diff options
| author | Colin Watson <cjwatson@debian.org> | 2012-06-22 11:33:19 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2012-06-22 11:33:19 +0000 |
| commit | e76e7b2f6963e036b6d222547412d15ab0731de1 (patch) | |
| tree | d7b2e0f6619cb18619ae7b3e0dac54672c394010 | |
| parent | 65ea6881698f14e2d2648b940d36d7807cde5e7d (diff) | |
Use dpkg-buildflags to enable hardening options.
| -rw-r--r-- | Makefile | 12 | ||||
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rw-r--r-- | debian/control | 2 | ||||
| -rw-r--r-- | debian/patches/build-outside-glibc.patch | 13 | ||||
| -rw-r--r-- | debian/patches/db_dump185.patch | 16 | ||||
| -rwxr-xr-x | debian/rules | 6 |
6 files changed, 31 insertions, 24 deletions
@@ -21,24 +21,24 @@ libdb1-routines := bt_close bt_conv bt_debug bt_delete bt_get \ rec_seq rec_utils CFLAGS ?= -O2 -CPPFLAGS += -I. -D_REENTRANT -D__DBINTERFACE_PRIVATE -DUSE_LIBDB1 -CPPFLAGS += -D_GNU_SOURCE +XCPPFLAGS = -I. -D_REENTRANT -D__DBINTERFACE_PRIVATE -DUSE_LIBDB1 -D_GNU_SOURCE libdb.so-version=.2 all: libdb1.so$(libdb.so-version) db_dump185/db_dump185 %.o: %.c - $(CC) $(CPPFLAGS) $(CFLAGS) -c -g -o $@ $< + $(CC) $(XCPPFLAGS) $(CPPFLAGS) $(CFLAGS) -c -g -o $@ $< %.os: %.c - $(CC) $(CPPFLAGS) $(CFLAGS) -c -fPIC -o $@ $< + $(CC) $(XCPPFLAGS) $(CPPFLAGS) $(CFLAGS) -c -fPIC -o $@ $< libdb1.so$(libdb.so-version): $(patsubst %,%.os,$(libdb1-routines)) $(CC) -Wl,-O1 -Wl,--version-script=Versions -Wl,-z,combreloc \ - -Wl,-soname=libdb.so$(libdb.so-version) \ + -Wl,-soname=libdb.so$(libdb.so-version) $(LDFLAGS) \ -shared -o $@ $^ -lc db_dump185/db_dump185: db_dump185/db_dump185.c libdb1.so$(libdb.so-version) - $(CC) -I. -o $@ $< libdb1.so$(libdb.so-version) + $(CC) -I. $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) \ + -o $@ $< libdb1.so$(libdb.so-version) clean: rm -f $(patsubst %,%.o,$(libdb1-routines)) diff --git a/debian/changelog b/debian/changelog index 43b1900..fc16aff 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +db1-compat (2.1.3-16) UNRELEASED; urgency=low + + * Use dpkg-buildflags to enable hardening options. + + -- Colin Watson <cjwatson@debian.org> Fri, 22 Jun 2012 12:17:08 +0100 + db1-compat (2.1.3-15) unstable; urgency=low * Add cross-compiling support. diff --git a/debian/control b/debian/control index bc7ae8f..df18335 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: oldlibs Priority: extra Maintainer: Colin Watson <cjwatson@debian.org> Standards-Version: 3.6.2 -Build-Depends: debhelper (>= 7.0.50) +Build-Depends: dpkg-dev (>= 1.15.7~), debhelper (>= 7.0.50) Package: libdb1-compat Architecture: any diff --git a/debian/patches/build-outside-glibc.patch b/debian/patches/build-outside-glibc.patch index a7b41de..4de6e5e 100644 --- a/debian/patches/build-outside-glibc.patch +++ b/debian/patches/build-outside-glibc.patch @@ -1,13 +1,13 @@ Description: Modify build system to work outside glibc Author: Colin Watson <cjwatson@debian.org> Forwarded: no -Last-Update: 2011-04-04 +Last-Update: 2012-06-22 Index: b/Makefile =================================================================== --- a/Makefile +++ b/Makefile -@@ -20,54 +20,24 @@ +@@ -20,54 +20,23 @@ rec_close rec_delete rec_get rec_open rec_put rec_search \ rec_seq rec_utils @@ -63,20 +63,19 @@ Index: b/Makefile -# $(make-link) -#endif +CFLAGS ?