Bug#734636: marked as done (Please enable hardened build flags)

Fri, 10 Jan 2014 07:26:58 -0800 

Your message dated Fri, 10 Jan 2014 15:13:12 +0000
with message-id 
<20140110151312.18122.qm...@703ca5fedb8d87.315fe32.mid.smarden.org>
and subject line Re: Bug#734636: Please enable hardened build flags
has caused the Debian Bug report #734636,
regarding Please enable hardened build flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
734636: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734636
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: dropbear
Severity: important
Tags: patch

Hi,
please enable hardened build flags, patch attached.

Cheers,
        Moritz

diff -aur dropbear-2012.55.orig/debian/rules dropbear-2012.55/debian/rules
--- dropbear-2012.55.orig/debian/rules	2014-01-04 13:29:07.000000000 +0100
+++ dropbear-2012.55/debian/rules	2014-01-04 13:31:50.502998585 +0100
@@ -9,12 +9,7 @@
   STRIP =: nostrip
 endif
 
-CFLAGS =-Wall -g
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-  CFLAGS +=-O0
-else
-  CFLAGS +=-O2
-endif
+export DEB_CFLAGS_MAINT_APPEND  = -Wall -DSFTPSERVER_PATH="\"/usr/lib/sftp-server\""
 
 CONFFLAGS =
 CC =gcc
@@ -34,10 +29,9 @@
 
 config.status: patch-stamp configure
 	CC='$(CC)' \
-	CFLAGS='$(CFLAGS) -DSFTPSERVER_PATH="\"/usr/lib/sftp-server\""' \
 	  ./configure --host='$(DEB_HOST_GNU_TYPE)' \
 	    --build='$(DEB_BUILD_GNU_TYPE)' --prefix=/usr \
-	    --enable-bundled-libtom \
+	    --enable-bundled-libtom $(shell dpkg-buildflags --export=configure) \
 	    --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \
 	    $(CONFFLAGS)
 
Nur in dropbear-2012.55/debian: rules~.

--- End Message ---
--- Begin Message --- 
Version: 2013.60-1

On Wed, Jan 08, 2014 at 07:29:56PM +0100, Moritz Muehlenhoff wrote:
> Hi,
> please enable hardened build flags, patch attached.

Hi Moritz,

upstream already included hardened build flags into the build system,
slightly different than your approach.  If you think it should be done
differently than in version 2013.60-1 I just uploaded, please reopen the
bug again.

Regards, Gerrit.

--- End Message ---

Reply via email to