Bug#879085: marked as done (gnustep-make: Hardcodes hardening flags as default flags)

[Debian Bug Tracking System]

Your message dated Sun, 22 Oct 2017 01:19:07 +0000
with message-id <e1e64ux-000fmo...@fasolo.debian.org>
and subject line Bug#879085: fixed in gnustep-make 2.7.0-2
has caused the Debian Bug report #879085,
regarding gnustep-make: Hardcodes hardening flags as default flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
879085: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879085
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: gnustep-make
Version: 2.7.0-1
Severity: important

$ gnustep-config --objc-flags
-MMD -MP -Wdate-time -D_FORTIFY_SOURCE=2 -DGNUSTEP -DGNUSTEP_BASE_LIBRARY=1 
-DGNU_GUI_LIBRARY=1 -DGNU_RUNTIME=1 -DGNUSTEP_BASE_LIBRARY=1 
-fno-strict-aliasing -fexceptions -fobjc-exceptions -D_NATIVE_OBJC_EXCEPTIONS 
-pthread -fPIC -Wall -DGSWARN -DGSDIAGNOSE -Wno-import -g -O2 
-fdebug-prefix-map=/build/gnustep-make-2.7.0=. -fstack-protector-strong 
-Wformat -Werror=format-security -g -O2 
-fdebug-prefix-map=/build/gnustep-make-2.7.0=. -fstack-protector-strong 
-Wformat -Werror=format-security -fgnu-runtime 
-fconstant-string-class=NSConstantString -I. 
-I/home/yavor/GNUstep/Library/Headers -I/usr/local/include/GNUstep 
-I/usr/include/GNUstep

$ gnustep-config --base-libs
-rdynamic -Wl,-z,relro -Wl,-z,now -shared-libgcc -pthread -fexceptions 
-fgnu-runtime -L/home/yavor/GNUstep/Library/Libraries -L/usr/local/lib 
-L/usr/lib -lgnustep-base -lobjc -lm

$ gnustep-config --variable=CPPFLAGS
-Wdate-time -D_FORTIFY_SOURCE=2

Both /usr/share/GNUstep/Makefiles/config.make and
/usr/bin/gnustep-config have hardcoded Debian-specific flags which are
obviously used also when building GNUstep software unrelated to Debian
packaging.  This is clearly a bug, most probably inherited from
gnustep-make's debian/rules and the hardening stuff.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=bg_BG.utf8, LC_CTYPE=bg_BG.utf8 (charmap=UTF-8), 
LANGUAGE=bg_BG.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnustep-make depends on:
ii  gnustep-common  2.7.0-1
ii  gobjc           4:7.2.0-1d1
ii  perl            5.26.0-8

gnustep-make recommends no packages.

Versions of packages gnustep-make suggests:
ii  gnustep-make-doc  2.7.0-1

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: gnustep-make
Source-Version: 2.7.0-2

