[med-svn] r11279 - in trunk/packages/theseus/trunk/debian: . patches

Andreas Tille tille at alioth.debian.org
Fri Jun 8 07:03:38 UTC 2012 

Author: tille
Date: 2012-06-08 07:03:38 +0000 (Fri, 08 Jun 2012)
New Revision: 11279

Added:
   trunk/packages/theseus/trunk/debian/patches/21_use_dpkg_buildflags.patch
   trunk/packages/theseus/trunk/debian/patches/22_hardening_compile.patch
Modified:
   trunk/packages/theseus/trunk/debian/changelog
   trunk/packages/theseus/trunk/debian/patches/series
Log:
Apply patch by Simon Ruderich to really build with hardening flags and upload to unstable


Modified: trunk/packages/theseus/trunk/debian/changelog
===================================================================
--- trunk/packages/theseus/trunk/debian/changelog	2012-06-07 22:47:55 UTC (rev 11278)
+++ trunk/packages/theseus/trunk/debian/changelog	2012-06-08 07:03:38 UTC (rev 11279)
@@ -1,8 +1,11 @@
-theseus (1.6.2-2) UNRELEASED; urgency=low
+theseus (1.6.2-2) unstable; urgency=low
 
   * debian/upstream: Added missing space, fixed Name
+  * debian/patches: Two patches from Simon Ruderich
+    <simon at ruderich.org> to enable hardening (thanks to Simon)
+    Closes: #668120
 
- -- Andreas Tille <tille at debian.org>  Tue, 27 Mar 2012 09:01:16 +0200
+ -- Andreas Tille <tille at debian.org>  Fri, 08 Jun 2012 08:45:38 +0200
 
 theseus (1.6.2-1) unstable; urgency=low
 

Added: trunk/packages/theseus/trunk/debian/patches/21_use_dpkg_buildflags.patch
===================================================================
--- trunk/packages/theseus/trunk/debian/patches/21_use_dpkg_buildflags.patch	                        (rev 0)
+++ trunk/packages/theseus/trunk/debian/patches/21_use_dpkg_buildflags.patch	2012-06-08 07:03:38 UTC (rev 11279)
@@ -0,0 +1,38 @@
+Description: Use build flags from environment (dpkg-buildflags).
+ Necessary for hardening flags.
+ .
+ Also use CPPFLAGS and LDFLAGS where appropriate.
+Author: Simon Ruderich <simon at ruderich.org>
+Last-Update: 2012-04-09
+
+--- theseus-1.6.2.orig/make.inc
++++ theseus-1.6.2/make.inc
+@@ -25,7 +25,10 @@
+ #OPT = -O0 -ggdb
+ OPT = -O3 -ffast-math -fstrict-aliasing -funroll-loops -fomit-frame-pointer 
+ WARN = -Werror -Wall -pedantic -std=c99 #-Wstrict-aliasing=2
+-CFLAGS = $(WARN) #-force_cpusubtype_ALL -mmacosx-version-min=10.4 -arch x86_64 -arch i386 #-DNDEBUG
++CFLAGS += $(WARN) #-force_cpusubtype_ALL -mmacosx-version-min=10.4 -arch x86_64 -arch i386 #-DNDEBUG
++# CPPFLAGS are ignored by the rest of the build system but necessary for
++# hardening flags.
++CFLAGS += $(CPPFLAGS)
+ CC = /usr/bin/gcc
+ 
+ #
+--- theseus-1.6.2.orig/Makefile
++++ theseus-1.6.2/Makefile
+@@ -36,12 +36,12 @@
+ 
+ distfitexe:
+ 					$(CC) $(OPT) $(CFLAGS) -c distfit.c
+-					$(CC) $(OPT) $(CFLAGS) $(LIBDIR) $(LAPACKLIBDIR) $(BLASLIBDIR) distfit.o $(LIBS) $(LAPACKLIB) $(BLASLIB) $(SYSLIBS) -o distfit
++					$(CC) $(OPT) $(CFLAGS) $(LDFLAGS) $(LIBDIR) $(LAPACKLIBDIR) $(BLASLIBDIR) distfit.o $(LIBS) $(LAPACKLIB) $(BLASLIB) $(SYSLIBS) -o distfit
+ 
+ 
+ # THESEUS-specific files
+ theseus:			theseus.o $(OBJECTS)
+-					$(CC) $(OPT) $(CFLAGS) $(LIBDIR) $(LAPACKLIBDIR) $(BLASLIBDIR) theseus.o $(OBJECTS) $(LIBS) $(LAPACKLIB) $(BLASLIB) $(SYSLIBS) -o theseus
++					$(CC) $(OPT) $(CFLAGS) $(LDFLAGS) $(LIBDIR) $(LAPACKLIBDIR) $(BLASLIBDIR) theseus.o $(OBJECTS) $(LIBS) $(LAPACKLIB) $(BLASLIB) $(SYSLIBS) -o theseus
+ 
+ CovMat.o:			CovMat.c
+ 					$(CC) $(OPT) $(CFLAGS) $(INCDIR) -c CovMat.c

Added: trunk/packages/theseus/trunk/debian/patches/22_hardening_compile.patch
===================================================================
--- trunk/packages/theseus/trunk/debian/patches/22_hardening_compile.patch	                        (rev 0)
+++ trunk/packages/theseus/trunk/debian/patches/22_hardening_compile.patch	2012-06-08 07:03:38 UTC (rev 11279)
@@ -0,0 +1,24 @@
+Description: Fix compile with dpkg-buildflags.
+ Use -Wno-error=unused-result to ignore unimportant warnings and filter out
+ -O2.
+Author: Simon Ruderich <simon at ruderich.org>
+Last-Update: 2012-04-09
+
+--- theseus-1.6.2.orig/make.inc
++++ theseus-1.6.2/make.inc
+@@ -24,11 +24,14 @@
+ INSTALLDIR = /usr/local/bin
+ #OPT = -O0 -ggdb
+ OPT = -O3 -ffast-math -fstrict-aliasing -funroll-loops -fomit-frame-pointer 
+-WARN = -Werror -Wall -pedantic -std=c99 #-Wstrict-aliasing=2
++WARN = -Werror -Wno-error=unused-result -Wall -pedantic -std=c99 #-Wstrict-aliasing=2
+ CFLAGS += $(WARN) #-force_cpusubtype_ALL -mmacosx-version-min=10.4 -arch x86_64 -arch i386 #-DNDEBUG
+ # CPPFLAGS are ignored by the rest of the build system but necessary for
+ # hardening flags.
+ CFLAGS += $(CPPFLAGS)
++# Filter out -O2 which overwrites the default -O3 because OPT is used before
++# CFLAGS.
++CFLAGS := $(filter-out -O2,$(CFLAGS))
+ CC = /usr/bin/gcc
+ 
+ #

Modified: trunk/packages/theseus/trunk/debian/patches/series
===================================================================
--- trunk/packages/theseus/trunk/debian/patches/series	2012-06-07 22:47:55 UTC (rev 11278)
+++ trunk/packages/theseus/trunk/debian/patches/series	2012-06-08 07:03:38 UTC (rev 11279)
@@ -1,3 +1,5 @@
 10_kbsd.patch
 20_hardening.patch
 20_exclude_apple_options.patch
+21_use_dpkg_buildflags.patch
+22_hardening_compile.patch

More information about the debian-med-commit mailing list