[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#676803: marked as done (lintian: Please add a sanity check for .pc-introduced flags)

Your message dated Sun, 13 Jul 2014 19:04:21 +0000
with message-id <E1X6P4P-0001YK-L1@franck.debian.org>
and subject line Bug#676803: fixed in lintian 2.5.25
has caused the Debian Bug report #676803,
regarding lintian: Please add a sanity check for .pc-introduced flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
676803: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676803
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: lintian
Version: 2.5.8
Severity: wishlist

[#657699 is a special case of this]

Hi,

It would be useful to have a check for .pc (pkg-config) files
introducing flags they probably should not, like Cflags -O2, -g or
-DNDEBUG.

I went through all the .pc files in the current sid amd64 archive.
Here are some examples I consider suspicious:

Cflags field
============

Some "interesting" examples from the archive:

usr/lib/pkgconfig/omnithread3.pc:Cflags: -D__x86_64__ -D__linux__ -D__OSVERSION__=2 -I${includedir}

   * The first three look quite obviously bogus to me

usr/lib/pkgconfig/znc.pc:MODFLAGS=-g -DVERSION_EXTRA=\"+deb2\"  -D_FORTIFY_SOURCE=2 -O2 -Wall -W -Wno-unused-parameter -Woverloaded-virtual -Wshadow    -fvisibility=hidden -fPIC -DICONV_CONST=

   * Don't know how all these should be caught... But (almost?) all of
     these are something that I think shouldn't be there. Probably at
     least all -W*, -O*, -g* should trigger a warning, ditto for
     -D_FORTIFY_SOURCE=*? What about -fPIC and -fPIE?

usr/lib/pkgconfig/dolfin.pc:Cflags: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2  -frounding-math  -fopenmp -DDOLFIN_VERSION=\"1.0.0\" -DBOOST_UBLAS_NDEBUG -DHAS_SLEPC -DHAS_PETSC -DHAS_UMFPACK -DHAS_CHOLMOD -DHAS_SCOTCH -DHAS_CGAL -DHAS_ZLIB -DHAS_MPI -DMPICH_IGNORE_CXX_SEEK -DHAS_OPENMP -I${includedir} -I/usr/lib/openmpi/include/openmpi -I/usr/lib/openmpi/include -I/usr/lib/openmpi/include/openmpi -I/usr/lib/openmpi/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include/scotch -I/usr/include/suitesparse -I/usr/include/suitesparse -I/usr/lib/openmpi/include/openmpi -I/usr/lib/openmpi/include -I/usr/include/suitesparse -I/usr/include/scotch -I/usr/include/spooles -I/usr/include -I/usr/lib/petscdir/3.2/linux-gnu-c-opt/include -I/usr/lib/petscdir/3.2/include -I/usr/lib/slepcdir/3.2/include -I/usr/lib/slepcdir/3.2/linux-gnu-c-opt/include -I/usr/lib/slepcdir/3.2 -I/usr/include -I/usr/include -I/usr/include -I/usr/include/libxml2

   * -fstack-protector, --param=ssp-buffer-size=4, -frounding-math, probably -DHAS_*

usr/lib/pkgconfig/clam_core.pc:Cflags: -I${includedir} -DCLAM_FLOAT -DUSE_XERCES=1 -DCLAM_USE_XML -DCLAM_USE_XML -DUSE_LADSPA=1 -I/usr/local/include

   * -I/usr/local/* seems wrong

usr/lib/pkgconfig/scilab.pc:Cflags: -I${includedir} -lieee -lSM -lncurses -ltk8.4 -ltcl8.4 -ldl

   * having -l* in Cflags seems weird

usr/lib/pkgconfig/meep.pc:Cflags: -I${includedir}  -malign-double -march=core2

   * -march=core2 will probably make the result crash on some other archs

usr/lib/pkgconfig/libview.pc:Cflags: -I${includedir} @PACKAGE_CFLAGS@
usr/lib/pkgconfig/sfst-1.2.pc:Cflags: -I${includedir}/sfst-1.0 -I${libdir}/sfst-1.0/include @SFST_CFLAGS@

   * not sure what this does. There's no mention of PACKAGE_CFLAGS or
     SFST_CFLAGS anywhere else.

usr/lib/x86_64-linux-gnu/pkgconfig/opensaml.pc:Cflags: -I${includedir} -pthread -g -Wall -O2 -O2 -DNDEBUG

   * -DNDEBUG will surprise the user by making assertions not work

usr/lib/pkgconfig/libspatialindex.pc:Cflags: -I${includedir}/spatialindex -Wall -Wno-long-long -pedantic

   * -pedantic

usr/lib/pkgconfig/commoncpp.pc:Cflags:  -Wno-long-long -DNEW_STDCPP -pthread -fno-check-new -finline -fvisibility=hidden -DUCOMMON_VISIBILITY=1

   * at least -fno-check-new, -finline

usr/lib/pkgconfig/libhocr-gtk.pc:Cflags: -I@pkgincludedir@
usr/lib/pkgconfig/drizzle.pc:pkgincludedir=@pkgincludedir@

   * the latter is not used in Cflags, but might still be worth
     catching...

