[debhelper-devel] Bug#742701: [buildd-tools-devel] Bug#742701: Bug#742701: package built without _FORTIFY_SOURCE=2, debhelper or schroot issue?

Matthias Klose doko at debian.org
Wed Mar 26 17:00:59 UTC 2014 

Am 26.03.2014 17:30, schrieb Roger Leigh:
> On Wed, Mar 26, 2014 at 04:01:14PM +0000, Roger Leigh wrote:
>> On Wed, Mar 26, 2014 at 03:01:37PM +0100, Matthias Klose wrote:
>>> Package: debhelper,schroot
>>> Severity: important
>>>
>>> seen in unstable, according to
>>> http://qa.debian.org/bls/packages/s/schroot.html
>>> https://buildd.debian.org/status/fetch.php?pkg=schroot&arch=i386&ver=1.6.8-1&stamp=1388837978
>>>
>>>   - schroot 1.6.8-1 sets debian/compat to 9
>>>   - schroot sets DH_OPTIONS = --buildsystem=cmake
>>>
>>> but CPPFLAGS are not appended to CFLAGS/CXXFLAGS as mentioned in
>>> #668813. exporting DH_OPTIONS doesn't help either.
>>>
>>> if you're not overwriting things like in korundum, appending the
>>> CPPFLAGS seems to work. can't see what to fix in schroot.
>>
>> Should simply be a matter of appending CPPFLAGS to CXXFLAGS?
>>
>>  From the description, #668813 sets CFLAGS, but doesn't mention
>> CXXFLAGS--maybe it just needs updating to set both?
>
> I checked the debhelper change, and it does set CXXFLAGS.  Looking at e.g.
> https://buildd.debian.org/status/fetch.php?pkg=schroot&arch=powerpc&ver=1.6.8-1&stamp=1388838030:
>
>    -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security
>
> are being added.  So at least some options are being set automatically.
> Is _FORTIFY_SOURCE passed using a different mechanism or a different variable?
> Or do I need to take some additional measure to explicitly enable it?

yes, it is passed in CPPFLAGS and supposed to be appended in both CFLAGS and 
CXXFLAGS.

/usr/share/perl5/Debian/Debhelper/Buildsystem/cmake.pm has:

         # CMake doesn't respect CPPFLAGS, see #653916.
         if ($ENV{CPPFLAGS} && ! compat(8)) {
                 $ENV{CFLAGS}   .= ' ' . $ENV{CPPFLAGS};
                 $ENV{CXXFLAGS} .= ' ' . $ENV{CPPFLAGS};
         }

but I can't figure out why it is not called.

More information about the debhelper-devel mailing list