Package: pound
Severity: normal
Tags: patch
Pound already uses hardened build flags for quite some time.
dpkg-buildflags now emits hardened build flags. Please switch
to it. Patch attached.
Cheers,
Moritz
--- pound-2.5.orig/debian/rules 2011-12-15 16:45:25.000000000 +0100
+++ pound-2.5/debian/rules 2012-01-06 01:19:34.000000000 +0100
@@ -10,29 +10,15 @@
CONFFLAGS += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE)
endif
-ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -g
-endif
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -O0
-else
- CFLAGS += -O2
- CFLAGS += -D_FORTIFY_SOURCE=2
-endif
ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
INSTALL_PROGRAM += -s
endif
-ifneq ($(DEB_HOST_GNU_CPU),arm)
- CFLAGS += -fstack-protector
-endif
-CFLAGS += -fPIE
-LDFLAGS += -Wl,-z,relro,-z,noexecstack -pie
config.status: configure
dh_testdir
mv config.sub config.sub.upstream && ln -s /usr/share/misc/config.sub
mv config.guess config.guess.upstream && ln -s /usr/share/misc/config.guess
- env LDFLAGS="$(LDFLAGS)" CFLAGS="$(CFLAGS)" ./configure --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --sysconfdir=/etc/pound
+ ./configure $(shell dpkg-buildflags --export=configure) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --sysconfdir=/etc/pound
rm config.sub && mv config.sub.upstream config.sub
rm config.guess && mv config.guess.upstream config.guess