* Also, some .pc files include fields named CFlags (instead of Cflags)
  or some such. My impression is that the field name is case
  sensitive, so that may not do what is intended. I did not check
  this, though.

Some packages make automatic checking harder:

usr/lib/x86_64-linux-gnu/pkgconfig/volk.pc:LV_CXXFLAGS=
usr/lib/x86_64-linux-gnu/pkgconfig/volk.pc:Cflags: -I${includedir} ${LV_CXXFLAGS}

   * nothing wrong with this per se

usr/lib/pkgconfig/codeblocks.pc:Cflags: -I${includedir}/codeblocks \
usr/lib/pkgconfig/codeblocks.pc:                        -I${includedir}/codeblocks/tinyxml \
usr/lib/pkgconfig/codeblocks.pc:                        -I${includedir}/codeblocks/scripting/include \
usr/lib/pkgconfig/codeblocks.pc:                        -I${includedir}/codeblocks/scripting/bindings \

   * continued lines may also hide stuff from a dumb checker

Other fields
============

usr/lib/x86_64-linux-gnu/pkgconfig/libbt.pc:Libs: -L${libdir} -lbt -Wl,-z,relro -L/usr/lib -L/usr/local/lib  

   * -L/usr/local/lib

usr/share/doc/libopal-doc/examples/samples/opal.pc:Libs: -L/usr/local/src/pkg-voip/build-area/opal-3.10.4~dfsg/lib_linux_x86_64 -L${libdir} -lopal${suffix}

   * weird -L

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.4.0 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages lintian depends on:
ii  binutils                       2.22-6.1
ii  bzip2                          1.0.6-3
ii  diffstat                       1.55-3
ii  file                           5.11-1
ii  gettext                        0.18.1.1-9
ii  hardening-includes             2.1
ii  intltool-debian                0.35.0+20060710.1
ii  libapt-pkg-perl                0.1.26+b1
ii  libc-bin                       2.13-33
ii  libclass-accessor-perl         0.34-1
ii  libclone-perl                  0.31-1+b2
ii  libdpkg-perl                   1.16.4
ii  libemail-valid-perl            0.190-1
ii  libipc-run-perl                0.91-1
ii  libparse-debianchangelog-perl  1.2.0-1
ii  libtimedate-perl               1.2000-1
ii  liburi-perl                    1.60-1
ii  locales                        2.13-33
ii  locales-all [locales]          2.13-33
ii  man-db                         2.6.1-2
ii  patchutils                     0.3.2-1.1
ii  perl [libdigest-sha-perl]      5.14.2-11
ii  unzip                          6.0-6

lintian recommends no packages.

Versions of packages lintian suggests:
ii  binutils-multiarch     2.22-6.1
ii  dpkg-dev               1.16.4
ii  libhtml-parser-perl    3.69-2
ii  libtext-template-perl  1.45-2
ii  man-db                 2.6.1-2
ii  xz-utils               5.1.1alpha+20110809-3

-- no debconf information

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Source: lintian
Source-Version: 2.5.25

