Package: unzip
Version: 6.0-5
Severity: important
Tags: patch
Please enabled hardened build flags through dpkg-buildflags.
Patch attached. (dpkg-buildflags abides "noopt" from DEB_BUILD_OPTIONS)
I had to disable format string checking using
"DEB_BUILD_MAINT_OPTIONS=hardening=-format". The errors exposed are
weird, it would be nice if you can clean these up as well.
Cheers,
Moritz
diff -aur unzip-6.0.harden/debian/rules unzip-6.0/debian/rules
--- unzip-6.0.harden/debian/rules 2011-07-01 18:49:26.000000000 +0200
+++ unzip-6.0/debian/rules 2012-01-17 23:23:24.000000000 +0100
@@ -5,7 +5,11 @@
history = History.600
CC = gcc
-CFLAGS = -g -Wall
+export DEB_BUILD_MAINT_OPTIONS=hardening=-format
+CFLAGS = `dpkg-buildflags --get CFLAGS`
+CFLAGS += -Wall
+CFLAGS += `dpkg-buildflags --get CPPFLAGS`
+
DEFINES = -DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR -DLARGE_FILE_SUPPORT \
-DUNICODE_SUPPORT -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \
-DDATE_FORMAT=DF_YMD -DUSE_BZIP2
@@ -19,9 +22,6 @@
CC=$(DEB_HOST_GNU_TYPE)-gcc
endif
-ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -O2
-endif
ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
STRIP = strip --remove-section=.comment --remove-section=.note
endif
Nur in unzip-6.0/debian: rules~.
diff -aur unzip-6.0.harden/unix/Makefile unzip-6.0/unix/Makefile
--- unzip-6.0.harden/unix/Makefile 2009-01-18 23:41:18.000000000 +0100
+++ unzip-6.0/unix/Makefile 2012-01-17 23:22:28.000000000 +0100
@@ -50,7 +50,7 @@
CFLAGS = -O
CF_NOOPT = -I. -I$(IZ_BZIP2) -DUNIX $(LOC)
CF = $(CFLAGS) $(CF_NOOPT)
-LFLAGS1 =
+LFLAGS1 = `dpkg-buildflags --get LDFLAGS`
LF = -o unzip$E $(LFLAGS1)
LF2 = -s
Nur in unzip-6.0/unix: Makefile~.
