetuprb --with ruby
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.8-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages ruby-rmagick depends on:
ii libc6 2.17-93
ii libmagickcore5 8:6.7.7.10-6
ii libruby1.9.1 1.9.3.448-1
ii libruby2.0 2.0.0.299-2
ii ruby1.8 [ruby-interpreter] 1.8.7.358-8
ii ruby1.9.1 [ruby-interpreter] 1.9.3.448-1
ii ruby2.0 [ruby-interpreter] 2.0.0.299-2
ruby-rmagick recommends no packages.
ruby-rmagick suggests no packages.
-- no debconf information
More information about the Pkg-ruby-extras-maintainers
mailing list