Bug#920000: Please build nacl with -fPIC and use CFLAGS from dpkg-buildflags

[Laurent Bigonville]

Source: nacl
Version: 20110221-6
Severity: serious

Hi,

Should't nacl be built with -fPIC?

You also might want to follow the *FLAGS set in the environment during
the build.

On fedora they are doing both:

https://src.fedoraproject.org/cgit/rpms/nacl.git/tree/nacl-20110221-dist-flags.patch
https://src.fedoraproject.org/cgit/rpms/nacl.git/tree/nacl.spec#n56

The fact that it's missing -fPIC seems to cause troubles in libssh
(#919956)

See attached patch

Kind regards,

Laurent Bigonville

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy

diff -Nru 
nacl-20110221/debian/patches/0002-remove-superfluous-compiler-flags.patch 
nacl-20110221/debian/patches/0002-remove-superfluous-compiler-flags.patch
--- nacl-20110221/debian/patches/0002-remove-superfluous-compiler-flags.patch   
2018-10-22 08:10:48.000000000 +0200
+++ nacl-20110221/debian/patches/0002-remove-superfluous-compiler-flags.patch   
2019-01-21 13:14:00.000000000 +0100
@@ -11,35 +11,32 @@
  okcompilers/cpp | 9 +++------
  2 files changed, 6 insertions(+), 12 deletions(-)
 
-diff --git a/okcompilers/c b/okcompilers/c
-index 7218da3..2667f82 100644
 --- a/okcompilers/c
 +++ b/okcompilers/c
-@@ -1,8 +1,5 @@
+@@ -1,8 +1 @@
 -gcc -m64 -O3 -fomit-frame-pointer -funroll-loops
 -gcc -m64 -O -fomit-frame-pointer
 -gcc -m64 -fomit-frame-pointer
 -gcc -m32 -O3 -fomit-frame-pointer -funroll-loops
 -gcc -m32 -O -fomit-frame-pointer
 -gcc -m32 -fomit-frame-pointer
-+gcc -O3 -fomit-frame-pointer -funroll-loops
-+gcc -O -fomit-frame-pointer
-+gcc -fomit-frame-pointer
- spu-gcc -mstdmain -march=cell -O3 -funroll-loops -fomit-frame-pointer 
-Drandom=rand -Dsrandom=srand
- spu-gcc -mstdmain -march=cell -O -fomit-frame-pointer -Drandom=rand 
-Dsrandom=srand
-diff --git a/okcompilers/cpp b/okcompilers/cpp
-index d1b9ae6..35304e4 100644
+-spu-gcc -mstdmain -march=cell -O3 -funroll-loops -fomit-frame-pointer 
-Drandom=rand -Dsrandom=srand
+-spu-gcc -mstdmain -march=cell -O -fomit-frame-pointer -Drandom=rand 
-Dsrandom=srand
++gcc ${CFLAGS}
 --- a/okcompilers/cpp
 +++ b/okcompilers/cpp
-@@ -1,8 +1,5 @@
+@@ -1,8 +1 @@
 -g++ -m64 -O3 -fomit-frame-pointer -funroll-loops
 -g++ -m64 -O -fomit-frame-pointer
 -g++ -m64 -fomit-frame-pointer
 -g++ -m32 -O3 -fomit-frame-pointer -funroll-loops
 -g++ -m32 -O -fomit-frame-pointer
 -g++ -m32 -fomit-frame-pointer
-+g++ -O3 -fomit-frame-pointer -funroll-loops
-+g++ -O -fomit-frame-pointer
-+g++ -fomit-frame-pointer
- spu-g++ -mstdmain -march=cell -O3 -funroll-loops -fomit-frame-pointer 
-Drandom=rand -Dsrandom=srand
- spu-g++ -mstdmain -march=cell -O -fomit-frame-pointer -Drandom=rand 
-Dsrandom=srand
+-spu-g++ -mstdmain -march=cell -O3 -funroll-loops -fomit-frame-pointer 
-Drandom=rand -Dsrandom=srand
+-spu-g++ -mstdmain -march=cell -O -fomit-frame-pointer -Drandom=rand 
-Dsrandom=srand
++g++ ${CFLAGS}
+--- a/okcompilers/archivers
++++ b/okcompilers/archivers
+@@ -1,2 +1 @@
+ ar
+-ar -X64
diff -Nru nacl-20110221/debian/rules nacl-20110221/debian/rules
--- nacl-20110221/debian/rules  2018-10-22 08:11:09.000000000 +0200
+++ nacl-20110221/debian/rules  2019-01-21 13:14:00.000000000 +0100
@@ -2,6 +2,8 @@
 
 #export DH_VERBOSE=1
 
+CFLAGS = $(shell dpkg-buildflags --get CFLAGS)
+
 override_dh_auto_build:
        # some quick tests for the status of /sys to help debug failures
        -ls /sys
@@ -13,5 +15,15 @@
        # DJB "makefile"-ish
        ./do
 
+override_dh_auto_configure:
+       [ -f okcompilers/c.orig ] || cp okcompilers/c okcompilers/c.orig
+       [ -f okcompilers/cpp.orig ] || cp okcompilers/cpp okcompilers/cpp.orig
+       sed -i 's|$${CFLAGS}|$(CFLAGS) -fPIC|g' okcompilers/c okcompilers/cpp
+
 %:
        dh $@
+
+override_dh_auto_clean:
+       mv -f okcompilers/c.orig okcompilers/c || true
+       mv -f okcompilers/cpp.orig okcompilers/cpp || true
+       dh_auto_clean