Bug#733986: pixman: Please enable hardening build flags

intrigeri Sat, 16 Aug 2014 04:31:01 -0700

Hi,

here's an updated patch. Tested on my sid system since a few days.


Cheers,
--
intrigeri

commit 0bf90a42e3a9a73d5dffca9321b3bd31fa3d9ab8
Author: intrigeri <intrig...@debian.org>
Date:   Thu Jan 2 21:11:53 2014 +0000

    Enable hardening build flags with dpkg-buildflags.
    
    All default dpkg-buildflags, plus the bonus bindnow one, are used.
    The last available one (PIE) is not applicable to shared libraries.

diff --git a/debian/rules b/debian/rules
index a4ce000..a8100d2 100755
--- a/debian/rules
+++ b/debian/rules
@@ -3,13 +3,16 @@
 PACKAGE = libpixman-1-0
 SHLIBS  = 0.25.2
 
+export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow
+
 # Disable Gtk+ autodetection:
 override_dh_auto_configure:
 	# also avoid loongson2f optimizations on mipsel, see 0.26.0-3
 	# changelog entry:
 	LS_CFLAGS=" " dh_auto_configure -- --disable-gtk \
 	  --disable-silent-rules \
-	  --disable-arm-iwmmxt
+	  --disable-arm-iwmmxt \
+	  $(shell dpkg-buildflags --export=configure)
 
 # Install in debian/tmp to retain control through dh_install:
 override_dh_auto_install:

Bug#733986: pixman: Please enable hardening build flags

Reply via email to