Hi, Thanks for providing me the patch on python-gpiv! A few questions: It concerns a NMU upload. So I suggest the package should have entered in Debian/Sid. But I do not find a 2.0.0-4.1 version. Also, I do not find a bug report filed against this package, neither a "Closes: #667862" in your patch for debian/changelog.
Can you explain me how this NMU worls or give me a direction? Thanks, Gerber On Sat, 2012-04-07 at 09:51 +0300, jari.aa...@cante.net wrote: > Package: pygpiv > Severity: normal > Tags: patch > > Hi, > > The hardened build flags is one of the release goals of forthcoming > Debian releases. Number of security problems in the past have been > identified in packages that hadn't been fortified. For more > information, see: > > http://lists.debian.org/debian-devel-announce/2012/02/msg00016.html > http://lists.debian.org/debian-dpkg/2011/09/msg00013.html > http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags > > See attached patch to help to migrate to hardened flags. At the same > time I fixed items reported by Lintian and upgraded the package to the > latest tools and standards version. > > Thanks, > Jari > > differences between files attachment (0001-harden.patch) > From 4ef63ba55cee9fcce0ad0229e50284d63c73c0d0 Mon Sep 17 00:00:00 2001 > From: Jari Aalto <jari.aa...@cante.net> > Date: Sat, 7 Apr 2012 09:49:19 +0300 > Subject: [PATCH] harden > Organization: Private > Content-Type: text/plain; charset="utf-8" > Content-Transfer-Encoding: 8bit > > Signed-off-by: Jari Aalto <jari.aa...@cante.net> > --- > debian/README.source | 38 > -------------------- > debian/changelog | 11 ++++++ > debian/compat | 2 +- > debian/control | 4 +- > .../{01_python2.6.diff => 01_python2.6.patch} | 8 +--- > ...include.diff => 02_fix_multiarch_include.patch} | 8 +--- > debian/patches/series | 4 +- > debian/rules | 12 ++++++- > 8 files changed, 31 insertions(+), 56 deletions(-) > delete mode 100644 debian/README.source > rename debian/patches/{01_python2.6.diff => 01_python2.6.patch} (69%) > mode change 100755 => 100644 > rename debian/patches/{02_fix_multiarch_include.diff => > 02_fix_multiarch_include.patch} (82%) > mode change 100755 => 100644 > > diff --git a/debian/README.source b/debian/README.source > deleted file mode 100644 > index fc98b3d..0000000 > --- a/debian/README.source > +++ /dev/null > @@ -1,38 +0,0 @@ > -This package uses dpatch to manage all modifications to the upstream > -source. Changes are stored in the source package as diffs in > -debian/patches and applied during the build. > - > -To get the fully patched source after unpacking the source package, cd > -to the root level of the source package and run: > - > - debian/rules patch > - > -Removing a patch is as simple as removing its entry from the > -debian/patches/00list file, and please also remove the patch file > -itself. > - > -Creating a new patch is done with "dpatch-edit-patch patch XX_patchname" > -where you should replace XX with a new number and patchname with a > -descriptive shortname of the patch. You can then simply edit all the > -files your patch wants to edit, and then simply "exit 0" from the shell > -to actually create the patch file. > - > -To tweak an already existing patch, call "dpatch-edit-patch XX_patchname" > -and replace XX_patchname with the actual filename from debian/patches > -you want to use. > - > -To clean up afterwards again, "debian/rules unpatch" will do the > -work for you - or you can of course choose to call > -"fakeroot debian/rules clean" all together. > - > - > ---- > - > -this documentation is part of dpatch package, and may be used by > -packages using dpatch to comply with policy on README.source. This > -documentation is meant to be useful to users who are not proficient in > -dpatch in doing work with dpatch-based packages. Please send any > -improvements to the BTS of dpatch package. > - > -original text by Gerfried Fuchs, edited by Junichi Uekawa <dan...@debian.org> > -10 Aug 2008. > diff --git a/debian/changelog b/debian/changelog > index 5372b7f..7ed191b 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,14 @@ > +pygpiv (2.0.0-4.1) unstable; urgency=low > + > + * Non-maintainer upload. > + * Upgrade to packaging format "3.0 quilt". > + * Convert dpatch format *.diff files into DEP3, README.source not needed. > + * Update to Standards-Version to 3.9.3.1 and debhelper to 9. > + * Use hardened build flags and dh_prep in rules file > + http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags > + > + -- Jari Aalto <jari.aa...