[Build-common-hackers] Bug#668820: cdbs: cmake buildsystem ignores CPPFLAGS
Simon Ruderich
simon at ruderich.org
Sat Apr 14 16:51:08 UTC 2012
Package: cdbs
Version: 0.4.109
Severity: important
Tags: patch
Hello,
The cmake buildsystem ignores CPPFLAGS and upstream rejected a
patch to include them in CFLAGS (#653916). This prevents
automatic hardening with -D_FORTIFY_SOURCE=2 for all CMake
packages (see [1] for more information about hardening).
Modifying all CMake packages just to append CPPFLAGS to CFLAGS
creates unnecessary boilerplate and requires modifying all CMake
packages - something maintainers are reluctant to do (#667941).
If possible cdbs should be updated as soon as possible to help
with the hardening release goal for wheezy.
The attached patch updates cmake.mk to append CPPFLAGS to CFLAGS.
It seems to work fine, but I don't have much experience with
cdbs's buildsystem - please modify the patch if there's a better
way to handle that.
Regards,
Simon
[1]: https://wiki.debian.org/Hardening
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cdbs-cmake-cppflags.patch
Type: text/x-diff
Size: 998 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/build-common-hackers/attachments/20120414/63fd43df/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/build-common-hackers/attachments/20120414/63fd43df/attachment.pgp>
More information about the Build-common-hackers
mailing list