Debian Bug report logs - #704927
mypaint: hardening flags are not honored

version graph

Package: src:mypaint; Maintainer for src:mypaint is Python Applications Packaging Team <>;

Reported by: Sebastian Ramacher <>

Date: Sun, 7 Apr 2013 19:51:01 UTC

Severity: normal

Found in version mypaint/1.1.0-1

Fixed in version mypaint/1.1.0-2

Done: Andrew Chadwick <>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to,, Python Applications Packaging Team <>:
Bug#704927; Package src:mypaint. (Sun, 07 Apr 2013 19:51:06 GMT) Full text and rfc822 format available.

Message #3 received at (full text, mbox):

From: Sebastian Ramacher <>
To: Debian Bug Tracking System <>
Subject: mypaint: hardening flags are not honored
Date: Sun, 7 Apr 2013 21:46:24 +0200
[Message part 1 (text/plain, inline)]
Source: mypaint
Version: 1.1.0-1

Although the changelog for 1.1.0-1 claims that hardening flags are
honored, not all of the files are compiled with these flags.
lib/mypaintlib_wrap.cpp is compiled with them, but all the files in brushlib
are not. blhc confirms that:

CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/brushmodes.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/brushmodes.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/brushmodes.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/brushmodes.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/fifo.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/fifo.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/fifo.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/fifo.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/helpers.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/helpers.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/helpers.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/helpers.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/mapping.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/mapping.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/mapping.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/mapping.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/mypaint-brush-settings.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/mypaint-brush-settings.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/mypaint-brush-settings.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/mypaint-brush-settings.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/mypaint-brush.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/mypaint-brush.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/mypaint-brush.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/mypaint-brush.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/mypaint-fixed-tiled-surface.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/mypaint-fixed-tiled-surface.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/mypaint-fixed-tiled-surface.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/mypaint-fixed-tiled-surface.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/mypaint-surface.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/mypaint-surface.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/mypaint-surface.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/mypaint-surface.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/mypaint-tiled-surface.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/mypaint-tiled-surface.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/mypaint-tiled-surface.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/mypaint-tiled-surface.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/mypaint.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/mypaint.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/mypaint.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/mypaint.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/operationqueue.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/operationqueue.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/operationqueue.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/operationqueue.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/rng-double.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/rng-double.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/rng-double.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib -I/usr/include/json brushlib/rng-double.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/tests/testutils.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib/tests -I/usr/include/json -Ibrushlib brushlib/tests/testutils.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/tests/testutils.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib/tests -I/usr/include/json -Ibrushlib brushlib/tests/testutils.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/tests/mypaint-utils-stroke-player.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib/tests -I/usr/include/json -Ibrushlib brushlib/tests/mypaint-utils-stroke-player.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/tests/mypaint-utils-stroke-player.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib/tests -I/usr/include/json -Ibrushlib brushlib/tests/mypaint-utils-stroke-player.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/tests/mypaint-benchmark.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib/tests -I/usr/include/json -Ibrushlib brushlib/tests/mypaint-benchmark.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/tests/mypaint-benchmark.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib/tests -I/usr/include/json -Ibrushlib brushlib/tests/mypaint-benchmark.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/tests/mypaint-test-surface.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib/tests -I/usr/include/json -Ibrushlib brushlib/tests/mypaint-test-surface.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/tests/mypaint-test-surface.os -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -fPIC -Ibrushlib/tests -I/usr/include/json -Ibrushlib brushlib/tests/mypaint-test-surface.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/tests/test-brush-persistence.o -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -Ibrushlib/tests -I/usr/include/json -Ibrushlib brushlib/tests/test-brush-persistence.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/tests/test-brush-persistence.o -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -Ibrushlib/tests -I/usr/include/json -Ibrushlib brushlib/tests/test-brush-persistence.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/tests/test-fixed-tiled-surface.o -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -Ibrushlib/tests -I/usr/include/json -Ibrushlib brushlib/tests/test-fixed-tiled-surface.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/tests/test-fixed-tiled-surface.o -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -Ibrushlib/tests -I/usr/include/json -Ibrushlib brushlib/tests/test-fixed-tiled-surface.c
CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -o brushlib/tests/test-rng.o -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -Ibrushlib/tests -I/usr/include/json -Ibrushlib brushlib/tests/test-rng.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -o brushlib/tests/test-rng.o -c -std=c99 -D_POSIX_C_SOURCE=200809L -fopenmp -Wall -O3 -g -Ibrushlib/tests -I/usr/include/json -Ibrushlib brushlib/tests/test-rng.c

Sebastian Ramacher
[signature.asc (application/pgp-signature, inline)]

Information forwarded to, Python Applications Packaging Team <>:
Bug#704927; Package src:mypaint. (Sun, 21 Apr 2013 20:39:16 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andrew Chadwick <>:
Extra info received and forwarded to list. Copy sent to Python Applications Packaging Team <>. (Sun, 21 Apr 2013 20:39:16 GMT) Full text and rfc822 format available.

