Your message dated Tue, 17 Apr 2012 13:32:32 +0000
with message-id <[email protected]>
and subject line Bug#668813: fixed in debhelper 9.20120417
has caused the Debian Bug report #668813,
regarding debhelper: cmake buildsystem ignores CPPFLAGS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
668813: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668813
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: debhelper
Version: 9.20120410
Severity: important
Tags: patch
Hello,
The cmake buildsystem ignores CPPFLAGS and upstream rejected a
patch to include them in CFLAGS (#653916). This prevents
automatic hardening with -D_FORTIFY_SOURCE=2 for all CMake
packages (see [1] for more information about hardening).
Modifying all CMake packages just to append CPPFLAGS to CFLAGS
creates unnecessary boilerplate and requires modifying all CMake
packages - something maintainers are reluctant to do (#667941).
If possible debhelper should be updated as soon as possible to
help with the hardening release goal for wheezy.
The attached patch updates cmake.pm to append CPPFLAGS to CFLAGS.
It seems to work fine, but I don't have much experience with
debhelper's buildsystem - please modify the patch if there's a
better way to handle that.
Regards,
Simon
[1]: https://wiki.debian.org/Hardening
--
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9
diff -Nru debhelper-9.20120410/Debian/Debhelper/Buildsystem/cmake.pm debhelper-9.20120410.1~hardening1/Debian/Debhelper/Buildsystem/cmake.pm
--- debhelper-9.20120410/Debian/Debhelper/Buildsystem/cmake.pm 2011-10-20 02:02:57.000000000 +0200
+++ debhelper-9.20120410.1~hardening1/Debian/Debhelper/Buildsystem/cmake.pm 2012-04-14 16:58:24.000000000 +0200
@@ -43,6 +43,12 @@
push @flags, "-DCMAKE_INSTALL_PREFIX=/usr";
push @flags, "-DCMAKE_VERBOSE_MAKEFILE=ON";
+ # CMake doesn't respect CPPFLAGS, see #653916.
+ if ($ENV{CPPFLAGS}) {
+ $ENV{CFLAGS} .= ' ' . $ENV{CPPFLAGS};
+ $ENV{CXXFLAGS} .= ' ' . $ENV{CPPFLAGS};
+ }
+
$this->mkdir_builddir();
eval {
$this->doit_in_builddir("cmake", $this->get_source_rel2builddir(), @flags, @_);
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: debhelper
Source-Version: 9.20120417
We believe that the bug you reported is fixed in the latest version of
debhelper, which is due to be installed in the Debian FTP archive:
debhelper_9.20120417.dsc
to main/d/debhelper/debhelper_9.20120417.dsc
debhelper_9.20120417.tar.gz
to main/d/debhelper/debhelper_9.20120417.tar.gz
debhelper_9.20120417_all.deb
to main/d/debhelper/debhelper_9.20120417_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Joey Hess <[email protected]> (supplier of updated debhelper package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 17 Apr 2012 09:10:29 -0400
Source: debhelper
Binary: debhelper
Architecture: source all
Version: 9.20120417
Distribution: unstable
Urgency: low
Maintainer: Joey Hess <[email protected]>
Changed-By: Joey Hess <[email protected]>
Description:
debhelper - helper programs for debian/rules
Closes: 668813
Changes:
debhelper (9.20120417) unstable; urgency=low
.
* cmake: Pass CPPFLAGS in CFLAGS. Closes: #668813
Thanks, Simon Ruderich for the patch and for verifying no affected
package is broken by this change.
Checksums-Sha1:
f0573bc0c6eaa8197724aed40737aceb69954380 1577 debhelper_9.20120417.dsc
58f1c550fa7d1902674cd6ad7cdde7216f6f27cb 463096 debhelper_9.20120417.tar.gz
cc858b972729c343258ddd53f72cd8e0f9354a9b 693852 debhelper_9.20120417_all.deb
Checksums-Sha256:
730ca97cd7775511a9705edbf268aeb4b9eb3f0428456c860b9d64c860da6345 1577
debhelper_9.20120417.dsc
644ed50733b2f340caaed51006fb97c903cfe28e5f77bf943d3ddefa3c90130f 463096
debhelper_9.20120417.tar.gz
e9fb787cacfd4939edf305bb432341f3e53b8fc590d8c5bae232d068945c95cd 693852
debhelper_9.20120417_all.deb
Files:
d296e0aa98dd2d0f020f71347304f7ed 1577 devel optional debhelper_9.20120417.dsc
6084da7c9646c4b1df6497540beb46c6 463096 devel optional
debhelper_9.20120417.tar.gz
77d7951a1cffa839a7443ff773c3511c 693852 devel optional
debhelper_9.20120417_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIVAwUBT41tGskQ2SIlEuPHAQgriw/+LmINaBSxHC+NpxQvRyW+V9kmOHp1FaAk
K0IMIWcZ3iJ3lfHdYNN6SUxBBFZXjBZnLqJbdp9irpy0zR/RSMj0FY9ewyj6MKBb
KQwzUIwLUJW24/L6BflwvC+gTYYjToxwh6yl7OmAousYtyx754cU8QLL8iNKJkYf
WqWERFK0M/Xzrp8ktKjLdY++SpJqPJOkl6xANeGCSthx5ezu/tLRzCRDjN3BczYH
dO0cJAZ0o2w56sJbkKvf67cyaGNcuxJduAbA1AKWjHkuniNvXvN7N37Lrk3CvQGZ
peuvYEaMqpVRJNmHTeuGcYBsMs+9OJic+A/Xy8OJ42jEekvGMh1q6PXFv6YGHHJh
y2R3OxWaz3TcwyojYilMIIGaXICWfsTN9zbL8BsgD2atQgxn0sX4tkXCc3FHn7OS
ChwfP88Az4OZtjm1prFDHLVBe7EbFPQM89J93JYXQsnKb4nU3fjF0ioEEzZbNatS
AF+1RT12Q2LljGb596tla4qDE8sVJ9HlVhnRzFfp993vJB3OO6c/SoPEmjXkS6d5
NAKnKPlCb2EfTke8KkG6YC8YGlKot7xJ2fu1t0SVdAZFifUAewLYTRwVXPBpuWYf
VI7dlHRNEcuy1oBts+h8I4T805fA846rl0r/p4QCieu/A1jrgyBi5eQIiqOxV6Wp
Q4nbanNnI4c=
=lVT1
-----END PGP SIGNATURE-----
--- End Message ---
