Package: rekonq
Version: 0.9.9-1-1
Severity: important
Tags: patch

Dear Maintainer,

The CPPFLAGS hardening flags are missing because CMake ignores
them by default.

The following patch fixes the issue by adding them to
CFLAGS/CXXFLAGS. For more hardening information please have a
look at [1], [2] and [3].

diff -Nru rekonq-0.9.0-1/debian/rules rekonq-0.9.0-1/debian/rules
--- rekonq-0.9.0-1/debian/rules 2012-03-20 19:26:04.000000000 +0100
+++ rekonq-0.9.0-1/debian/rules 2012-03-24 16:27:09.000000000 +0100
@@ -1,6 +1,12 @@
 #!/usr/bin/make -f
 
 export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow
+# CMake doesn't use CPPFLAGS, pass them to CFLAGS/CXXFLAGS to enable the
+# missing (hardening) flags. dpkg_buildflags is necessary because $(shell ..)
+# doesn't use local environment variables.
+dpkg_buildflags = DEB_BUILD_MAINT_OPTIONS=$(DEB_BUILD_MAINT_OPTIONS) 
dpkg-buildflags
+export DEB_CFLAGS_MAINT_APPEND   = $(shell $(dpkg_buildflags) --get CPPFLAGS)
+export DEB_CXXFLAGS_MAINT_APPEND = $(shell $(dpkg_buildflags) --get CPPFLAGS)
 export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
 
 %:

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

Attachment: signature.asc
Description: Digital signature

_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

Reply via email to