nhpf isn't built with $RPM_OPT_FLAGS. Fix: make CFLAG="$RPM_OPT_FLAGS"
Hi Ville, I have gone to the upstream website but it is all in Korean text that
I could not understand.
Could you kindly explain to me what your fix suggestion does?
I am wondering if upstream's latest release has fixed the above issue. If so, we
could just synchonize from there. Hence, would you be possible to confirm that?
I don't know a thing about nhpf nor do I speak/read Korean so I'm afraid I can't
help you with that.
About $RPM_OPT_FLAGS missing - practically the whole distro (and should be)
built with $RPM_OPT_FLAGS. Currently the stuff in this package ends up being
built eg. like:
cc -O -c nhpf.c
With the suggested fix in the initial comment, it becomes (on my x86_64 box):
cc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions \
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -c nhpf.c
So, without the fix, we get an unusual optimization level, no debug symbols
(resulting in useless debuginfo package, which is where I noticed this problem
from), no preprocessor source fortification, no extra buffer overflow detection
code etc - in other words quite a few features, some of which are security
related that users expect to get in Fedora packages are not present in this
package. Some further info is at
http://fedoraproject.org/wiki/Packaging/Debuginfo - although it's debuginfo
centric, there are some other points in it as well.
Hi Ville, I am checking with person in charged regarding modification permission.
Please check out the test patch:
The patch is not right, since it hardcodes the current value of RPM_OPT_FLAGS
into the Makefile. Instead, make should be called in the %build section as Ville
showed in the very first line of this bug:
Updated from comment #7. Please kindly recheck:
Spec file looks allright now, from cursory inspection.
Built to Rawhide.