Hello! Thanks everybody for the pointers. I fixed it now with:
Subject: [PATCH] Ensure cmake builds also apply CPPFLAGS flags for hardening to fully work --- debian/rules | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/debian/rules b/debian/rules index 3a16f8bfa..2e7536b9c 100755 --- a/debian/rules +++ b/debian/rules @@ -7,6 +7,11 @@ export DH_VERBOSE=1 export DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/default.mk +# CPPFLAGS are nor read by CMake, so copy them to CXXFLAGS +# See why at https://cmake.org/Bug/view.php?id=12928 +# This is needed for e.g. all automatic Debian hardening flags to apply on all cmake builds. +CFLAGS+=$(CPPFLAGS) +CXXFLAGS+=$(CPPFLAGS) # Only do a strict symbol checking on Linux ifneq (,$(filter linux,$(DEB_HOST_ARCH_OS))) https://salsa.debian.org/mariadb-team/mariadb-10.3/commit/fc4f33cf40d0a10ef5d1992accd2af734ba96356 Results at: https://salsa.debian.org/mariadb-team/mariadb-10.3/-/jobs/154355
