Package: unbound
Version: 1.4.14-2
Severity: important
Tags: patch
Please enable hardened build flags through dpkg-buildflags.
Patch attached.
Cheers,
Moritz
diff -aur unbound-1.4.14.harden/debian/rules unbound-1.4.14/debian/rules
--- unbound-1.4.14.harden/debian/rules 2011-12-19 17:00:33.000000000 +0100
+++ unbound-1.4.14/debian/rules 2012-01-30 21:06:58.000000000 +0100
@@ -4,6 +4,11 @@
DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
LIBRARY = libunbound2
+CFLAGS = `dpkg-buildflags --get CFLAGS`
+CFLAGS += -fPIC
+LDFLAGS = `dpkg-buildflags --get LDFLAGS`
+CPPFLAGS = `dpkg-buildflags --get CPPFLAGS`
+
clean:
dh clean
@@ -17,7 +22,7 @@
autoreconf -fvi
# first build -- build unbound daemon
- ./configure \
+ CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure \
--prefix=/usr \
--sysconfdir=/etc \
--disable-rpath \
@@ -42,15 +47,15 @@
$(MAKE) clean
# second build -- build libunbound and utilities, without extra dependencies
- ./configure \
+ CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure \
--prefix=/usr \
--sysconfdir=/etc \
--disable-rpath \
--without-libevent \
--without-pythonmodule \
--without-pyunbound \
- --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
- CFLAGS="-fPIC"
+ --libdir=/usr/lib/$(DEB_HOST_MULTIARCH)
+
$(MAKE)
$(MAKE) install DESTDIR="$(CURDIR)/debian/tmp"
Nur in unbound-1.4.14/debian: rules~.
