On Sun, Oct 23, 2016 at 03:29:36PM +0200, Reiner Herrmann wrote: > --- a/debian/rules > +++ b/debian/rules > @@ -13,7 +13,7 @@ else > CONFFLAGS = --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) > endif > > -CFLAGS = -g > +CFLAGS = $(shell dpkg-buildflags --get CFLAGS) > > ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) > CFLAGS += -O2
Niels Thykier suggested another approach. dh_auto_configure already handles CFLAGS and cross-building, so the rules can be simplified a bit. An updated patch is attached.
diff --git a/debian/patches/format_string b/debian/patches/format_string new file mode 100644 index 0000000..f38677e --- /dev/null +++ b/debian/patches/format_string @@ -0,0 +1,27 @@ +Author: Reiner Herrmann <[email protected]> +Description: don't pass error message directly as format string to error() + Build fails with -Werror=format-security enabled, because no constant string + is passed as error string. + Passing a string based on user input (regex) directly as format string is + a security issue. + +--- a/src/filterdiff.c ++++ b/src/filterdiff.c +@@ -1355,7 +1355,7 @@ + char errstr[300]; + regerror (err, ®ex[num_regex - 1], errstr, + sizeof (errstr)); +- error (EXIT_FAILURE, 0, errstr); ++ error (EXIT_FAILURE, 0, "%s", errstr); + exit (1); + } + } +@@ -1613,7 +1613,7 @@ + char errstr[300]; + regerror (err, ®ex[num_regex - 1], errstr, + sizeof (errstr)); +- error (EXIT_FAILURE, 0, errstr); ++ error (EXIT_FAILURE, 0, "%s", errstr); + exit (1); + } + } diff --git a/debian/patches/series b/debian/patches/series index 72dc30c..a584743 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ espdiff.6 posixness_fix +format_string diff --git a/debian/rules b/debian/rules index 5717bca..5f1f989 100755 --- a/debian/rules +++ b/debian/rules @@ -4,28 +4,13 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 -DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) -DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) - -ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE)) -CONFFLAGS = --build $(DEB_HOST_GNU_TYPE) -else -CONFFLAGS = --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) -endif - -CFLAGS = -g - -ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) -CFLAGS += -O2 -endif - D=$(CURDIR)/debian/patchutils/usr configure: configure-stamp configure-stamp: dh_testdir dh_autoreconf - CFLAGS="$(CFLAGS)" ./configure $(CONFFLAGS) --prefix=/usr --mandir=\$${prefix}/share/man + dh_auto_configure touch configure-stamp build build-arch: build-stamp @@ -37,10 +22,8 @@ build-stamp: configure-stamp # point to a path relative to the top-level manual hierarchy sed -i -e 's/ rediff.1/ man1\/rediff.1/' doc/editdiff.1 ifneq (nocheck,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) -ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE)) $(MAKE) check -j1 endif -endif touch build-stamp build-indep:
_______________________________________________ Reproducible-builds mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
