Package: wmnet
Severity: normal
Tags: patch
Hi,
The hardened build flags is one of the release goals of forthcoming
Debian releases. Number of security problems in the past have been
identified on packages that hadn't been fortified. For more
information, see:
http://lists.debian.org/debian-devel-announce/2012/02/msg00016.html
http://lists.debian.org/debian-dpkg/2011/09/msg00013.html
http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
See attached patch to help to migrate to dh(1) and hardened build flags.
Thanks,
Jari
>From fe182849780709f8218dfb7123ef365b646eeaa8 Mon Sep 17 00:00:00 2001
From: Jari Aalto <jari.aa...@cante.net>
Date: Sun, 8 Apr 2012 11:51:39 +0300
Subject: [PATCH] harden
Organization: Private
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Signed-off-by: Jari Aalto <jari.aa...@cante.net>
---
debian/changelog | 10 ++++++++
debian/compat | 2 +-
debian/control | 4 +-
debian/copyright | 2 +-
debian/rules | 63 ++++++++++-------------------------------------------
5 files changed, 26 insertions(+), 55 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index dfa366f..471f863 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+wmnet (1.06-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Bump Standards-Version to 3.9.3.1
+ * Update to debhelper 9 to use hardened build flags.
+ * Migrate to dh(1) in debian/rules and enable hardened build flags
+ http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
+
+ -- Jari Aalto <jari.aa...@cante.net> Sun, 08 Apr 2012 11:33:19 +0300
+
wmnet (1.06-1) unstable; urgency=low
* New upstream version
diff --git a/debian/compat b/debian/compat
index 7ed6ff8..ec63514 100644
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-5
+9
diff --git a/debian/control b/debian/control
index 45dd835..7f06508 100644
--- a/debian/control
+++ b/debian/control
@@ -2,8 +2,8 @@ Source: wmnet
Section: x11
Priority: optional
Maintainer: Martin Lazar <mla...@email.cz>
-Standards-Version: 3.9.3
-Build-Depends: debhelper (>= 5), libx11-dev, libxext-dev, xutils-dev
+Standards-Version: 3.9.3.1
+Build-Depends: debhelper (>= 9), libx11-dev, libxext-dev, xutils-dev
Homepage: http://www.katharineosborne.com/wmnet/
Package: wmnet
diff --git a/debian/copyright b/debian/copyright
index bb92029..2108304 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -23,5 +23,5 @@ Licence:
great, but please send me the diff.
On a Debian system the complete text of the GNU General Public License
-can be found in the file `/usr/share/common-licenses/GPL'
+can be found in the file `/usr/share/common-licenses/GPL-2'
diff --git a/debian/rules b/debian/rules
index 1003fe6..913d25e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,59 +1,20 @@
#!/usr/bin/make -f
-# Made with the aid of debmake, by Christoph Lameter,
-# based on the sample debian/rules file for GNU hello by Ian Jackson.
-# Handmodified by P. Frauenfelder for debhelper support, 5 Sept 1998
-build: build-arch build-indep
-build-arch: build-stamp
-build-indep: build-stamp
-build-stamp:
- dh_testdir
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND = -Wall
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
- xmkmf
- make
-
- touch build-stamp
-
-clean:
- dh_testdir
- dh_testroot
- rm -f build-stamp
+export CC := $(CC) $(CFLAGS) $(CPPFLAGS)
+override_dh_auto_build:
xmkmf
- make clean
-
- rm Makefile
-
- dh_clean
+ dh_auto_build -- CCLINK="$(CC) $(LDFLAGS)"
-install: build
- dh_testdir
- dh_testroot
- dh_clean -k
- dh_installdirs
-
- make install DESTDIR=$(CURDIR)/debian/wmnet
-
-binary-indep: build install
-# There are no architecture-independent files to be uploaded
-# generated by this package. If there were any they would be
-# made here.
+override_dh_auto_clean:
+ xmkmf
+ dh_auto_clean
-binary-arch: build install
- dh_testdir
- dh_testroot
- dh_installchangelogs Changelog
- dh_installdocs README
- dh_installmenu
- dh_installman wmnet.man
- dh_strip
- dh_compress
- dh_fixperms
- dh_installdeb
- dh_shlibdeps
- dh_gencontrol
- dh_md5sums
- dh_builddeb
+%:
+ dh $@
-binary: binary-indep binary-arch
-.PHONY: binary binary-arch binary-indep clean build install
+# End of file
--
1.7.9.1