@cante.net> Sat, 07 Apr 2012 09:29:49 +0300 > + > pygpiv (2.0.0-4) unstable; urgency=low > > * Repairs python dependency on hdf5. > diff --git a/debian/compat b/debian/compat > index 1e8b314..ec63514 100644 > --- a/debian/compat > +++ b/debian/compat > @@ -1 +1 @@ > -6 > +9 > diff --git a/debian/control b/debian/control > index 22ba977..a4b8717 100644 > --- a/debian/control > +++ b/debian/control > @@ -3,9 +3,9 @@ Section: python > Priority: extra > Maintainer: Gerber van der Graaf <gerber_gr...@users.sourceforge.net> > X-Python-Version: >=2.7 > -Standards-Version: 3.9.2 > +Standards-Version: 3.9.3.1 > Homepage: http://libgpiv.sourceforge.net/pygpiv.html > -Build-Depends: debhelper (>= 6), python-all-dev (>= 2.6.6-3~), > +Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.1), python-all-dev (>= > 2.6.6-3~), > swig, libglib2.0-dev, libfftw3-dev, libgsl0-dev, > libhdf5-dev (>= 1.8.8), libnetpbm10-dev, libpng-dev, libgpiv3-dev > > diff --git a/debian/patches/01_python2.6.diff > b/debian/patches/01_python2.6.patch > old mode 100755 > new mode 100644 > similarity index 69% > rename from debian/patches/01_python2.6.diff > rename to debian/patches/01_python2.6.patch > index a93ed6a..1ae0bc0 > --- a/debian/patches/01_python2.6.diff > +++ b/debian/patches/01_python2.6.patch > @@ -1,10 +1,6 @@ > -#! /bin/sh /usr/share/dpatch/dpatch-run > -## python2.6.dpatch by <ger...@hamburg.upc.es> > -## > -## All lines beginning with `## DP:' are a description of the patch. > -## DP: No description. > +From: <ger...@hamburg.upc.es> > +Subject: No description. > > -@DPATCH@ > diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' > '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' > pygpiv-2.0.0~/pygpiv.i pygpiv-2.0.0/pygpiv.i > --- pygpiv-2.0.0~/pygpiv.i 2009-11-03 19:44:41.000000000 +0100 > +++ pygpiv-2.0.0/pygpiv.i 2010-03-02 15:50:22.000000000 +0100 > diff --git a/debian/patches/02_fix_multiarch_include.diff > b/debian/patches/02_fix_multiarch_include.patch > old mode 100755 > new mode 100644 > similarity index 82% > rename from debian/patches/02_fix_multiarch_include.diff > rename to debian/patches/02_fix_multiarch_include.patch > index 298daad..12a56cc > --- a/debian/patches/02_fix_multiarch_include.diff > +++ b/debian/patches/02_fix_multiarch_include.patch > @@ -1,10 +1,6 @@ > -#! /bin/sh /usr/share/dpatch/dpatch-run > -## 02_fix_multiarch_include.dpatch by Michael Terry <mte...@ubuntu.com> > -## > -## All lines beginning with `## DP:' are a description of the patch. > -## DP: Use pkg-config to find library needed for glib-2.0 > +From: Michael Terry <mte...@ubuntu.com> > +Subject: Use pkg-config to find library needed for glib-2.0 > > -@DPATCH@ > diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' > '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' > pygpiv~/setup.py pygpiv/setup.py > --- pygpiv~/setup.py 2011-07-05 11:19:59.000000000 -0400 > +++ pygpiv/setup.py 2011-07-05 11:20:43.348848694 -0400 > diff --git a/debian/patches/series b/debian/patches/series > index ba06f05..fcc8e12 100644 > --- a/debian/patches/series > +++ b/debian/patches/series > @@ -1,2 +1,2 @@ > -01_python2.6.diff > -02_fix_multiarch_include.diff > +01_python2.6.patch > +02_fix_multiarch_include.patch > diff --git a/debian/rules b/debian/rules > index a192652..bcb5ac6 100755 > --- a/debian/rules > +++ b/debian/rules > @@ -10,6 +10,14 @@ > #export DH_VERBOSE=1 > PREFIX := debian/python-gpiv/usr > > +# NOTE: Sources wonät compile with all hardening enabled: > +# export DEB_BUILD_MAINT_OPTIONS= hardening=+all > + > +DPKG_EXPORT_BUILDFLAGS = 1 > +include /usr/share/dpkg/buildflags.mk > + > +CFLAGS += -Wall > +LDFLAGS += -Wl,--as-needed > > clean: > dh_testdir > @@ -29,6 +37,8 @@ build-stamp: > dh_testdir > > # Add here commands to compile the package. > + CFLAGS="$(CFLAGS) $(CPPFLAGS)" \ > + LDFLAGS="$(LDFLAGS)" \ > python ./setup.py build -b debian/python-gpiv > touch $@ > > @@ -36,7 +46,7 @@ build-stamp: > install: build > dh_testdir > dh_testroot > - dh_clean -k > + dh_prep > > # Add here commands to install the package into debian/pygpiv. > python ./setup.py install --root=debian/python-gpiv
signature.asc
Description: This is a digitally signed message part