We believe that the bug you reported is fixed in the latest version of
gnustep-make, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Eric Heintzmann <heintzmann.e...@free.fr> (supplier of updated gnustep-make 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 22 Oct 2017 01:47:53 +0200
Source: gnustep-make
Binary: gnustep-common gnustep-make gnustep-make-doc
Architecture: source
Version: 2.7.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GNUstep maintainers 
<pkg-gnustep-maintain...@lists.alioth.debian.org>
Changed-By: Eric Heintzmann <heintzmann.e...@free.fr>
Description:
 gnustep-common - Common files for the core GNUstep environment
 gnustep-make - GNUstep build system
 gnustep-make-doc - Documentation for GNUstep Make
Closes: 879085
Changes:
 gnustep-make (2.7.0-2) unstable; urgency=medium
 .
   [ Yavor Doganov ]
   * debian/rules: Reset all flags as dpkg's default flags creep in and get
     hardcoded in gnustep-make itself (Closes: #879085).  Remove dh's
     --with autoreconf argument.
   * debian/gnustep-make.links: Create symlinks for config.{guess,sub} from
     autotools-dev to ensure they're always up-to-date.
   * debian/gnustep-make.install: Do not install config.{guess,sub}.
   * debian/compat: Set compat level to 10.
   * debian/control (Build-Depends): Require debhelper >= 10; remove
     dh-autoreconf.
     (gnustep-make) <Depends>: Add autotools-dev.
     (Standards-Version): Bump to 4.1.1 (no changes needed).
   * debian/gnustep-common.maintscript: Delete; no longer needed.
   * debian/patches/no-user-root-paths.patch: Remove; merged upstream.
   * debian/patches/series: Update.
   * debian/copyright: Update copyright years.
 .
   [ Eric Heintzmann ]
   * debian/rules: Remove comment about XDG compliance.
Checksums-Sha1:
 3a7ab574317426a6880a4b851e8212dd7d75edf6 2593 gnustep-make_2.7.0-2.dsc
 9b30f4465f45d98d2d9cfba995310ca4da7a8427 105488 
gnustep-make_2.7.0-2.debian.tar.xz
 4f58f64eb68883fd497cc19a23d2bf2d12270e91 8427 
gnustep-make_2.7.0-2_amd64.buildinfo
Checksums-Sha256:
 c141cd2669c91f5c5daba7b00baf736e556c2763e8d3e6ef47f5db1fc40860b1 2593 
gnustep-make_2.7.0-2.dsc
 3ac6bd28c2988a241bf7e6035ac0eb6ad807285816ead78b3b69a92e552121f3 105488 
gnustep-make_2.7.0-2.debian.tar.xz
 a75ae0d7696fc48db8d2d204cb4a4c8aa7845309b740136a9a968bac89b4b638 8427 
gnustep-make_2.7.0-2_amd64.buildinfo
Files:
 bebe6ea680432a369b0ff6ae430529c6 2593 gnustep optional gnustep-make_2.7.0-2.dsc
 5375ecb6ba1f78ba1ac1e86a5fb6c5b9 105488 gnustep optional 
gnustep-make_2.7.0-2.debian.tar.xz
 d35d9f1f5b757a5c68f39ae95ff0d39a 8427 gnustep optional 
gnustep-make_2.7.0-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJMBAEBCgA2FiEEtz0UHJYkz/fsxU5TqIIhU7ORZG0FAlnr6scYHGhlaW50em1h
bm4uZXJpY0BmcmVlLmZyAAoJEKiCIVOzkWRt5sMP/RxQdQcg4r2dek0DSelZQ9DK
YogPmdl8Y6ftpRa0MBbUUyDgnsQaGXPXNQgL9IHT31q+kUlOFlPThbaNBXVhXUUY
I/xjOAwrpdvF4Rc+nxWFObqNuLZAEptcswmt8iWtFGSdARjElnYUxFcNWV8K7IZ1
QsoXfNGc+V9cbVtFdWOr6dGoozMdFWnUXqj7ud/mZxB+d+9e/IjLISAjodmidAd4
XBmYB+/FUf4seOG8FNVNXBgJf3xSt/Kya/gCNGcllPJe2TjwjauB/ib9RUdw7+/o
fbp6twENYHBwMPh4ZzdftP+Cnk2tXQ5V2C7AZkszIW5RO9TPMQgD4TGR+whiblmp
mPVFNscwEzhnC67hoGMB3+jGj/Nw6tEAL3EZcK6snJohOoqloqLCmolBHg3Yv5TT
lVnySyLlRP5ODKBz07nOcwGMl5EBat+k+agA+CWeDUlEgxRYx/Wwr9KeIEucBkGG
jkjKOBChRcLkrgyWv9rgXq0cM0QtQrxruCIVBUlnKurfcN6As8kBBU025zt5Hiot
eB8u6BTslM9K9HIr3S1+l21gL3f39QCWY58RV2NdSoOt+89mXjd+fJBf9RnO9v36
H2BKBfF2vII1iMALsqaxSID3bBpIjJLTwfshVFBialnmWzoNmFOe2b7EOs16x+Yx
jH6HzVSochnyjw6SMyDE
=JLKo
-----END PGP SIGNATURE-----

--- End Message ---