[Bug 2049686] [NEW] dpkg-buildflags: emit build flags for negated features

[Matthias Klose]

Public bug reported:

we have in a package:

export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-fortify

however that doesn't turn off fortify.  We have these unfortunate
defaults in the compiler, so we have to emit explicit compiler flags to
disable these.

not just for that feature, but for any feature that is turned on by
default in GCC.

** Affects: dpkg (Ubuntu)
     Importance: High
     Assignee: Ubuntu Security Team (ubuntu-security)
         Status: Confirmed


** Tags: rls-nn-incoming

** Changed in: dpkg (Ubuntu)
       Status: New => Confirmed

** Changed in: dpkg (Ubuntu)
   Importance: Undecided => High

** Changed in: dpkg (Ubuntu)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

** Tags added: rls-nn-incoming

** Description changed:

  we have in a package:
  
  export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-fortify
  
  however that doesn't turn off fortify.  We have these unfortunate
  defaults in the compiler, so we have to emit explicit compiler flags to
  disable these.
+ 
+ not just for that feature, but for any feature that is turned on by
+ default in GCC.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dpkg in Ubuntu.
https://bugs.launchpad.net/bugs/2049686

Title:
  dpkg-buildflags: emit build flags for negated features

Status in dpkg package in Ubuntu:
  Confirmed

Bug description:
  we have in a package:

  export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-fortify

  however that doesn't turn off fortify.  We have these unfortunate
  defaults in the compiler, so we have to emit explicit compiler flags
  to disable these.

  not just for that feature, but for any feature that is turned on by
  default in GCC.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2049686/+subscriptions