Package: ldapvi Version: 1.7-9 Severity: important Tags: patch User: hardening-disc...@lists.alioth.debian.org Usertags: goal-hardening
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, Please enable hardened build flags with dpkg-buildflags (patch attached). dpkg-buildflags handle "noopt" from DEB_BUILD_OPTIONS. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUEMjIAAoJEJmGUYuaqqClMQsP/0FpUBQ9i8mUnuCEj7ahucsc +CY+8g9OseRjGZd5fIroePSbJOsGTsxIzz/ZsWNPqrN5xl7pLjZCGXV5t/8WBnWS Yq+o00gdIbWgP7sr1kJ/J0DJLieOyL8gGtwl7pO7KYov3bCq6AToRNE9KB6ubFBz Geg3uD0sHrzAcjRkq0trDowa4xIzZ8+3Sk0+/UTqgIkXykX8W6/GzSUbzrQlWOUN VQY4x5jd/mxUCCaQPvCdBkBmMvvB8Nhlp5TwZSGQ83jRM+mDxLEtZ0TPtniDHMtE 1o17PtsvLqOW3/1fnKq4/B7W3xgLnJ4yGKwCl/EfHOUDz2uF8KRbdJ6KPjK70BHB wWghZtnSy6qjXFwTgBNIH1xHWxZ0HqY7Rlrki1R+c1kCqFW2PaaW9514hpbOdW/+ ntMmuKtcybDEonah9aAyRxpMuZoWw+49KOF6rChbgSTXKRvWwWkabR0X+/xcevAS Vc9n4+F/Dt5aqu3xImIXwgwqzeSWVhenY6DpTF29o+cxh+pR53GQc5ZUGp1lanhE hqhMR8ruRbzjZNG5yEvv1z62IRwa8PUKp1VrAizUOfVkFmyiBAYFetmtH1zFSiAa VygyfzraeKxnNA5xyKhILLfgHcIHGmRAgcGcA14PqcYhV7QLAqSAlUMBREV4d9U/ 93y8L0e1B3NkqBvvIkk8 =qjhd -----END PGP SIGNATURE-----
diff -u ldapvi-1.7/debian/changelog ldapvi-1.7/debian/changelog --- ldapvi-1.7/debian/changelog +++ ldapvi-1.7/debian/changelog @@ -1,3 +1,11 @@ +ldapvi (1.7-9.1) unstable; urgency=medium + + * Non-maintainer upload. + * Use dpkg-buildflags and pass *FLAGS to configure + * Remove compilation generated files (config.status, GNUmakefile, config.h) + + -- Guillaume Delacour <g...@iroqwa.org> Wed, 10 Sep 2014 23:40:05 +0200 + ldapvi (1.7-9) unstable; urgency=low * Use fileencoding instead of encoding in vim modeline which makes recent diff -u ldapvi-1.7/debian/rules ldapvi-1.7/debian/rules --- ldapvi-1.7/debian/rules +++ ldapvi-1.7/debian/rules @@ -11,17 +11,15 @@ DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) -CFLAGS = -Wall -g +CFLAGS=$(shell dpkg-buildflags --get CFLAGS) +CFLAGS += -Wall +CPPFLAGS=$(shell dpkg-buildflags --get CPPFLAGS) +LDFLAGS=$(shell dpkg-buildflags --get LDFLAGS) INSTALL = install INSTALL_FILE = $(INSTALL) -p -oroot -groot -m644 INSTALL_PROGRAM = $(INSTALL) -p -oroot -groot -m755 INSTALL_SCRIPT = $(INSTALL) -p -oroot -groot -m755 INSTALL_DIR = $(INSTALL) -p -d -oroot -groot -m755 -ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS))) - CFLAGS += -O0 -else - CFLAGS += -O2 -endif ifeq (,$(filter nostrip,$(DEB_BUILD_OPTIONS))) INSTALL_PROGRAM += -s STRIP = true @@ -47,12 +45,14 @@ cp -a configure configure.save [ ! -f Makefile ] || $(MAKE) distclean mv configure.save configure + # Remove compilation generated files + rm -f config.status GNUmakefile config.h build: build-stamp build-stamp: patch-stamp $(checkdir) - CFLAGS="$(CFLAGS)" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --with-libcrypto=none + CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --with-libcrypto=none $(MAKE) cd manual && $(MAKE) manual.html touch build-stamp