Author: tille Date: 2012-06-08 07:03:38 +0000 (Fri, 08 Jun 2012) New Revision: 11279
Added: trunk/packages/theseus/trunk/debian/patches/21_use_dpkg_buildflags.patch trunk/packages/theseus/trunk/debian/patches/22_hardening_compile.patch Modified: trunk/packages/theseus/trunk/debian/changelog trunk/packages/theseus/trunk/debian/patches/series Log: Apply patch by Simon Ruderich to really build with hardening flags and upload to unstable Modified: trunk/packages/theseus/trunk/debian/changelog =================================================================== --- trunk/packages/theseus/trunk/debian/changelog 2012-06-07 22:47:55 UTC (rev 11278) +++ trunk/packages/theseus/trunk/debian/changelog 2012-06-08 07:03:38 UTC (rev 11279) @@ -1,8 +1,11 @@ -theseus (1.6.2-2) UNRELEASED; urgency=low +theseus (1.6.2-2) unstable; urgency=low * debian/upstream: Added missing space, fixed Name + * debian/patches: Two patches from Simon Ruderich + <[email protected]> to enable hardening (thanks to Simon) + Closes: #668120 - -- Andreas Tille <[email protected]> Tue, 27 Mar 2012 09:01:16 +0200 + -- Andreas Tille <[email protected]> Fri, 08 Jun 2012 08:45:38 +0200 theseus (1.6.2-1) unstable; urgency=low Added: trunk/packages/theseus/trunk/debian/patches/21_use_dpkg_buildflags.patch =================================================================== --- trunk/packages/theseus/trunk/debian/patches/21_use_dpkg_buildflags.patch (rev 0) +++ trunk/packages/theseus/trunk/debian/patches/21_use_dpkg_buildflags.patch 2012-06-08 07:03:38 UTC (rev 11279) @@ -0,0 +1,38 @@ +Description: Use build flags from environment (dpkg-buildflags). + Necessary for hardening flags. + . + Also use CPPFLAGS and LDFLAGS where appropriate. +Author: Simon Ruderich <[email protected]> +Last-Update: 2012-04-09 + +--- theseus-1.6.2.orig/make.inc ++++ theseus-1.6.2/make.inc +@@ -25,7 +25,10 @@ + #OPT = -O0 -ggdb + OPT = -O3 -ffast-math -fstrict-aliasing -funroll-loops -fomit-frame-pointer + WARN = -Werror -Wall -pedantic -std=c99 #-Wstrict-aliasing=2 +-CFLAGS = $(WARN) #-force_cpusubtype_ALL -mmacosx-version-min=10.4 -arch x86_64 -arch i386 #-DNDEBUG ++CFLAGS += $(WARN) #-force_cpusubtype_ALL -mmacosx-version-min=10.4 -arch x86_64 -arch i386 #-DNDEBUG ++# CPPFLAGS are ignored by the rest of the build system but necessary for ++# hardening flags. ++CFLAGS += $(CPPFLAGS) + CC = /usr/bin/gcc + + # +--- theseus-1.6.2.orig/Makefile ++++ theseus-1.6.2/Makefile +@@ -36,12 +36,12 @@ + + distfitexe: + $(CC) $(OPT) $(CFLAGS) -c distfit.c +- $(CC) $(OPT) $(CFLAGS) $(LIBDIR) $(LAPACKLIBDIR) $(BLASLIBDIR) distfit.o $(LIBS) $(LAPACKLIB) $(BLASLIB) $(SYSLIBS) -o distfit ++ $(CC) $(OPT) $(CFLAGS) $(LDFLAGS) $(LIBDIR) $(LAPACKLIBDIR) $(BLASLIBDIR) distfit.o $(LIBS) $(LAPACKLIB) $(BLASLIB) $(SYSLIBS) -o distfit + + + # THESEUS-specific files + theseus: theseus.o $(OBJECTS) +- $(CC) $(OPT) $(CFLAGS) $(LIBDIR) $(LAPACKLIBDIR) $(BLASLIBDIR) theseus.o $(OBJECTS) $(LIBS) $(LAPACKLIB) $(BLASLIB) $(SYSLIBS) -o theseus ++ $(CC) $(OPT) $(CFLAGS) $(LDFLAGS) $(LIBDIR) $(LAPACKLIBDIR) $(BLASLIBDIR) theseus.o $(OBJECTS) $(LIBS) $(LAPACKLIB) $(BLASLIB) $(SYSLIBS) -o theseus + + CovMat.o: CovMat.c + $(CC) $(OPT) $(CFLAGS) $(INCDIR) -c CovMat.c Added: trunk/packages/theseus/trunk/debian/patches/22_hardening_compile.patch =================================================================== --- trunk/packages/theseus/trunk/debian/patches/22_hardening_compile.patch (rev 0) +++ trunk/packages/theseus/trunk/debian/patches/22_hardening_compile.patch 2012-06-08 07:03:38 UTC (rev 11279) @@ -0,0 +1,24 @@ +Description: Fix compile with dpkg-buildflags. + Use -Wno-error=unused-result to ignore unimportant warnings and filter out + -O2. +Author: Simon Ruderich <[email protected]> +Last-Update: 2012-04-09 + +--- theseus-1.6.2.orig/make.inc ++++ theseus-1.6.2/make.inc +@@ -24,11 +24,14 @@ + INSTALLDIR = /usr/local/bin + #OPT = -O0 -ggdb + OPT = -O3 -ffast-math -fstrict-aliasing -funroll-loops -fomit-frame-pointer +-WARN = -Werror -Wall -pedantic -std=c99 #-Wstrict-aliasing=2 ++WARN = -Werror -Wno-error=unused-result -Wall -pedantic -std=c99 #-Wstrict-aliasing=2 + CFLAGS += $(WARN) #-force_cpusubtype_ALL -mmacosx-version-min=10.4 -arch x86_64 -arch i386 #-DNDEBUG + # CPPFLAGS are ignored by the rest of the build system but necessary for + # hardening flags. + CFLAGS += $(CPPFLAGS) ++# Filter out -O2 which overwrites the default -O3 because OPT is used before ++# CFLAGS. ++CFLAGS := $(filter-out -O2,$(CFLAGS)) + CC = /usr/bin/gcc + + # Modified: trunk/packages/theseus/trunk/debian/patches/series =================================================================== --- trunk/packages/theseus/trunk/debian/patches/series 2012-06-07 22:47:55 UTC (rev 11278) +++ trunk/packages/theseus/trunk/debian/patches/series 2012-06-08 07:03:38 UTC (rev 11279) @@ -1,3 +1,5 @@ 10_kbsd.patch 20_hardening.patch 20_exclude_apple_options.patch +21_use_dpkg_buildflags.patch +22_hardening_compile.patch _______________________________________________ debian-med-commit mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-commit
