Package: freeradius
Severity: important
Tags: patch
Please enable hardened build flags through dpkg-buildflags.
Patch attached. (dpkg-buildflags abides "noopt" from DEB_BUILD_OPTIONS)
The patch injects -D_FORTIFY_SOURCE=2 as part of CFLAGS (verified to
work with hardening-check and a test-compile), since Freeradius'
buildsystem doesn't support CPPFLAGS.
Cheers,
Moritz
diff -aur freeradius-2.1.10+dfsg.harden/debian/rules freeradius-2.1.10+dfsg/debian/rules
--- freeradius-2.1.10+dfsg.harden/debian/rules 2010-09-28 13:03:56.000000000 +0200
+++ freeradius-2.1.10+dfsg/debian/rules 2012-01-29 11:13:53.000000000 +0100
@@ -37,11 +37,9 @@
export DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -O0
-else
- CFLAGS += -O2
-endif
+CFLAGS = `dpkg-buildflags --get CFLAGS`
+CFLAGS += `dpkg-buildflags --get CPPFLAGS`
+LDFLAGS = `dpkg-buildflags --get LDFLAGS`
ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE))
confflags += --build $(DEB_HOST_GNU_TYPE)
@@ -68,7 +66,7 @@
ln -s /usr/share/misc/config.guess config.guess
- ./configure $(confflags) \
+ CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure $(confflags) \
--prefix=/usr \
--exec-prefix=/usr \
--mandir=$(mandir) \
Nur in freeradius-2.1.10+dfsg/debian: rules~.
