[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

MIA upload

Hello,

I've uploaded the MIA package to git.debian.org/git/debian-med/mia.git
This package provides real image processing funcionality and is the biggest package I'm currently preparing. i.e. this is the one that should probably end up in on of the tasks files.
To compile you need the latest Debian unstable, because it requires libvistaio-dev, which was just uploaded, and libnlopt-dev (>= 2.3) that was also only uploaded two days ago (main reason for this dependency is that it fixes #695659). 

Currently, the package has two lintian-overrides:

 * package-name-doesnt-match-soname
After some consideration I decided that it really doesn't make much sense to split the librraies into different packages: MIA uses plug-ins and command line program - and lots of them, Splitting the libraries would mean sorting out which plug-in /command line program requires which library in the *.install files. To make this without specifying each file separately would require rethinking the whole module naming scheme, and this is something I wouldn't want to do right now. 

* hardening-no-fortify-functions
Initially this error actually made me fix the compilation flags, but there are still a lot warnings left. 

Most of them are memset, memcpy, and memmove, and according to
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673112
they should probably ignored.

I also get warnings about fgets and fread.
All modules and programs are compiled with the same compiler flags, and doing a "hardening-check --verbose" over all modules showed mixed results like 

 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
        unprotected: fgets
        unprotected: fread
        protected: fprintf
 Read-only relocations: yes
 Immediate binding: no, not found!
which would suggest that the flags are probably correct, only the compiler doesn't emit the fortified functions in some cases (i.e. when it can see that a buffer overflow is not possible). 

With "lintian -I" I also get the no-symbol-control-file message.

---
I have one patches that I don't want to include into the original tarball: remove the GENERATE_TREEVIEW in the Doxygen docu - this makes it save to use the libjs-jquery library. 

---
To strip the non-standard *.mia I worked around dh_strip
(see bug #35733) by using a script that first makes all *.mia executable, then strip and then remove the executable flag again. 

---
Since I integrated the changes needed to satisfy lintian, I created a new upstream version. Should I update the ITP bug? 

Best
Gert
Reply to: