Search Criteria
Package Details: perl-starlink-ast 3.03-3
Package Actions
Git Clone URL: | https://aur.archlinux.org/perl-starlink-ast.git (read-only, click to copy) |
---|---|
Package Base: | perl-starlink-ast |
Description: | Interface to the Starlink AST library |
Upstream URL: | https://metacpan.org/release/Starlink-AST |
Licenses: | GPL-2.0-or-later |
Submitter: | awacha |
Maintainer: | awacha |
Last Packager: | micwoj92 |
Votes: | 0 |
Popularity: | 0.000000 |
First Submitted: | 2016-11-09 09:08 (UTC) |
Last Updated: | 2024-05-05 17:57 (UTC) |
Dependencies (7)
- perl (perl-gitAUR)
- perl-pgplotAUR
- perl-tk (perl-tk-gitAUR, perl-tk-xftAUR)
- perl-tk-zincAUR
- perl-module-build (make)
- perl-test-deep (check)
- perl-test-number-delta (check)
Required by (2)
- perl-astro-fits-header (check)
- perl-astro-fits-header (optional)
Latest Comments
awacha commented on 2022-04-20 09:50 (UTC)
I have found the workaround to disable the "-Werror=format-security" flag. Turns out that Module::Build introduced it from the "optimize" variable in Config.pm of the Perl core, which in turn reflects the default settings of the CFLAGS in the Arch Build System, which should be the same as those in /etc/makepkg.conf. For now I'd release the package with this workaround. For the future, I have also opened an issue on the Github project site (https://github.com/Starlink/perl-Starlink-AST/issues/1).
micwoj92 commented on 2022-04-14 23:32 (UTC)
Maybe you (or me) should let upstream know, so that they can fix this potential vulnerability for later versions? https://github.com/Starlink/perl-Starlink-AST
awacha commented on 2022-04-14 13:22 (UTC)
Yes, it also fails for me. The reason is in the source code file lib/Starlink/AST.xs, where the original author uses a possibly dangerous construct (the first argument for printf is a variable, not a literal), which might be exploited by malicious users. The "-Werror=format-security" switch of GCC makes this an error, instead of a warning. This switch is set in makepkg.conf since pacman v6.0.0. I tried to override this by adding "-Wno-error=format-security" in the PKGBUILD to the CFLAGS environment variable, but for some strange reason, it is added back:
$ cc -Isrc -Iast -I/usr/lib/perl5/5.34/core_perl/CORE -DVERSION="3.01" -DXS_VERSION="3.01" -fPIC -Iextsrc -DHAVE_DECL_ISNAN=1 -DSIZEOF_LONG=8 -DSIZEOF_LONG_LONG=8 -DHAVE_INT64_T=1 -DHAVE_UINT64_T=1 -c -D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -Wno-error=format-security -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -flto -o lib/Starlink/AST.o lib/Starlink/AST.c
Whole portions of the CFLAGS environment variable are repeated (starting with -march=x86-64), and I'm not sure where this comes in. I'm not a Perl expert, but suspect that Module::Build does something fishy. I will try to debug this next week.
micwoj92 commented on 2022-04-12 22:59 (UTC) (edited on 2022-04-12 22:59 (UTC) by micwoj92)
Build fails for me with same error as already reported https://aur.archlinux.org/packages/perl-starlink-ast#comment-847154
I have no idea why, does it also fail for you @awacha?
micwoj92 commented on 2022-01-17 18:56 (UTC)
I've uploaded perl-tk-zinc to AUR so you can add it to depends too.
Is there a way to disable certain tests?
Graphics::PLplot module not installed.
This is annoying, it did hang test for me (had to close window manually) and I don't really want to upload to AUR because last upstream update was in 2004.micwoj92 commented on 2022-01-17 09:29 (UTC)
Sorry for bothering you so many times, this package also needs perl-module-build in makedepends otherwise build fails.
Also it gave warning about some checking prerequisites missing and then later in check it skipped some tests
but honestly this isn't so important.
awacha commented on 2022-01-17 09:08 (UTC)
The error is caused by the '-Werror=format-security' compiler flag in the /etc/makepkg.conf file. In my version of the file this compiler flag was not there (it introduced by commit aa30b5ebf3ef5c1a0415b2adbb80f120224ca8eb to the pacman package on May 20, 2021). Updating the makepkg.conf to the current version brought out the error for me, too.
Sadly, this is an upstream issue (sloppy code / too strict compiler), which I cannot fix. As a workaround, the switch is now disabled (-Wno-error=format-security) explicitly in the PKGBUILD file.
Thanks for reporting!
micwoj92 commented on 2022-01-17 08:11 (UTC)
Build fails