Package: jackd2 Version: 1.9.10+20140610git97e0e80b~dfsg-1 Severity: important Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu utopic ubuntu-patch
The jackd2 package in Debian unstable does not properly pass dpkg-buildflags values to waf. As a result, the package is built without optimizations (-O2), has no debugging symbols available at build time (-g), and doesn't use any of the hardening flags that are exported by dpkg-buildflags by default on Debian. The first two of these are violation of a policy "should" (10.1), the last is bad for the security of the package. The attached patch is a minimally-invasive fix for this, which uses DEB_MAKE_EXTRA_ARGS to pass the variables to waf. However, waf is not make, so this isn't strictly correct. There is a waf class in cdbs (available since cdbs 0.4.90); I don't know why you're not using it, perhaps you want to switch to using that instead. I would offer a patch to convert the package to dh(1), but considering the contents of the Uploaders field I suspect it would not be accepted. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
=== modified file 'debian/rules' --- debian/rules 2013-03-06 14:44:55 +0000 +++ debian/rules 2014-07-27 05:31:57 +0000 @@ -1,5 +1,9 @@ #!/usr/bin/make -f +# Let's try to cut down noisy symbols to the official API +export DEB_CFLAGS_MAINT_APPEND = -fvisibility=hidden +export DEB_CXXFLAGS_MAINT_APPEND = -fvisibility=hidden + -include /usr/share/cdbs/1/rules/upstream-tarball.mk -include /usr/share/cdbs/1/rules/utils.mk include /usr/share/cdbs/1/rules/debhelper.mk @@ -35,16 +39,12 @@ # Minimum assured version referenced upstream as library API/ABI ABI = 0.118.0 -# Let's try to cut down noisy symbols to the official API -CFLAGS += -fvisibility=hidden -CXXFLAGS += -fvisibility=hidden - waf-configure-options = --prefix=/usr --classic waf-configure-options += --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) waf-configure-options += $(if $(filter linux,$(DEB_HOST_ARCH_OS)),--alsa --dbus) waf-configure-options += $(if $(filter amd64 i386 powerpc,$(DEB_HOST_ARCH)),--firewire) -DEB_MAKE_INVOKE = ./waf-light -v --destdir=$(CURDIR)/debian/tmp +DEB_MAKE_INVOKE = $(DEB_MAKE_EXTRA_ARGS) ./waf-light -v --destdir=$(CURDIR)/debian/tmp DEB_MAKE_INSTALL_TARGET = install # TODO: use distclean and drop related clean target, when (or if) @@ -75,7 +75,7 @@ common-configure-impl:: debian/stamp-waf-configure debian/stamp-waf-configure: chmod +x ./waf-light - ./waf-light configure $(waf-configure-options) + $(DEB_MAKE_EXTRA_ARGS) ./waf-light configure $(waf-configure-options) touch $@ clean:: rm -f debian/stamp-waf-configure
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
