Bug#898534: RFS: ftp.app/0.6-2 [RC]

To: Yavor Doganov <yavor@gnu.org>
Cc: 898534@bugs.debian.org
Subject: Bug#898534: RFS: ftp.app/0.6-2 [RC]
From: Peter Pentchev <roam@ringlet.net>
Date: Thu, 24 May 2018 16:46:06 +0300
Message-id: <[🔎] 20180524134606.GG29870@office.storpool.com>
Reply-to: Peter Pentchev <roam@ringlet.net>, 898534@bugs.debian.org
In-reply-to: <[🔎] 20180524130543.GF29870@office.storpool.com>
References: <[🔎] 87d0y0gepu.fsf@yavor.doganov.org> <[🔎] 87d0y0gepu.fsf@yavor.doganov.org> <[🔎] 20180524130543.GF29870@office.storpool.com> <[🔎] 87d0y0gepu.fsf@yavor.doganov.org>

On Thu, May 24, 2018 at 04:05:43PM +0300, Peter Pentchev wrote:
> On Sun, May 13, 2018 at 11:08:29AM +0300, Yavor Doganov wrote:
> > Package: sponsorship-requests
> > Severity: important
> > 
> > Dear mentors,
> > 
> > I am looking for a sponsor for my package "ftp.app".
> > 
> >  * Package name    : ftp.app
> >    Version         : 0.6-2
> [snip]
> > Changes since the last upload:
> > 
> >   * Team upload.
> >   * debian/compat: Bump to 11.
> >   * debian/rules: Rewrite for modern dh.  Don't convert/install the .xpm
> >     icon (Closes: #897524).  Use standard variables; enable all hardening.
> 
> So two things here, both minor, although the optim one might be good to fix:
> 
> - you left a mention of $(optim) on the dh_auto_build line, although this
>   variable is no longer defined in the rules file.  This means that it is
>   1) not needed, and 2) potentially dangerous, since it might introduce weird
>   compiler flags if it happens to be defined in the environment

So I just took a more careful look at /usr/share/GNUstep/debian/config.mk
and "optim" seems to be conditionally defined there.  OK, forget this one,
sorry about that.  Would you like me to upload the package now and sort out
the hardened functions later, if it is even possible to handle with ObjC?

> - I see that you did indeed active the hardening=+all build flags, yet Lintian
>   (at least version 2.5.88) still complains about the "FTP" executable file
>   using non-hardened functions from libc, and indeed a `nm -aoD | fgrep -we U`
>   does show calls to fread and recv.  I don't know if some special flags need
>   to be passed to the Objective C compiler to make it use the hardened variants
>   or if it is even possible; I have next to no experience with Objective C,
>   although it has long been on my list of things to check out some day :)
> 
> I can upload this package as-is and leave these items for a later upload;
> would you like me to do that?

G'luck,
Peter

-- 
Peter Pentchev  roam@{ringlet.net,debian.org,FreeBSD.org} pp@storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Bug#898534: RFS: ftp.app/0.6-2 [RC]
  - From: Yavor Doganov <yavor@gnu.org>
- Bug#898534: RFS: ftp.app/0.6-2 [RC]
  - From: Peter Pentchev <roam@ringlet.net>

Prev by Date: Bug#898534: RFS: ftp.app/0.6-2 [RC]
Next by Date: Bug#898403: marked as done (RFS: batmon.app/0.9-2 [RC])
Previous by thread: Bug#898534: RFS: ftp.app/0.6-2 [RC]
Next by thread: Bug#898534: RFS: ftp.app/0.6-2 [RC]
Index(es):
- Date
- Thread