Simon Ruderich wrote: > The cmake buildsystem ignores CPPFLAGS and upstream rejected a > patch to include them in CFLAGS (#653916). This prevents > automatic hardening with -D_FORTIFY_SOURCE=2 for all CMake > packages (see [1] for more information about hardening). > > Modifying all CMake packages just to append CPPFLAGS to CFLAGS > creates unnecessary boilerplate and requires modifying all CMake > packages - something maintainers are reluctant to do (#667941). > > If possible debhelper should be updated as soon as possible to > help with the hardening release goal for wheezy. > > The attached patch updates cmake.pm to append CPPFLAGS to CFLAGS. > It seems to work fine, but I don't have much experience with > debhelper's buildsystem - please modify the patch if there's a > better way to handle that.
This same thing was recently done for perl. (#662666) To make changes to build flags used in v9, there needs to be a proof that it doesn't break anything (or work done to identify what does break, and fix it). If that's not practical, this would need to be deferred to v10. -- see shy jo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
