Alright, latest build of this package is up on mentors.debian.net: http://mentors.debian.net/package/capnproto
Noticed that my watch file has detected a new point release Kenton put out earlier today to work around that GCC compiler bug. Should I upgrade to the new release now? Or is it okay to follow up with a 0.2.1-1 build once 0.2.0-1 lands in unstable? Cheers, Tom On Mon, Aug 19, 2013 at 3:12 AM, Vincent Bernat <ber...@debian.org> wrote: > ❦ 19 août 2013 11:46 CEST, Tom Lee <deb...@tomlee.co> : > > >> The easiest way is to use Lintian (I use it with -viI). > >> > >> > > Odd, I don't see any warnings: > > > > tom@desktop:~/Source$ lintian -viI capnproto_0.2.0-1.dsc > > N: Using profile debian/main. > > N: Setting up lab in /tmp/temp-lintian-lab-q9W0nEVK6F ... > > N: Unpacking packages in group capnproto/0.2.0-1 > > N: ---- > > N: Processing source package capnproto (version 0.2.0-1, arch source) ... > > > > I also see what looks like hardening-related CXXFLAGS during the build. > > Stuff like this: > > > > -D_FORTIFY_SOURCE=2 -I./src -I./src -g -O2 -fPIE -fstack-protector > > --param=ssp-buffer-size=4 -Wformat -Werror=format-security > > > > The warning appears on mentors.debian.net: > > http://mentors.debian.net/package/capnproto > > > > Maybe related to this bug: > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673112#10 > > > > Based on this bug & assuming you can see the _FORTIFY_SOURCE etc. during > > your build I'd be inclined to add another override for this -- what do > you > > think? > > > > Weird I can't reproduce it locally. > > Try with "hardening-check" then: > /usr/bin/capnp: > Position Independent Executable: yes > Stack protected: yes > Fortify Source functions: no, only unprotected functions found! > Read-only relocations: yes > Immediate binding: yes > > The unprotected functions are getcwd() and memcpy(). > > In the bug you pointed, it seems that memcpy() can be left unprotected > when it is used in replacement of strcpy(). Maybe there is no other > issue with getcwd(). Since there is no use of other commonly protected > functions like *printf(), this should be a false positive. Therefore, > yes, add a lintian override. > > >> Well, you shouldn't get this warning. Maybe it was here because you were > >> build-depending on python-support? > >> > > > > Doesn't seem that way. From the control file: > > > > Build-Depends: debhelper (>= 8.0.0), gcc (>= 4.7), > > python-all (>= 2.6), dpkg-dev (>= 1.16.1.1), docbook-xsl, docbook-xml, > > xsltproc, autotools-dev > > > > Removed --with python2 from debian/rules and I see this near the end of > the > > build: > > > > ... > > dh_install > > dh_installdocs > > dh_installchangelogs > > dh_installman > > dh_pysupport > > dh_pysupport: This program is deprecated, you should use dh_python2 > > instead. Migration guide: http://deb.li/dhs2p > > Oh, OK. Just ignore this warning. dh_pysupport is just called because > you are using compat 8 and it is installed. > -- > Make your program read from top to bottom. > - The Elements of Programming Style (Kernighan & Plauger) > -- *Tom Lee */ http://tomlee.co / @tglee <http://twitter.com/tglee>