We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 676803@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niels Thykier <niels@thykier.net> (supplier of updated lintian package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 13 Jul 2014 20:36:30 +0200
Source: lintian
Binary: lintian
Architecture: source all
Version: 2.5.25
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Niels Thykier <niels@thykier.net>
Description:
 lintian    - Debian package checker
Closes: 539225 653910 657699 660797 676803 741346 745152 747266 752229 752611 753077 753165 753970
Changes:
 lintian (2.5.25) unstable; urgency=medium
 .
   * Summary of tag changes:
     + Added:
       - capitalization-error-in-description-synopsis
       - incorrect-naming-of-pkcs11-module
       - package-contains-thumbnails-dir
       - pkg-config-bad-directive
       - source-contains-prebuilt-ms-help-file
       - spelling-error-in-description-synopsis
 .
   * checks/*.desc:
     + [NT] Replaced "index" with "unpacked" in Needs-Info.
   * checks/cruft.{desc,pm}:
     + [BR] Add a forgotten return statement, and avoid
       false positive for deployJava.js (Closes: #745152).
     + [BR] Fix another false positive in GFDL detection.
     + [BR] Use whitelist for know good RFC (Closes: #753970).
     + [BR]  Detect and warn about *.chm file
       (MS Windows HtmlHelp Data).  (Closes: #653910).
   * checks/description.{desc,pm}:
     + [NT] Apply patch from Anders Jonsson to check spelling
       of the package synopsis.  (Closes: #747266)
   * checks/files.{desc,pm}:
     + [RG,NT] Check for invalid named p11-kit modules in
       /usr/share/p11-kit modules.  (Closes: #741346)
     + [BR] Detect cross architecture pkg-config file.
       (Closes: #539225).
     + [BR] Add a sanity check for pkg-config files.
       (Closes: #676803, #657699).
     + [BR] Detect .thumbnails dir (Closes: #660797).
 .
   * collection/*.desc:
     + [NT] Replace "index" with "unpacked" in Needs-Info.
   * collection/index{,.desc}:
     + [NT] Removed file.
   * collection/unpacked{,.desc}:
     + [NT] Have unpacked create indices when the package is
       being unpacked.  This is done using a pipeline to avoid
       decompressing the data.tar file multiple times.
 .
   * data/cruft/missing-dir-search-path:
     + [BR] Close false positive for mathjax, search under
       /unpacked.
     + [BR] Fix another false positive for emscripten.
   * data/cruft/warn-file-type:
     + [BR] add yc suffix for detecting javascript
       source-is-missing and improve test suite. Fix a
       false postive in libdevel-nytprof-perl.
   * data/files/js-libraries:
     + [NT] Apply patch from Marcelo Jorge Vieira to correct
       a regular expression for finding embedded copies of
       libjs-jquery-history.  (Closes: #753077)
   * data/init.d/virtual_facilities:
     + [NT] Apply patch from Guillem Jover to fix a typo.
   * data/scripts/interpreters:
     + [NT] The texlua binary is now provided by
       texlive-binaries (>= 2014.20140512.33982) instead of
       luatex.  Thanks to Norbert Preining for reporting this.
       (Closes: #752611)
   * data/symlinks/well-known-symlinks-target:
     + [NT] Apply patch from Guillem Jover to fix a typo in
       a regex.  (Closes: #752229)
 .
   * debian/control:
     + [NT] Add Breaks/Replaces for funny-manpages due to a
       bug in funny-manpages before 1.3-5.1.  Thanks to Adrian
       Bunk for reporting.  (Closes: #753165)
 .
   * lib/Lintian/Collect{,/*}.pm:
     + [NT] Replace "index" with "unpacked" in Needs-Info
       requirements.
 .
   * reporting/config:
     + [NT] Remove "$statistics_file" from the sample config.
   * reporting/harness:
     + [NT] Set the state cache to 0644 after creating it.
   * reporting/html_reports:
     + [NT] Move the statistics file to the harness state cache
       dir.  It only contains information about the last run and
       is re-generated as needed.  If the file exists, it will
       be moved to its new location if possible.
Checksums-Sha1:
 8faf51a040906409a22090e7731e4ad862399535 2693 lintian_2.5.25.dsc
 7f78f5521afd4851bc36945dd58a95f9ee962d18 1181140 lintian_2.5.25.tar.xz
 fa31356ef160e9e44f1c9d09cb37c3c7ff1f7e3f 767392 lintian_2.5.25_all.deb
Checksums-Sha256:
 67a662a4225e610ce56016d7824cca00f4fc5686d4a084b205eafff0c8fb20fd 2693 lintian_2.5.25.dsc
 7700ee806c353f2a91b5134d7d1f8871d2571bdf08f8d0d11763765dd9adb56c 1181140 lintian_2.5.25.tar.xz
 1f1d744f15c5ebc5979a3a66c05a378c5a633b32473658504fb613e93932ceb0 767392 lintian_2.5.25_all.deb
Files:
 e83ca86db4325c2a58044fb792a2175c 767392 devel optional lintian_2.5.25_all.deb
 02633ef24ff6eb1a026fc269ac8ebbaf 2693 devel optional lintian_2.5.25.dsc
 09f080d8d112f9fe6ef9bd64f686a243 1181140 devel optional lintian_2.5.25.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTwtYbAAoJEAVLu599gGRC82EP/jExAvQKTH0bgCBaWzAZXIkg
lb/5pvh7NGfJLQ3m7oqdt//1caPomwqDgJou7j/GpzHulhjdLKOgjlTH3Dd35K2r
r6kFjfmF0JjZXvhHdZMO5JDhMLwQNMEjAhPa4EtNCsmvOHPG2O55QAb7xDYSL3gY
pQMVRT///itg/JSBp/LurGa37RT0CDg+0GT/QIQkabb/Ob1tWmy0YSLz6hj3BTh5
kE+Ohprsr63vAk9qi35D7MsX3WTosXORRDKavZgrViXSNhdhmFTdBLmeq0qAiWgQ
iyCDiCohT2gZmWhdaKQyA2XlbxMDKF3VH2uzCR7X8PDnAtlbTW5vkPOi7c6CsIL9
HkbdB5aLedY0QBEpI2nz2u37+kBbYgMxSqeqPDYEkBcMbCw2VUQgESOA2ZTnVpFT
I0yJFPb2bCsMrSl71g90AKsF9fbVmahtp6v66BzojzN7eznO16RDzFQ7nDjlajUu
towmP7MyMAQJgig+yTYpYpnhBOfZXwI7RNLpSmkxgzbBiJTZ+L+VEqy1jDe4TKjH
bkxw+JnZj7NZoc/HGgN9UB30/oBClTpF8e9dEjvmunYEcC8MXXd5eKiimSXCh4Z4
LOP/+LapirzJ+u7AhNsHbU78FPmyuQwZJEB4t3qQCXxJ3uHYF7eEeVlGgS+TLt2d
vDEbVvlnKyH7ApNdlJH1
=4Gha
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: