[dpkg] 97/192: man: Clarify that sanitize options should not be used for production builds
Ximin Luo
infinity0 at debian.org
Tue Oct 17 11:04:05 UTC 2017
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch pu/reproducible_builds
in repository dpkg.
commit e6171e188e7c1fc7cfc9f159fe55abba7a1d128a
Author: Guillem Jover <guillem at debian.org>
Date: Tue Sep 5 03:27:31 2017 +0200
man: Clarify that sanitize options should not be used for production builds
Ref: http://www.openwall.com/lists/oss-security/2016/02/17/9
---
debian/changelog | 1 +
man/dpkg-buildflags.man | 3 +++
2 files changed, 4 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index edd91e1..ebcda42 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -53,6 +53,7 @@ dpkg (1.19.0) UNRELEASED; urgency=medium
- Document that trailing commas are valid in debian/control dependency
fields, which get stripped when generating output files.
Prompted by Mattia Rizzolo <mattia at debian.org>.
+ - Clarify that sanitize options should not be used for production builds.
* Code internals:
- Switch perl code to use -> operator for function variables.
* Build system:
diff --git a/man/dpkg-buildflags.man b/man/dpkg-buildflags.man
index 60f67a5..3b5d5ba 100644
--- a/man/dpkg-buildflags.man
+++ b/man/dpkg-buildflags.man
@@ -242,6 +242,9 @@ to \fB\-D__DEB_CANARY_\fP\fIflag\fP_\fIrandom-id\fP\fB__\fP, and
Several compile-time options (detailed below) can be used to help sanitize
a resulting binary against memory corruptions, memory leaks, use after free,
threading data races and undefined behavior bugs.
+\fBNote\fP: these options should \fBnot\fP be used for production builds
+as they can reduce reliability for conformant code, reduce security or
+even functionality.
.TP
.B address
This setting (disabled by default) adds \fB\-fsanitize=address\fP to
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list