Bug#824489: RFS: dwarfutils/20160507-1 [ITA] -- utility and library to work with DWARF debug information
control: owner -1 !
control: tags -1 moreinfo
Hi, I tried my best to do a full review, I was sure I was able to find something to
whine about, and I mostly failed.
I have to admit I really like the shape of your rework!
just two questions prior to sponsor:
1) why an empty dh_install override?
2) why exporting fPIC manually?
I think hardening rules should already do that
https://wiki.debian.org/Hardening
I admit I'm impressed by the quality of your work!
for 2)
you might consider this patch
--- dwarfutils-20160507.orig/configure.in
+++ dwarfutils-20160507/configure.in
@@ -9,6 +9,8 @@ AC_PROG_INSTALL
AC_CHECK_TOOL(RANLIB, ranlib, :)
AC_CHECK_TOOL(AR, ar)
+AC_SUBST(dwfpic,[-fPIC])
+
dnl libdwarf default-disabled shared
shrd=''
AC_ARG_ENABLE(shared,AC_HELP_STRING([--enable-shared],
but the question is: there is already fPIE injected during the build, are you sure fPIC isn't
redundant useless?
(note: I think fPIC is for libraries, and fPIE for binaries, I'm not sure about static libraries).
thanks for your work!
Gianfranco
Il Lunedì 16 Maggio 2016 18:45, Fabian Wolff <fabi.wolff@arcor.de> ha scritto:
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "dwarfutils", which is
currently orphaned and which I would like to adopt.
* Package name : dwarfutils
Version : 20160507-1
Upstream Author : David Anderson
* URL : https://www.prevanders.net/dwarf.html
License : GPL-2, LGPL-2.1, BSD-3-clause, BSD-2-clause
Section : libs
It builds those binary packages:
dwarfdump - utility to dump DWARF debug information from ELF objects
libdwarf-dev - library to consume and produce DWARF debug information
To access further information about this package, please visit the following URL:
https://mentors.debian.net/package/dwarfutils
Alternatively, one can download the package with dget using this command:
dget -x https://mentors.debian.net/debian/pool/main/d/dwarfutils/dwarfutils_20160507-1.dsc
Changes since the last upload:
* New Maintainer (Closes: #822614).
* New upstream release (Closes: #822154, #811817, #681748).
- Fixes CVE-2016-2091 (Closes: #813148).
- Fixes CVE-2015-8750 (Closes: #813182).
- Fixes CVE-2015-8538 (Closes: #807817).
* Upgrade to source format 3.0 (quilt).
* Upgrade to Standards version 3.9.8.
* Clean up debian/rules.
* Improve long description of dwarfdump (Closes: #659319).
* Perform complete copyright review.
* Update patches to DEP-3 format.
* Add doc-base file for libdwarf-dev.
* Compile with -fPIC.
Regards,
Fabian Wolff
Reply to: