FS#54819 - [ffmpeg2.8] hardening-wrapper wasn't removed

Attached to Project: Arch Linux
Opened by David McAdoo (geecroof) - Saturday, 15 July 2017, 09:46 GMT
Last edited by Maxime Gauduin (Alucryd) - Sunday, 16 July 2017, 09:24 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Maxime Gauduin (Alucryd)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:

There was rebuild due to https://www.archlinux.org/todo/hardening-wrapper-removal/ but hardening-wrapper dependence wasn't actually removed, see https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/ffmpeg2.8&id=aba440071d8bb5847b43fc9cefa2b21f510150c6 probably maintainer forgot it.

Additional info:

ffmpeg2.8 2.8.12-2
This task depends upon

Closed by  Maxime Gauduin (Alucryd)
Sunday, 16 July 2017, 09:24 GMT
Reason for closing:  Fixed
Comment by Daniel M. Capella (polyzen) - Saturday, 15 July 2017, 19:54 GMT
It's possible (though unlikely) there is still a benefit to have the hardening-wrapper there. For example, I kept it for one of my packages where it enforced fortification.
Comment by David McAdoo (geecroof) - Saturday, 15 July 2017, 21:17 GMT
The point is hardening-wrapper will be removed soon https://git.archlinux.org/svntogit/community.git/commit/trunk?h=packages/hardening-wrapper&id=dadbd0a6d9104db03bc1391a36a24ccb544a80c4
Comment by Eli Schwartz (eschwartz) - Sunday, 16 July 2017, 02:21 GMT
It's flagged on the todo[1] as complete, and I don't see what other reason there would be to randomly rebuild it with no changes whatsoever at the exact same time as the todo. :p

So I will assume this was indeed an accident, and if it turns out we were wrong then alucryd could at least mark it as incomplete on the todo...

[1] https://www.archlinux.org/todo/hardening-wrapper-removal/
Comment by Maxime Gauduin (Alucryd) - Sunday, 16 July 2017, 09:24 GMT
That was my mistake, forgot to remove it. FYI, using our new default flags is actually a step further than using hardening-wrapper, ffmpeg went from partial RELRO to full RELRO with these changes.

Loading...