Source: koko
Version: 23.08.3+ds.1-2
Severity: wishlist

Dear Maintainer,

During filing of #1066088, some build failures of the 'blhc'[1] test utility occurred on Salsa-CI[2]. These indicate that some compile-time security hardening flags may not be enabled when the binary package is compiled (the first failure mentioned in the logs relates to missing CPPFLAGS).

The Debian Wiki page[3] about package hardening includes some information relating to packages that use CMake, and this could be worth checking for guidance.

Thanks,
James

[1] - https://eriberto.pro.br/blog/2015/09/07/debian-how-to-use-blhc-to-solve-hardening-issues-when-packaging/

[2] - https://salsa.debian.org/jayaddison/koko/-/jobs/5435672

[3] - https://wiki.debian.org/Hardening#Notes_for_packages_using_CMake

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Source: koko
Followup-For: Bug #1066092
X-Debbugs-Cc: marco.mattiolo@hotmail.it
Control: tags -1 - fixed pending
Control: reassign -1 blhc
Control: severity -1 normal
Control: merge -1 1043522
Control: tags -1 fixed-upstream

Hi Marco,

On Sat, 16 Mar 2024 22:50:05 +0100, Marco wrote:

I believe this is not a bug in koko: can you please check the build log against blhc 0.14 (not yet in Debian)? Background is [1].

Thank you! You're absolutely correct. I rebuilt koko and ran both blhc 0.13 (from Debian) and also blhc 0.14 (from upstream) against the output of the dpkg-buildpackage build logs from that, and the results were:

* blhc 0.13 produced the error messages reported here and 8 as exit code.
* blhc 0.14 produced no output and 0 as exit code.

Reassigning and merging with bug #1043522 - thanks again.
James

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)