Bug#712056: RFS: scantailor [ITP] -- interactive post-processing tool for scanned document pages

To: Mathieu Malaterre <malat@debian.org>, 712056@bugs.debian.org, Dmitry Smirnov <onlyjob@debian.org>
Subject: Bug#712056: RFS: scantailor [ITP] -- interactive post-processing tool for scanned document pages
From: Daniel Stender <daniel@danielstender.com>
Date: Tue, 18 Jun 2013 19:25:05 +0200
Message-id: <[🔎] 51C097F1.7010709@danielstender.com>
Reply-to: Daniel Stender <daniel@danielstender.com>, 712056@bugs.debian.org
In-reply-to: <[🔎] CA+7wUszxrSb7cPdA3AQB9uFvgmaUZPoe9ub+2UYdP0UuJtmfSQ@mail.gmail.com>
References: <[🔎] 51B8975E.1030700@danielstender.com> <[🔎] 201306131423.48854.onlyjob@member.fsf.org> <[🔎] 51BC854E.2080307@danielstender.com> <[🔎] 201306160220.01580.onlyjob@debian.org> <[🔎] CA+7wUszxrSb7cPdA3AQB9uFvgmaUZPoe9ub+2UYdP0UuJtmfSQ@mail.gmail.com>

1) buildflags.patch / build type

First of all, the patch works fine. Actually, after removing the forced variable overrides Cmake
recognizes already the standard environment build flags.

I've came across that Debhelper 20130504 was set to always switch to RelWithDebInfo build type
(#701233), which yes puts -DNDEBUG into building on current Sid (Debhelper 20130605) - are there
different opinions on that issue?

Dropping any custom switches (instead of addition of --as-needed linker flag) Scantailor on Sid for
now builds with the flags (CPP_FLAGS got injected into C_FLAGS since Debhelper 20120417, #653916):
-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security
-D_FORTIFY_SOURCE=2 -O2 -g -DNDEBUG

Please further discuss that.

2) hardening of scantailor-cli

As another issue remains that scantailor-cli still doesn't got fortified:

$ hardening-check scantailor-cli
scantailor-cli:
 Position Independent Executable: no, normal executable!
 Stack protected: yes
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: yes
 Immediate binding: no not found!

I'll get deeper into that issue.

Latest commit:
http://anonscm.debian.org/gitweb/?p=collab-maint/scantailor.git;a=commitdiff;h=e37cf9eecb8223e524958de150a897cfba28a9dd
build log: http://www.danielstender.com/uploads/scantailor_0.9.11.1-1_amd64.build

Much thanks for comments so far & greetings,
Daniel Stender

On 18.06.2013 15:15, Mathieu Malaterre wrote:
> On Sat, Jun 15, 2013 at 6:20 PM, Dmitry Smirnov <onlyjob@debian.org> wrote:
>> Build type is better to leave as "RELWITHDEBINFO". This might be
>> useful if you decide to provide -dbg package or just to (re-)build
>> with debugging info with command like
> 
> Technically RelWithDebInfo should not be used anymore with cmake from sid:
> 
> http://lists.debian.org/debian-devel/2013/06/msg00278.html
> 
> It now appends -DNDEBUG ... see #701231 for more info
> 
> 2cts

-- 
http://www.danielstender.com/blog/
GPG key ID: 1654BD9C

Reply to:

Follow-Ups:
- Bug#712056: RFS: scantailor [ITP] -- interactive post-processing tool for scanned document pages
  - From: Dmitry Smirnov <onlyjob@debian.org>

References:
- Bug#712056: RFS: scantailor [ITP] -- interactive post-processing tool for scanned document pages
  - From: Daniel Stender <daniel@danielstender.com>
- Bug#712056: RFS: scantailor [ITP] -- interactive post-processing tool for scanned document pages
  - From: Dmitry Smirnov <onlyjob@member.fsf.org>
- Bug#712056: RFS: scantailor [ITP] -- interactive post-processing tool for scanned document pages
  - From: Daniel Stender <daniel@danielstender.com>
- Bug#712056: RFS: scantailor [ITP] -- interactive post-processing tool for scanned document pages
  - From: Dmitry Smirnov <onlyjob@debian.org>
- Bug#712056: RFS: scantailor [ITP] -- interactive post-processing tool for scanned document pages
  - From: Mathieu Malaterre <malat@debian.org>

Prev by Date: Re: Enabling flags depending on buildd gcc version
Next by Date: Re: RFS: s3cmd python module
Previous by thread: Bug#712056: RFS: scantailor [ITP] -- interactive post-processing tool for scanned document pages
Next by thread: Bug#712056: RFS: scantailor [ITP] -- interactive post-processing tool for scanned document pages
Index(es):
- Date
- Thread