Bug#667558: Please enable hardened build flags

Wed, 04 Apr 2012 14:51:17 -0700 

Source: drbd8
Version: 2:8.3.11-3
Severity: important
Tags: patch

Please enable hardened build flags through dpkg-buildflags.

Patch attached. (dpkg-buildflags abides "noopt" from DEB_BUILD_OPTIONS)

(I have forwarded the Makefile.in bits upstream)

Cheers,
        Moritz


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -aur drbd8-8.3.11.harden/debian/rules drbd8-8.3.11/debian/rules
--- drbd8-8.3.11.harden/debian/rules	2012-03-30 18:49:19.000000000 +0200
+++ drbd8-8.3.11/debian/rules	2012-04-04 23:37:57.000000000 +0200
@@ -19,13 +19,11 @@
 -include $(MA_DIR)/include/generic.make
 -include $(MA_DIR)/include/common-rules.make
 
-CFLAGS = -Wall -g
+CFLAGS = `dpkg-buildflags --get CFLAGS`
+CFLAGS += -Wall
+CFLAGS += `dpkg-buildflags --get CPPFLAGS`
+LDFLAGS = `dpkg-buildflags --get LDFLAGS`
 
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-	CFLAGS += -O0
-else
-	CFLAGS += -O2
-endif
 ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
 	INSTALL_PROGRAM += -s
 endif
@@ -76,7 +74,7 @@
 
 configure: configure-stamp
 configure-stamp:
-	./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc --with-utils --with-udev --with-xen --with-pacemaker --with-rgmanager --with-bashcompletion
+	CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc --with-utils --with-udev --with-xen --with-pacemaker --with-rgmanager --with-bashcompletion
 
 build: configure build-arch
 
diff -aur drbd8-8.3.11.harden/user/Makefile.in drbd8-8.3.11/user/Makefile.in
--- drbd8-8.3.11.harden/user/Makefile.in	2011-05-13 13:27:04.000000000 +0200
+++ drbd8-8.3.11/user/Makefile.in	2012-04-04 23:37:37.000000000 +0200
@@ -32,6 +32,7 @@
 LIBDIR = @prefix@/lib/@PACKAGE_TARNAME@
 CC = @CC@
 CFLAGS = @CFLAGS@
+LDFLAGS = @LDFLAGS@
 LN_S = @LN_S@
 
 # features enabled or disabled by configure
@@ -72,8 +73,8 @@
 drbd_strings.c: ../drbd/drbd_strings.c
 	cp $^ $@
 
-drbdadm: $(drbdadm-obj)
-	$(CC) -o $@ $^
+drbdadm: $(drbdadm-obj) 
+	$(CC) $(LDFLAGS) -o $@ $^
 
 drbdadm_scanner.c: drbdadm_scanner.fl drbdadm_parser.h
 	flex -s -odrbdadm_scanner.c drbdadm_scanner.fl
@@ -82,10 +83,10 @@
 	flex -s -odrbdmeta_scanner.c drbdmeta_scanner.fl
 
 drbdsetup: $(drbdsetup-obj)
-	$(CC) -o $@ $^
+	$(CC) $(LDFLAGS) -o $@ $^
 
 drbdmeta: $(drbdmeta-obj)
-	$(CC) -o $@ $^
+	$(CC) $(LDFLAGS) -o $@ $^
 
 clean:
 	rm -f drbdadm_scanner.c drbdmeta_scanner.c

Reply via email to