Bug#657532: Please enable hardened build flags

[Moritz Muehlenhoff]

Package: aptitude
Version: 0.6.4-1.2
Severity: important
Tags: patch

Please enable hardened build flags through dpkg-buildflags.

Patch attached. (dpkg-buildflags abides "noopt" from DEB_BUILD_OPTIONS)

Cheers,
        Moritz

diff -aur aptitude-0.6.4.harden/debian/rules aptitude-0.6.4/debian/rules
--- aptitude-0.6.4.harden/debian/rules	2011-05-16 05:27:05.000000000 +0200
+++ aptitude-0.6.4/debian/rules	2012-01-26 21:15:11.000000000 +0100
@@ -9,13 +9,11 @@
 # writing, g++ on s390 miscompiles some of the parsing code unless
 # -fno-gcse is enabled.  See Debian bug #580085.
 ifneq (,$(findstring $(DEB_BUILD_ARCH_CPU), s390 sh4))
-  ARCH_CXXFLAGS=-fno-gcse
+  DEB_CXXFLAGS_MAINT_APPEND=-fno-gcse
 endif
 
 ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-  export CXXFLAGS=-g -O0 -fno-inline $(ARCH_CXXFLAGS)
-else
-  export CXXFLAGS=-g -O2 $(ARCH_CXXFLAGS)
+  DEB_CXXFLAGS_MAINT_APPEND=-fno-inline
 endif
 
 ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
@@ -33,7 +31,7 @@
 	dh_testdir
 
 	mkdir -p $(GTK_BUILD_DIR)
-	(cd $(GTK_BUILD_DIR) && ../configure --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --disable-private-glade-file --disable-docs --disable-werror)
+	(cd $(GTK_BUILD_DIR) && ../configure --prefix=/usr $(shell dpkg-buildflags --export=configure) --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --disable-private-glade-file --disable-docs --disable-werror)
 	$(MAKE) -C $(GTK_BUILD_DIR)/src
 	# Run the unit tests, but protect against Boost.Test's flakiness.
 	(cd $(GTK_BUILD_DIR) && $(MAKE) -C tests check || (cd tests && ./cppunit_test))
@@ -46,7 +44,7 @@
 	dh_testdir
 
 	mkdir -p $(CURSES_BUILD_DIR)
-	(cd $(CURSES_BUILD_DIR) && ../configure --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --disable-gtk --disable-werror)
+	(cd $(CURSES_BUILD_DIR) && ../configure --prefix=/usr $(shell dpkg-buildflags --export=configure) --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --disable-gtk --disable-werror)
 	$(MAKE) -C $(CURSES_BUILD_DIR)/src
 	# Run the unit tests, but protect against Boost.Test's flakiness.
 	(cd $(CURSES_BUILD_DIR) && $(MAKE) -C tests check || (cd tests && ./cppunit_test))
Nur in aptitude-0.6.4/debian: rules~.