Source: pythonmagick Version: 0.9.7-1 Severity: normal User: debian...@lists.debian.org Usertags: hardening
pythonmagick fails to build with the hardening flags applied. The reason is a missing quote in m4/ax_boost_python.m4:66: CPPFLAGS=-I$PYTHON_INCLUDE_DIR $CPPFLAGS this leads to configure not finding the boost python library checking whether the Boost::Python library is available... ../../configure: line 15885: -D_FORTIFY_SOURCE=2: command not found no and a subsequent build failure due to an undefined variable later: /bin/bash ./libtool --tag=CXX --mode=link g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -DBOOST_PYTHON_DYNAMIC_LIB -avoid-version -module -L/usr/lib -Wl,-z,relro -o _PythonMagick.la -rpath /usr/lib/python2.7/dist-packages/PythonMagick pythonmagick_src/libpymagick.la helpers_src/libhelper.la -L/usr/lib -l -lMagick++ -lMagickCore libtool: link: g++ -fPIC -DPIC -shared -nostdlib /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/4.6/crtbeginS.o -Wl,--whole-archive pythonmagick_src/.libs/libpymagick.a helpers_src/.libs/libhelper.a -Wl,--no-whole-archive -L/usr/lib -l /usr/lib/libMagick++.so /usr/lib/libMagickCore.so -L/usr/lib/gcc/x86_64-linux-gnu/4.6 -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../.. -lstdc++ -lm -lc -lgcc_s /usr/lib/gcc/x86_64-linux-gnu/4.6/crtendS.o /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crtn.o -O2 -Wl,-z -Wl,relro -fopenmp -pthread -Wl,-soname -Wl,_PythonMagick.so -o .libs/_PythonMagick.so /usr/bin/ld: cannot find -l/usr/lib/libMagick++.so note the empty space after -l where boost_python should be. quoting the CPPFLAGS appears to fix the issue. The buildflags are not exported in debian, but can be enabled e.g. by adding this to debian/rules: DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk or setting debian/compat to 9 Please fix the issues and maybe also enable the hardened build in debian. [0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html
signature.asc
Description: OpenPGP digital signature