[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#824489: RFS: dwarfutils/20160507-1 [ITA] -- utility and library to work with DWARF debug information

control: owner -1 !

control: tags -1 moreinfo

Hi, I tried my best to do a full review, I was sure I was able to find something to

whine about, and I mostly failed.


I have to admit I really like the shape of your rework!

just two questions prior to sponsor:

1) why an empty dh_install override?

2) why exporting fPIC manually?

I think hardening rules should already do that

https://wiki.debian.org/Hardening

I admit I'm impressed by the quality of your work!

for 2)

you might consider this patch

--- dwarfutils-20160507.orig/configure.in
+++ dwarfutils-20160507/configure.in
@@ -9,6 +9,8 @@ AC_PROG_INSTALL
AC_CHECK_TOOL(RANLIB, ranlib, :)
AC_CHECK_TOOL(AR, ar)

+AC_SUBST(dwfpic,[-fPIC])
+
dnl libdwarf default-disabled shared
shrd=''
AC_ARG_ENABLE(shared,AC_HELP_STRING([--enable-shared],

but the question is: there is already fPIE injected during the build, are you sure fPIC isn't

redundant useless?

(note: I think fPIC is for libraries, and fPIE for binaries, I'm not sure about static libraries).

thanks for your work!

Gianfranco



Il Lunedì 16 Maggio 2016 18:45, Fabian Wolff <fabi.wolff@arcor.de> ha scritto:
Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "dwarfutils", which is
currently orphaned and which I would like to adopt.

* Package name    : dwarfutils
Version        : 20160507-1
Upstream Author : David Anderson
* URL            : https://www.prevanders.net/dwarf.html
License        : GPL-2, LGPL-2.1, BSD-3-clause, BSD-2-clause
Section        : libs

It builds those binary packages:

dwarfdump - utility to dump DWARF debug information from ELF objects
libdwarf-dev - library to consume and produce DWARF debug information

To access further information about this package, please visit the following URL:

https://mentors.debian.net/package/dwarfutils

Alternatively, one can download the package with dget using this command:

dget -x https://mentors.debian.net/debian/pool/main/d/dwarfutils/dwarfutils_20160507-1.dsc

Changes since the last upload:

* New Maintainer (Closes: #822614).
* New upstream release (Closes: #822154, #811817, #681748).
- Fixes CVE-2016-2091 (Closes: #813148).
- Fixes CVE-2015-8750 (Closes: #813182).
- Fixes CVE-2015-8538 (Closes: #807817).
* Upgrade to source format 3.0 (quilt).
* Upgrade to Standards version 3.9.8.
* Clean up debian/rules.
* Improve long description of dwarfdump (Closes: #659319).
* Perform complete copyright review.
* Update patches to DEP-3 format.
* Add doc-base file for libdwarf-dev.
* Compile with -fPIC.

Regards,
Fabian Wolff
Reply to: