tag 660195 patch thanks On Sat, Feb 25, 2012 at 03:39:43PM +0200, Niko Tyni wrote: > On Fri, Feb 17, 2012 at 12:19:28PM +0200, Niko Tyni wrote: > > Package: perl > > Version: 5.14.2-7 > > Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=28632 > > > > As noted in #657853, Makefile.PL command line arguments like OPTIMIZE and > > LD aren't passed down to recursive invocations when there are Makefile.PL > > files in subdirectories. This is hindering the adoption of hardening > > build flags. > > > > The libimager-perl package is an example.
> Patching the code so that all the command line arguments go through > seems rather invasive IMO, at least without a better understanding > of the issue. Just adding LD and OPTIMIZE would cover our use case. > Perhaps we should try that and run a test rebuild of affected packages. The attached patch whitelists LD and OPTIMIZE. I've built a test perl package with this, and it seems to get libimager-perl built with the security flags after - dh_auto_configure -- --disable=TT-fonts + dh_auto_configure -- --disable=TT-fonts OPTIMIZE="$(shell dpkg-buildflags --get CFLAGS) $(shell dpkg-buildflags --get CPPFLAGS)" LD="$(shell perl -V::ld:) $(shell dpkg-buildflags --get LDFLAGS)" The next step could be finding out which XS module packages have more than one Makefile.PL inside and testing those. -- Niko Tyni nt...@debian.org
>From a10390364877af62447d9e6016879665f79f15cf Mon Sep 17 00:00:00 2001 From: Niko Tyni <nt...@debian.org> Date: Sat, 25 Feb 2012 19:41:27 +0200 Subject: [PATCH] Make EU::MM use LD and OPTIMIZE in recursive Makefile.PL invocations In a directory hierarchy with Makefile.PL files in subdirectories, command line arguments like perl Makefile.PL OPTIMIZE="-g -O0" are not used in the generated subdirectory Makefiles. This seems to be by design: there's a short list of variables that are inherited, the rest are not taken into account at all. Debian needs LD and OPTIMIZE for sane handling of security related build flags, so add those to the whitelist. Bug: http://rt.cpan.org/Public/Bug/Display.html?id=28632 Bug-Debian: http://bugs.debian.org/660195 Patch-Name: debian/makemaker-recursive.diff --- cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm b/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm index c56ca8f..32c20f3 100644 --- a/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm +++ b/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm @@ -565,7 +565,7 @@ END } if ($self->{PARENT}) { $self->{PARENT}->{CHILDREN}->{$newclass} = $self; - foreach my $opt (qw(POLLUTE PERL_CORE LINKTYPE)) { + foreach my $opt (qw(POLLUTE PERL_CORE LINKTYPE LD OPTIMIZE)) { if (exists $self->{PARENT}->{$opt} and not exists $self->{$opt}) {
