On Thu, Nov 02, 2017 at 06:35:47PM +0100, Innocent De Marchi wrote: > Hi Adam, > > Adding the qt5-default package in build-depends ... works. But this > does not like lintian ... > Now follow the lintian complaints (hardening-no-fortify-functions) but > the hardening flags are in the compilation (Well, for the lintian of > debian.mentors.net everything is correct). > I have uploaded the new compilation to debian.mentors.net.
The big one is: build-depends-on-metapackage build-depends: qt5-default. The wording is clear enough: you'd need to depend on qtbase5-dev instead. I don't fully understand why the severity of this warning is set so high, but then, I'm not a QT packager. As for hardening flags: There are two link commands that produce something named "fractalnow": one for a command-line tool, the link command is non-verbose: LD bin/fractalnow The other is: g++ -Wl,-O1 -o bin/qfractalnow objs/color_button.o objs/command_line.o objs/export_fractal_image_dialog.o objs/fractal_explorer.o objs/fractal_config_widget.o objs/fractal_rendering_widget.o objs/gradient_box.o objs/gradient_dialog.o objs/gradient_editor.o objs/gradient_label.o objs/help.o objs/hoverpoints.o objs/main_window.o objs/main.o objs/mpfr_spin_box.o objs/shade_widget.o objs/task_progress_dialog.o objs/qrc_qfractalnow.o objs/moc_color_button.o objs/moc_export_fractal_image_dialog.o objs/moc_fractal_config_widget.o objs/moc_fractal_explorer.o objs/moc_fractal_rendering_widget.o objs/moc_gradient_box.o objs/moc_gradient_dialog.o objs/moc_gradient_editor.o objs/moc_hoverpoints.o objs/moc_main_window.o objs/moc_mpfr_spin_box.o objs/moc_shade_widget.o -L../lib/bin -lfractalnow -lmpc -lmpfr -lgmp -lm -lQt5Widgets -lQt5Gui -lQt5Concurrent -lQt5Core -lGL -lpthread which indeed has no relro/bindnow. Likewise, looking at a random object: g++ -c -pipe -O2 -D_REENTRANT -Wall -W -fPIC -D__STDC_LIMIT_MACROS -D__STDC_FORMAT_MACROS -D_POSIX_C_SOURCE =200809L -D_ENABLE_MP_FLOATS -D_ENABLE_LDOUBLE_FLOATS -DQT_NO_DEBUG -DQT_WIDGETS_LIB -DQT_GUI_LIB -DQT_CONC URRENT_LIB -DQT_CORE_LIB -I. -I. -Iinclude -I../lib/include -isystem /usr/include/x86_64-linux-gnu/qt5 -isystem /usr/include/x86_64-linux-gnu/qt5/QtWidgets -isystem /usr/include/x86_64-linux-gnu/qt5/QtGui -isystem /usr/include/x86_64-linux-gnu/qt5/QtConcurrent -isystem /usr/include/x86_64-linux-gnu/qt5/QtCore -Imocs -isystem /usr/include/libdrm -I/usr/lib/x86_64-linux-gnu/qt5/mkspecs/linux-g++ -o objs/qrc_qfractalnow.o rcc/q rc_qfractalnow.cpp which has no -D_FORTIFY_SOURCE=2 nor -Werror=format-security. For a program that takes no untrusted input, though, hardening is only a wishlist concern. It would be nice to have it but it's not a show-stopper. Not passing hardening flags, though, mean the build fails to pass any other flag dpkg-buildflags might add in the future. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ Laws we want back: Poland, Dz.U. 1921 nr.30 poz.177 (also Dz.U. ⣾⠁⢰⠒⠀⣿⡁ 1920 nr.11 poz.61): Art.2: An official, guilty of accepting a gift ⢿⡄⠘⠷⠚⠋⠀ or another material benefit, or a promise thereof, [in matters ⠈⠳⣄⠀⠀⠀⠀ relevant to duties], shall be punished by death by shooting.
