[Python-modules-team] Bug#652483: pythonmagick: FTBFS with hardening buildflags
Julian Taylor
jtaylor.debian at googlemail.com
Sat Dec 17 17:43:30 UTC 2011
Source: pythonmagick
Version: 0.9.7-1
Severity: normal
User: debian-qa at lists.debian.org
Usertags: hardening
pythonmagick fails to build with the hardening flags applied.
The reason is a missing quote in m4/ax_boost_python.m4:66:
CPPFLAGS=-I$PYTHON_INCLUDE_DIR $CPPFLAGS
this leads to configure not finding the boost python library
checking whether the Boost::Python library is available...
../../configure: line 15885: -D_FORTIFY_SOURCE=2: command not found
no
and a subsequent build failure due to an undefined variable later:
/bin/bash ./libtool --tag=CXX --mode=link g++ -g -O2
-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security -DBOOST_PYTHON_DYNAMIC_LIB -avoid-version
-module -L/usr/lib -Wl,-z,relro -o _PythonMagick.la -rpath
/usr/lib/python2.7/dist-packages/PythonMagick
pythonmagick_src/libpymagick.la helpers_src/libhelper.la -L/usr/lib -l
-lMagick++ -lMagickCore
libtool: link: g++ -fPIC -DPIC -shared -nostdlib
/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crti.o
/usr/lib/gcc/x86_64-linux-gnu/4.6/crtbeginS.o -Wl,--whole-archive
pythonmagick_src/.libs/libpymagick.a helpers_src/.libs/libhelper.a
-Wl,--no-whole-archive -L/usr/lib -l /usr/lib/libMagick++.so
/usr/lib/libMagickCore.so -L/usr/lib/gcc/x86_64-linux-gnu/4.6
-L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu
-L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../lib
-L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu
-L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../.. -lstdc++
-lm -lc -lgcc_s /usr/lib/gcc/x86_64-linux-gnu/4.6/crtendS.o
/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crtn.o -O2
-Wl,-z -Wl,relro -fopenmp -pthread -Wl,-soname -Wl,_PythonMagick.so -o
.libs/_PythonMagick.so
/usr/bin/ld: cannot find -l/usr/lib/libMagick++.so
note the empty space after -l where boost_python should be.
quoting the CPPFLAGS appears to fix the issue.
The buildflags are not exported in debian, but can be enabled e.g. by
adding this to debian/rules:
DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/buildflags.mk
or setting debian/compat to 9
Please fix the issues and maybe also enable the hardened build in debian.
[0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20111217/764ca915/attachment.pgp>
More information about the Python-modules-team
mailing list