The following commit has been merged in the jessie branch:
commit 31928d667e2374d8a4745853402362302a88b771
Author: Bas Couwenberg <sebas...@xs4all.nl>
Date:   Fri Jun 28 22:05:18 2013 +0200

    Enable hardening build flags.

diff --git a/debian/changelog b/debian/changelog
index aff0ab0..19dee84 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -18,6 +18,7 @@ mapserver (6.2.1-3) UNRELEASED; urgency=low
     charset appended.
   * Drop debian-changes-6.2.1-1 from patch series.
   * Update libgd build dependency to libgd-dev for the libgd2 transition.
+  * Enable hardening build flags.
 
  -- Bas Couwenberg <sebas...@xs4all.nl>  Fri, 14 Jun 2013 22:00:07 +0200
 
diff --git a/debian/control b/debian/control
index eb5893c..f6044b3 100644
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,7 @@ Priority: optional
 Maintainer: Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>
 Uploaders: Francesco Paolo Lovergine <fran...@debian.org>, Alan Boudreault 
<aboudrea...@mapgears.com>
 Standards-Version: 3.9.3
-Build-Depends: debhelper (>= 9), libcurl4-gnutls-dev, libpng-dev, zlib1g-dev 
(>= 1.1.4),
+Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.1.1), libcurl4-gnutls-dev, 
libpng-dev, zlib1g-dev (>= 1.1.4),
  libgd-dev (>= 2.1.0~rc1-2), libfreetype6-dev (>= 2.0.9), libjpeg-dev, 
libgdal1-dev (>=1.9.0), libproj-dev,
  libpq-dev, php5-dev, swig, python-all (>= 2.6.6-3~), python-all-dev (>= 
2.6.6-3~), libgeos-dev (>= 3.3.1-1~),
  ruby1.8, ruby1.8-dev, ruby1.9.1, ruby1.9.1-dev,
diff --git a/debian/patches/hardening.patch b/debian/patches/hardening.patch
new file mode 100644
index 0000000..c7574e3
--- /dev/null
+++ b/debian/patches/hardening.patch
@@ -0,0 +1,87 @@
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -254,6 +254,9 @@ FLAGS = @DEBUG_FLAGS@ $(DEFINES) $(INCLU
+ 
+ CFLAGS   = @CFLAGS@ $(FLAGS)
+ CXXFLAGS = @CXXFLAGS@ $(FLAGS)
++LDFLAGS = @LDFLAGS@
++
++LINK+=$(LDFLAGS)
+ 
+ # Link flags and shared libs only
+ SUP_LIBS =  $(FT_LIB) $(GD_LIB) $(OGL_LIB) $(FTGL_LIB) $(PROJ_LIBS) \
+@@ -417,6 +420,7 @@ mapscriptvars:     Makefile
+       echo $(LIBMAP) >> mapscriptvars
+       echo -Wl,$(EXE_LDFLAGS) >> mapscriptvars
+       grep '#define MS_VERSION ' mapserver.h >> mapscriptvars
++      echo $(CFLAGS) >> mapscriptvars
+ 
+ mapserver-config: Makefile
+       rm -f mapserver-config
+--- a/mapscript/perl/Makefile.PL.in
++++ b/mapscript/perl/Makefile.PL.in
+@@ -1,5 +1,6 @@
+ # File : Makefile.PL
+ use ExtUtils::MakeMaker;
++use Config;
+ 
+ open(STREAM, '../../mapscriptvars') or die('Unable to open mapscriptvars, 
have you built the MapServer yet?'); 
+ 
+@@ -33,10 +34,14 @@ if ($ms_version_line) {
+ # Default is 4.3
+ else { $ms_version = '4.3'; }
+ 
++$cflags = <STREAM>;
++chomp $cflags;
++
+ print $inc."\n";
+ print $libs."\n";
+ print $static_libs."\n";
+ print $ms_version."\n";
++print $cflags."\n";
+ 
+ my $swigInterfaceFile = "../mapscript.i";
+ my $swigWrapperFile   = "mapscript_wrap.c";
+@@ -75,6 +80,8 @@ WriteMakefile(
+             'DEFINE'          => $define,
+             'INC'             => $inc,
+             'LIBS'            => [$libs,$static_libs],
++            'OPTIMIZE'        => $cflags,
++            'LD'              => "$Config{ld} $cflags",
+             'OBJECT'          => 'mapscript_wrap.o',
+                 'VERSION'     => $ms_version
+             );
+--- a/mapscript/php/Makefile.in
++++ b/mapscript/php/Makefile.in
+@@ -58,6 +58,7 @@ XTRALIBS= @XTRALIBS@
+ RUNPATHS= -rpath $(libdir)
+ 
+ CFLAGS = @CFLAGS@ @USE_PHP_REGEX@ -DCOMPILE_DL=1 @PHP_VERSION_FLAG@
++LDFLAGS=@LDFLAGS@
+ 
+ 
+ PHP_INC = `$(PHPCONFIG) --includes ` @APACHE_INC@
+@@ -88,7 +89,7 @@ PHP_EXT_DIR=`$(PHPCONFIG) --extension-di
+ 
+ LT_LDFLAGS=-rpath $(PHP_EXT_DIR) -module
+ OBJ_SUFFIX=lo
+-LINK=$(LTLD) $(LD) $(LT_LDFLAGS)
++LINK=$(LTLD) $(LD) $(LDFLAGS) $(LT_LDFLAGS)
+ MS_LIBS =   ../../libmapserver.la
+ 
+ MS_VERSION = @MS_VERSION@
+--- a/mapscript/python/Makefile.in
++++ b/mapscript/python/Makefile.in
+@@ -29,10 +29,11 @@ PYINCDIR=`$(PYTHON) -c "from distutils.s
+ RUNPATH= -rpath $(PYLIBDIR)
+ DEFINES=@ALL_ENABLED@
+ CFLAGS = $(DEFINES) @CFLAGS@ -I$(PYINCDIR) @MS_INC@ @ALL_INC@
++LDFLAGS=@LDFLAGS@
+ 
+ LT_LDFLAGS= $(RUNPATH) -module
+ OBJ_SUFFIX=lo
+-LINK=$(LTLD) $(LD) $(LT_LDFLAGS)
++LINK=$(LTLD) $(LD) $(LDFLAGS) $(LT_LDFLAGS)
+ MS_LIB =   $(top_builddir)/libmapserver.la
+ 
+ 
diff --git a/debian/patches/series b/debian/patches/series
index a986975..8f58ad2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 fixmapscriptvars.patch
 php_segfault
 mapows-contenttype.patch
+hardening.patch
diff --git a/debian/rules b/debian/rules
index 5544b0a..ca7ae00 100755
--- a/debian/rules
+++ b/debian/rules
@@ -7,6 +7,16 @@
 
