[Bug 2076419] Re: lxml: Does not respect compiler flags

Robie Basak 2076419 at bugs.launchpad.net
Wed Oct 2 11:32:26 UTC 2024 

You could have fixed the test plan as I requested instead of
complaining?

FYI, you can find the upload in the rejected queue. The SRU team can
even accept from the rejected queue. It should be minimal work to do
this.

On the other hand the current SRU workflow requires SRU team members to
continually re-check to see if uploaders have fixed issues mentioned, so
I tend to reject uploads that haven't received attention from the SRU
driver in over a month. Soon after I joined the SRU team I asked the
question and was told that it was OK to reject for this reason, without
a delay at all. I would like to improve the workflow so that this isn't
necessary, but that's how it is at the moment.

> I'm sure you are very well aware we're still starting a broader
process on these uploads to enable frame pointers, and we shouldn't work
against that.

That isn't relevant. This is important work and can make progress as
soon as you start responding appropriately to review feedback. But you
don't seem to have done that?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to lxml in Ubuntu.
https://bugs.launchpad.net/bugs/2076419

Title:
  lxml: Does not respect compiler flags

Status in lxml package in Ubuntu:
  Fix Committed
Status in lxml source package in Noble:
  New

Bug description:
  [Impact]
  The packaging does not respect compiler flags, notably hardening flags like the stack protector, as well as frame pointer, as it never uses dpkg-buildflags and is still old manual style.

  This means there is a higher security risk, which given the nature of
  the library seems ill-advised, and the lack of frame pointers hampers
  profiling.

  [Test plan]
  Look at the build log and see that the build flags have been passed, notably stuff like

  -fno-strict-overflow -Wsign-compare -DNDEBUG -g -O2 -Wall -g -O2 -Werror=implicit-function-declaration -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=for
  mat-security -fcf-protection

  Parse some xml and see that it works

  [Where problems could occur]
  Hardening flags could surface existing (possibly security) bugs that have been asymptomatic so far; frame pointers will incur some slow down.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxml/+bug/2076419/+subscriptions

More information about the foundations-bugs mailing list