1) buildflags.patch / build type First of all, the patch works fine. Actually, after removing the forced variable overrides Cmake recognizes already the standard environment build flags.
I've came across that Debhelper 20130504 was set to always switch to RelWithDebInfo build type (#701233), which yes puts -DNDEBUG into building on current Sid (Debhelper 20130605) - are there different opinions on that issue? Dropping any custom switches (instead of addition of --as-needed linker flag) Scantailor on Sid for now builds with the flags (CPP_FLAGS got injected into C_FLAGS since Debhelper 20120417, #653916): -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -O2 -g -DNDEBUG Please further discuss that. 2) hardening of scantailor-cli As another issue remains that scantailor-cli still doesn't got fortified: $ hardening-check scantailor-cli scantailor-cli: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: no, only unprotected functions found! Read-only relocations: yes Immediate binding: no not found! I'll get deeper into that issue. Latest commit: http://anonscm.debian.org/gitweb/?p=collab-maint/scantailor.git;a=commitdiff;h=e37cf9eecb8223e524958de150a897cfba28a9dd build log: http://www.danielstender.com/uploads/scantailor_0.9.11.1-1_amd64.build Much thanks for comments so far & greetings, Daniel Stender On 18.06.2013 15:15, Mathieu Malaterre wrote: > On Sat, Jun 15, 2013 at 6:20 PM, Dmitry Smirnov <only...@debian.org> wrote: >> Build type is better to leave as "RELWITHDEBINFO". This might be >> useful if you decide to provide -dbg package or just to (re-)build >> with debugging info with command like > > Technically RelWithDebInfo should not be used anymore with cmake from sid: > > http://lists.debian.org/debian-devel/2013/06/msg00278.html > > It now appends -DNDEBUG ... see #701231 for more info > > 2cts -- http://www.danielstender.com/blog/ GPG key ID: 1654BD9C -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org