On Thu, Dec 13, 2012 at 12:00:33AM +1100, Alex Z wrote: > Peter Pentchev писал 2012-12-12 23:43: > >On Wed, Dec 12, 2012 at 10:50:49PM +1100, Alex Z wrote: > > > >The linking line that you pasted above is the one used to create the > >udpxy executable file, while Lintian complains about a file named > >udpxrec. Is udpxrec a separate program? If so, you should look > >at the > >way it is linked (find the link line in the log that generates a > >udpxreg > >executable, a line that contains something like '-o udpxrec'). > > > >If udpxrec is really the name that udpxy is installed as (or if it > >is a > >hardlink or something similar to udpxy), then the situation is a bit > >more complicated. Can you post your full build log? > > Sure, build log in attachment. JFYI, urpxrec is just a symlink to > udpxy. > dpkg-buildpackage -rfakeroot -D -us -uc > dpkg-buildpackage: source package udpxy > dpkg-buildpackage: source version 1.0.23-4 > dpkg-buildpackage: source changed by Alex 'AdUser' Z <ad_user@lavabit.com> > dpkg-source --before-build udpxy-1.0.23-4 > dpkg-buildpackage: host architecture i386 > dpkg-source: info: using options from udpxy-1.0.23-4/debian/source/options: --extend-diff-ignore=^util/mkdep$ > fakeroot debian/rules clean > dh clean > dh_testdir > dh_auto_clean > make[1]: Entering directory `/home/alex/assembly/udpxy/udpxy-1.0.23-4' > rm -f core.* core udpxy.dep udpxy.o sloop.o rparse.o util.o prbuf.o ifaddr.o ctx.o mkpg.o rtp.o uopt.o dpkt.o netop.o extrn.o main.o udpxrec.o udpxy udpxrec > make[1]: Leaving directory `/home/alex/assembly/udpxy/udpxy-1.0.23-4' > dh_clean > dpkg-source -b udpxy-1.0.23-4 > dpkg-source: info: using options from udpxy-1.0.23-4/debian/source/options: --extend-diff-ignore=^util/mkdep$ > dpkg-source: info: using source format `3.0 (quilt)' > dpkg-source: info: building udpxy using existing ./udpxy_1.0.23.orig.tar.gz > dpkg-source: info: building udpxy in udpxy_1.0.23-4.debian.tar.gz > dpkg-source: info: building udpxy in udpxy_1.0.23-4.dsc > debian/rules build > dh build > dh_testdir > dh_auto_configure > dh_auto_build > make[1]: Entering directory `/home/alex/assembly/udpxy/udpxy-1.0.23-4' > cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -MM udpxy.c sloop.c rparse.c util.c prbuf.c ifaddr.c ctx.c mkpg.c rtp.c uopt.c dpkt.c netop.c extrn.c main.c udpxrec.c > udpxy.dep This seems to be a "make depend" target - it uses all the hardening flags for the C preprocessor and, somewhat weirdly, all the hardening flags for the C compiler, too. But this is harmless :) > make[1]: Leaving directory `/home/alex/assembly/udpxy/udpxy-1.0.23-4' > make[1]: Entering directory `/home/alex/assembly/udpxy/udpxy-1.0.23-4' > -e > Making a [release] version (use 'debug' target as an alternative) > > make[2]: Entering directory `/home/alex/assembly/udpxy/udpxy-1.0.23-4' > cc -D_FORTIFY_SOURCE=2 -DUDPXREC_MOD -DNDEBUG -DTRACE_MODULE -c udpxy.c -o udpxy.o This is the actual build (compile) command. It passes the hardening flags for the C preprocessor (what would be in CPPFLAGS), but for some reason it does not have the hardening flags for the C compiler itself (what would be in CFLAGS, e.g. -fstack-protector and its ssp-buffer-size, also -Wformat and -Werror=format-security). My guess is that this is what Lintian complains about, and my guess is that something has gone wrong with setting the flags in your rules file or passing them down to the Makefile. [snip more compilation lines] > cc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wl,-z,relro -DUDPXREC_MOD -DNDEBUG -DTRACE_MODULE -o udpxy udpxy.o sloop.o rparse.o util.o prbuf.o ifaddr.o ctx.o mkpg.o rtp.o uopt.o dpkt.o netop.o extrn.o main.o udpxrec.o This is the linking command, it contains all the flags it should - even some more, but it really doesn't hurt in this case :) [snip installation of the generated udpxy executable as both /usr/bin/udpxy and /usr/bin/udpxyrec in the build staging area] > Now running lintian... > W: udpxy: hardening-no-fortify-functions usr/bin/udpxrec > W: udpxy: hardening-no-fortify-functions usr/bin/udpxy > Finished running lintian. > Now signing changes and any dsc files... > signfile udpxy_1.0.23-4.dsc Alex 'AdUser' Z <ad_user@lavabit.com> Yep, Lintian complains all right. Could you post the rules file that you used to get this result? Somehow I don't think that it is the rules file in the package that you uploaded to mentors.d.n today - *that* package doesn't want to build on my system, since the install step fails trying to install stuff into /usr/local instead of /usr :) G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@FreeBSD.org p.penchev@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 If I were you, who would be reading this sentence?
Attachment:
signature.asc
Description: Digital signature