Bug 249975 - nhpf not built with $RPM_OPT_FLAGS
nhpf not built with $RPM_OPT_FLAGS
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: nhpf (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Caius Chance
Fedora Extras Quality Assurance
: EasyFix, i18n
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-28 16:27 EDT by Ville Skyttä
Modified: 2007-11-30 17:12 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-25 03:00:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ville Skyttä 2007-07-28 16:27:07 EDT
nhpf isn't built with $RPM_OPT_FLAGS.  Fix: make CFLAG="$RPM_OPT_FLAGS"
Comment 1 Caius Chance 2007-08-07 22:36:22 EDT
Hi Ville, I have gone to the upstream website but it is all in Korean text that
I could not understand.

Could you kindly explain to me what your fix suggestion does?

I am wondering if upstream's latest release has fixed the above issue. If so, we
could just synchonize from there. Hence, would you be possible to confirm that?
Comment 2 Ville Skyttä 2007-08-09 16:31:28 EDT
I don't know a thing about nhpf nor do I speak/read Korean so I'm afraid I can't
help you with that.

About $RPM_OPT_FLAGS missing - practically the whole distro (and should be)
built with $RPM_OPT_FLAGS.  Currently the stuff in this package ends up being
built eg. like:

  cc -O -c nhpf.c

With the suggested fix in the initial comment, it becomes (on my x86_64 box):

  cc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions \
    -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -c nhpf.c

So, without the fix, we get an unusual optimization level, no debug symbols
(resulting in useless debuginfo package, which is where I noticed this problem
from), no preprocessor source fortification, no extra buffer overflow detection
code etc - in other words quite a few features, some of which are security
related that users expect to get in Fedora packages are not present in this
package.  Some further info is at
http://fedoraproject.org/wiki/Packaging/Debuginfo - although it's debuginfo
centric, there are some other points in it as well.
Comment 3 Caius Chance 2007-08-15 21:11:17 EDT
Hi Ville, I am checking with person in charged regarding modification permission. 
Comment 7 Matthias Clasen 2007-09-24 20:37:54 EDT
The patch is not right, since it hardcodes the current value of RPM_OPT_FLAGS
into the Makefile. Instead, make should be called in the %build section as Ville
showed in the very first line of this bug:

make CFLAG="$RPM_OPT_FLAGS"
Comment 9 Matthias Clasen 2007-09-24 21:16:44 EDT
Spec file looks allright now, from cursory inspection.
Comment 10 Caius Chance 2007-09-25 03:00:16 EDT
Built to Rawhide.

Note You need to log in before you can comment on or make changes to this bug.