= -O2 -+CPPFLAGS += -I. -D_REENTRANT -D__DBINTERFACE_PRIVATE -DUSE_LIBDB1 -+CPPFLAGS += -D_GNU_SOURCE ++XCPPFLAGS = -I. -D_REENTRANT -D__DBINTERFACE_PRIVATE -DUSE_LIBDB1 -D_GNU_SOURCE +libdb.so-version=.2 + +all: libdb1.so$(libdb.so-version) + +%.o: %.c -+ $(CC) $(CPPFLAGS) $(CFLAGS) -c -g -o $@ $< ++ $(CC) $(XCPPFLAGS) $(CPPFLAGS) $(CFLAGS) -c -g -o $@ $< +%.os: %.c -+ $(CC) $(CPPFLAGS) $(CFLAGS) -c -fPIC -o $@ $< ++ $(CC) $(XCPPFLAGS) $(CPPFLAGS) $(CFLAGS) -c -fPIC -o $@ $< + +libdb1.so$(libdb.so-version): $(patsubst %,%.os,$(libdb1-routines)) + $(CC) -Wl,-O1 -Wl,--version-script=Versions -Wl,-z,combreloc \ -+ -Wl,-soname=libdb.so$(libdb.so-version) \ ++ -Wl,-soname=libdb.so$(libdb.so-version) $(LDFLAGS) \ + -shared -o $@ $^ -lc + +clean: diff --git a/debian/patches/db_dump185.patch b/debian/patches/db_dump185.patch index c5f45e6..4344348 100644 --- a/debian/patches/db_dump185.patch +++ b/debian/patches/db_dump185.patch @@ -1,29 +1,31 @@ Description: Add db_dump185 utility This provides dump compatibility with legacy database files. Author: Julian Gilbey <jdg@debian.org> +Author: Colin Watson <cjwatson@debian.org> Bug-Debian: http://bugs.debian.org/353637 Forwarded: no -Last-Update: 2010-03-26 +Last-Update: 2012-06-22 Index: b/Makefile =================================================================== --- a/Makefile +++ b/Makefile -@@ -25,7 +25,7 @@ - CPPFLAGS += -D_GNU_SOURCE +@@ -24,7 +24,7 @@ + XCPPFLAGS = -I. -D_REENTRANT -D__DBINTERFACE_PRIVATE -DUSE_LIBDB1 -D_GNU_SOURCE libdb.so-version=.2 -all: libdb1.so$(libdb.so-version) +all: libdb1.so$(libdb.so-version) db_dump185/db_dump185 %.o: %.c - $(CC) $(CPPFLAGS) $(CFLAGS) -c -g -o $@ $< -@@ -37,7 +37,11 @@ - -Wl,-soname=libdb.so$(libdb.so-version) \ + $(CC) $(XCPPFLAGS) $(CPPFLAGS) $(CFLAGS) -c -g -o $@ $< +@@ -36,7 +36,12 @@ + -Wl,-soname=libdb.so$(libdb.so-version) $(LDFLAGS) \ -shared -o $@ $^ -lc +db_dump185/db_dump185: db_dump185/db_dump185.c libdb1.so$(libdb.so-version) -+ $(CC) -I. -o $@ $< libdb1.so$(libdb.so-version) ++ $(CC) -I. $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) \ ++ -o $@ $< libdb1.so$(libdb.so-version) + clean: rm -f $(patsubst %,%.o,$(libdb1-routines)) diff --git a/debian/rules b/debian/rules index 33f300d..ba359a8 100755 --- a/debian/rules +++ b/debian/rules @@ -21,9 +21,9 @@ ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) export CC := $(DEB_HOST_GNU_TYPE)-gcc endif -ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS))) -export CFLAGS := -O0 -endif +export CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS) +export CFLAGS := $(shell dpkg-buildflags --get CFLAGS) +export LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) libdb1.so$(soversion): build |