Source: libsepol
Severity: important
Tags: patch
Please enabled hardened build flags through dpkg-buildflags.
Patch attached. (dpkg-buildflags abides "noopt" from DEB_BUILD_OPTIONS)
Cheers,
Moritz
diff -aur libsepol-2.1.0.harden/debian/common/copt.mk libsepol-2.1.0/debian/common/copt.mk
--- libsepol-2.1.0.harden/debian/common/copt.mk 2011-12-09 17:04:06.000000000 +0100
+++ libsepol-2.1.0/debian/common/copt.mk 2012-01-15 22:40:00.000000000 +0100
@@ -24,13 +24,11 @@
endif
# Policy 10.1 says to make this the default
-CFLAGS = -Wall -g
-ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -O0
-else
- CFLAGS += -O2
-endif
+CFLAGS = `dpkg-buildflags --get CFLAGS`
+CFLAGS += -Wall
+CFLAGS += `dpkg-buildflags --get CPPFLAGS`
+LDFLAGS = `dpkg-buildflags --get LDFLAGS`
## ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
## endif
Nur in libsepol-2.1.0/debian/common: copt.mk~.