 # This has to be exported to make some magic below work.
 export DH_OPTIONS
+
+# Enable hardening build flags
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+
+CPPFLAGS:=$(shell dpkg-buildflags --get CPPFLAGS)
+CFLAGS:=$(shell dpkg-buildflags --get CFLAGS)
+LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS)
+
+CFLAGS+=$(CPPFLAGS)
+CFLAGS+=$(LDFLAGS)
  
 package=mapserver
 
@@ -45,12 +55,14 @@ COMMON_CONFIG=      --prefix=/usr \
 
 rstoptions=--stylesheet=mapscript.css --link-stylesheet 
 
-MS_CFLAGS=-O2
+MS_CFLAGS=$(CFLAGS)
 MS_CXXFLAGS=$(MS_CFLAGS)
+MS_CPPFLAGS=$(CPPFLAGS)
+MS_LDFLAGS=$(LDFLAGS)
 
 configure-stamp:
        dh_testdir
-       ./configure $(COMMON_CONFIG) CFLAGS="$(MS_CFLAGS)" 
CXXFLAGS="$(MS_CXXFLAGS)"
+       ./configure $(COMMON_CONFIG) CFLAGS="$(MS_CFLAGS)" 
CXXFLAGS="$(MS_CXXFLAGS)" CPPFLAGS="$(MS_CPPFLAGS)" LDFLAGS="$(MS_LDFLAGS)"
 
        touch configure-stamp
 
@@ -77,11 +89,11 @@ build-arch-stamp: configure-stamp
        # Build Perl mapscript
        cd $(CURDIR)/mapscript/perl && \
          perl Makefile.PL INSTALLDIRS=vendor \
-         && $(MAKE) LD_RUN_PATH="" OPTIMIZE="-O2 -g -W -Wall"
+         && $(MAKE) LD_RUN_PATH="" OPTIMIZE="$(CFLAGS) -W -Wall"
 
        # Build python
        cd $(CURDIR)/mapscript/python && \
-         set -e; for python in $(PYVERS); do $$python setup.py build; done
+         set -e; for python in $(PYVERS); do CFLAGS="$(CFLAGS)" 
LDFLAGS="$(LDFLAGS)" $$python setup.py build; done
 
        # Build ruby
        cd $(CURDIR)/mapscript/ruby && set -e ; \

-- 
Mapserver

_______________________________________________
Pkg-grass-devel mailing list
Pkg-grass-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel

Reply via email to