Package: nginx
Version: 1.1.12-1
Severity: important
Tags: patch
Please enable hardened build flags through dpkg-buildflags.
Patch attached. (dpkg-buildflags abides "noopt" from DEB_BUILD_OPTIONS)
Cheers,
Moritz
diff -aur nginx-1.1.12.harden/debian/rules nginx-1.1.12/debian/rules
--- nginx-1.1.12.harden/debian/rules 2012-01-01 04:48:52.000000000 +0100
+++ nginx-1.1.12/debian/rules 2012-01-31 23:11:49.000000000 +0100
@@ -1,6 +1,9 @@
#!/usr/bin/make -f
-CFLAGS = -Wall -g
+CFLAGS = `dpkg-buildflags --get CFLAGS`
+CFLAGS += -Wall
+CFLAGS += `dpkg-buildflags --get CPPFLAGS`
+LDFLAGS = `dpkg-buildflags --get LDFLAGS`
FLAVOURS:=full light extras
@@ -15,11 +18,6 @@
CONFIGURE_OPTS = --with-cc-opt="-m32 -mcpu=ultrasparc"
endif
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -O0
-else
- CFLAGS += -O2
-endif
ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
@@ -49,7 +47,7 @@
cp -Pa $(CURDIR)/man $(BUILDDIR_$*)/
config.status.full: config.env.full config.sub config.guess
- cd $(BUILDDIR_full) && ./configure \
+ cd $(BUILDDIR_full) && CFLAGS="$(CFLAGS)" CORE_LINK="$(LDFLAGS)" ./configure \
--prefix=/etc/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
@@ -83,7 +81,7 @@
touch $@
config.status.light: config.env.light config.sub config.guess
- cd $(BUILDDIR_light) && ./configure \
+ cd $(BUILDDIR_light) && CFLAGS="$(CFLAGS)" CORE_LINK="$(LDFLAGS)" ./configure \
--prefix=/etc/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
@@ -113,7 +111,7 @@
touch $@
config.status.extras: config.env.extras config.sub config.guess
- cd $(BUILDDIR_extras) && ./configure \
+ cd $(BUILDDIR_extras) && CFLAGS="$(CFLAGS)" CORE_LINK="$(LDFLAGS)" ./configure \
--prefix=/etc/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
Nur in nginx-1.1.12/debian: rules~.