Message #8 received at (full text, mbox):

From: Andrew Chadwick <>
Subject: bug 704927
Date: Sun, 21 Apr 2013 21:38:42 +0100
Same underlying problem as bug 704935, which is reported upstream as

Andrew Chadwick

Reply sent to Andrew Chadwick <>:
You have taken responsibility. (Mon, 22 Apr 2013 07:06:05 GMT) Full text and rfc822 format available.

Notification sent to Sebastian Ramacher <>:
Bug acknowledged by developer. (Mon, 22 Apr 2013 07:06:05 GMT) Full text and rfc822 format available.

Message #13 received at (full text, mbox):

From: Andrew Chadwick <>
Subject: Bug#704927: fixed in mypaint 1.1.0-2
Date: Mon, 22 Apr 2013 07:02:52 +0000
Source: mypaint
Source-Version: 1.1.0-2

We believe that the bug you reported is fixed in the latest version of
mypaint, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Andrew Chadwick <> (supplier of updated mypaint package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA256

Format: 1.8
Date: Sun, 21 Apr 2013 20:37:02 +0100
Source: mypaint
Binary: mypaint mypaint-data mypaint-data-extras
Architecture: source amd64 all
Version: 1.1.0-2
Distribution: unstable
Urgency: low
Maintainer: Python Applications Packaging Team <>
Changed-By: Andrew Chadwick <>
 mypaint    - paint program for use with graphics tablets
 mypaint-data - runtime data files for MyPaint
 mypaint-data-extras - high resolution backgrounds for mypaint
Closes: 704927 704935
 mypaint (1.1.0-2) unstable; urgency=low
   * Fix FTBFS with DEB_BUILD_OPTIONS=noopt (closes: Bug#704935)
   * Fix hardening flags not being honoured (closes: Bug#704927)
 73fabc2e0b94afafc9040920ac4f68afeb48dca4 2205 mypaint_1.1.0-2.dsc
 9e4f0bc2cee6c369f1a40d7c24435b7c26cc3795 37416388 mypaint_1.1.0.orig.tar.bz2
 56ffb789a78764331ae53f51ac78141932bd1646 112508 mypaint_1.1.0-2.debian.tar.bz2
 12f14505c871c4684815917684802c20f73e0176 454206 mypaint_1.1.0-2_amd64.deb
 e8a125e73ce2a501db27586562e6b165eddcb014 3470130 mypaint-data_1.1.0-2_all.deb
 a02eefc50447d4497c2b8442c08c271d807ce578 30193606 mypaint-data-extras_1.1.0-2_all.deb
 f60cb9535ee9d53b9c5b9acdbb3c93ae48443046cda8886676399519503ac223 2205 mypaint_1.1.0-2.dsc
 780d57e50dd90afd586873bc5120261930ea4c309d4d0958020916932122e838 37416388 mypaint_1.1.0.orig.tar.bz2
 6050eb572a0b247bd7b3ceb62831331cacf5e2ff2aa81ef342b70e86da12eacb 112508 mypaint_1.1.0-2.debian.tar.bz2
 150ab3e8629aae3c8f29930afdf5330c08b5af7ae31f76ec709426e94b069f72 454206 mypaint_1.1.0-2_amd64.deb
 6590f52a72a0342c1f587fad1ebcf6ad8f09b94177787f02d15efb86ff7e2e93 3470130 mypaint-data_1.1.0-2_all.deb
 fc30fe4ccee5c5304c365b1dad53aca01e78d6314f8e03721f28e9f1660fc67d 30193606 mypaint-data-extras_1.1.0-2_all.deb
 78525aece6b5dc25f587d400711b07ef 2205 graphics optional mypaint_1.1.0-2.dsc
 7846a8406259d0fc81c9a2157a2348bf 37416388 graphics optional mypaint_1.1.0.orig.tar.bz2
 5fa2bec3f1f734e760c7fca5f0d413af 112508 graphics optional mypaint_1.1.0-2.debian.tar.bz2
 3a1f833f30b2157106cbcb42aa465871 454206 graphics optional mypaint_1.1.0-2_amd64.deb
 fd87ee871660ba5dd287c3f498c0abe8 3470130 graphics optional mypaint-data_1.1.0-2_all.deb
 3d7cddac339c7114411bc804a1dc56f4 30193606 graphics optional mypaint-data-extras_1.1.0-2_all.deb

Version: GnuPG v1.4.12 (GNU/Linux)


Bug archived. Request was from Debbugs Internal Request <> to (Sun, 09 Jun 2013 07:32:13 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Mon Apr 21 16:15:16 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.