[zoo-project] 23/23: Add patch to use hardening buildflags set in the environment.

Sun, 26 Jun 2016 10:29:34 -0700 

This is an automated email from the git hooks/post-receive script.

sebastic pushed a commit to branch master
in repository zoo-project.

commit 7d94a7d415a625a4f880b85cf6c7957479246e60
Author: Bas Couwenberg <sebas...@xs4all.nl>
Date:   Sun Jun 26 02:39:05 2016 +0200

    Add patch to use hardening buildflags set in the environment.
---
 debian/patches/hardening-buildflags.patch | 76 +++++++++++++++++++++++++++++++
 debian/patches/series                     |  1 +
 debian/rules                              |  2 +-
 debian/zoo-kernel.lintian-overrides       |  3 ++
 4 files changed, 81 insertions(+), 1 deletion(-)

diff --git a/debian/patches/hardening-buildflags.patch 
b/debian/patches/hardening-buildflags.patch
new file mode 100644
index 0000000..c0222aa
--- /dev/null
+++ b/debian/patches/hardening-buildflags.patch
@@ -0,0 +1,76 @@
+Description: Use hardening buildflags set in the environment.
+Author: Bas Couwenberg <sebas...@debian.org>
+
+--- a/thirds/cgic206/Makefile
++++ b/thirds/cgic206/Makefile
+@@ -6,7 +6,7 @@ ifeq ($(OS),Darwin)
+ else
+       LIBS= -L./ -lcgic /usr/lib/libfcgi.a
+ endif
+-CFLAGS=-g -Wall ${MACOS_CFLAGS}
++#CFLAGS+=-g -Wall ${MACOS_CFLAGS}
+ CC=gcc
+ AR=ar
+ RANLIB=ranlib
+--- a/zoo-project/zoo-kernel/configure.ac
++++ b/zoo-project/zoo-kernel/configure.ac
+@@ -826,6 +826,14 @@ AC_SUBST([SAGA_LDFLAGS])
+ AC_SUBST([SAGA_FILE])
+ AC_SUBST([SAGA_ENABLED])
+ 
++HARDENING_CFLAGS=`dpkg-buildflags --get CFLAGS`
++HARDENING_CPPFLAGS=`dpkg-buildflags --get CPPFLAGS`
++HARDENING_LDFLAGS=`dpkg-buildflags --get LDFLAGS`
++
++AC_SUBST([HARDENING_CFLAGS])
++AC_SUBST([HARDENING_CPPFLAGS])
++AC_SUBST([HARDENING_LDFLAGS])
++
+ AC_CONFIG_FILES([Makefile])
+ AC_CONFIG_FILES([ZOOMakefile.opts])
+ AC_OUTPUT
+--- a/zoo-project/zoo-kernel/ZOOMakefile.opts.in
++++ b/zoo-project/zoo-kernel/ZOOMakefile.opts.in
+@@ -95,6 +95,10 @@ SAGA_LDFLAGS=@SAGA_LDFLAGS@
+ SAGA_ENABLED=@SAGA_ENABLED@
+ SAGA_FILE=@SAGA_FILE@
+ 
+-CFLAGS=@RELY_ON_DB@ @DEB_DEF@ -fpic @OPENSSL_CFLAGS@ ${FCGI_CFLAGS} 
${YAML_CFLAGS} ${MACOS_CFLAGS} ${MS_CFLAGS} -I../../thirds/cgic206 -I. 
-DLINUX_FREE_ISSUE #-DDEBUG #-DDEBUG_SERVICE_CONF
+-LDFLAGS=-lzoo_service @DEFAULT_LIBS@ -L../../thirds/cgic206 -lcgic 
${GDAL_LIBS} ${XML2LDFLAGS} ${PYTHONLDFLAGS} ${PERLLDFLAGS}  ${PHPLDFLAGS} 
${JAVALDFLAGS} ${JSLDFLAGS}  ${FCGI_LDFLAGS} @OPENSSL_LDFLAGS@ -luuid 
${MS_LDFLAGS} ${MACOS_LD_FLAGS} ${MACOS_LD_NET_FLAGS} ${YAML_LDFLAGS} 
${OTBLDFLAGS} ${SAGA_LDFLAGS}
++HARDENING_CFLAGS=@HARDENING_CFLAGS@
++HARDENING_CPPFLAGS=@HARDENING_CPPFLAGS@
++HARDENING_LDFLAGS=@HARDENING_LDFLAGS@
++
++CFLAGS=${HARDENING_CFLAGS} ${HARDENING_CPPFLAGS} @RELY_ON_DB@ @DEB_DEF@ -fpic 
@OPENSSL_CFLAGS@ ${FCGI_CFLAGS} ${YAML_CFLAGS} ${MACOS_CFLAGS} ${MS_CFLAGS} 
-I../../thirds/cgic206 -I. -DLINUX_FREE_ISSUE #-DDEBUG #-DDEBUG_SERVICE_CONF
++LDFLAGS=-lzoo_service @DEFAULT_LIBS@ -L../../thirds/cgic206 -lcgic 
${GDAL_LIBS} ${XML2LDFLAGS} ${PYTHONLDFLAGS} ${PERLLDFLAGS}  ${PHPLDFLAGS} 
${JAVALDFLAGS} ${JSLDFLAGS}  ${FCGI_LDFLAGS} @OPENSSL_LDFLAGS@ -luuid 
${MS_LDFLAGS} ${MACOS_LD_FLAGS} ${MACOS_LD_NET_FLAGS} ${YAML_LDFLAGS} 
${OTBLDFLAGS} ${SAGA_LDFLAGS} ${HARDENING_LDFLAGS}
+ 
+--- a/zoo-project/zoo-kernel/Makefile.in
++++ b/zoo-project/zoo-kernel/Makefile.in
+@@ -93,7 +93,7 @@ zoo_service_loader.o: zoo_service_loader
+       g++ -g -O2 ${XML2CFLAGS} ${CFLAGS} ${SAGA_CFLAGS} ${OTBCFLAGS} 
${PYTHONCFLAGS} ${JAVACFLAGS} ${JSCFLAGS} ${PERLCFLAGS} ${PHPCFLAGS} 
${SAGA_ENABLED} ${OTB_ENABLED} ${PYTHON_ENABLED} ${JS_ENABLED} ${PHP_ENABLED} 
${PERL_ENABLED} ${JAVA_ENABLED} -c zoo_service_loader.c  -fno-common -DPIC -o 
zoo_service_loader.o
+ 
+ libzoo_service.${EXT}: version.h service_internal.o service.o sqlapi.o
+-      gcc -shared  ${GDAL_CFLAGS} ${DEFAULT_OPTS} -fpic -o 
libzoo_service.${EXT} ${CFLAGS}  service_internal.o service.o sqlapi.o 
${FCGI_LDFLAGS} ${GDAL_LIBS}
++      gcc -shared  ${GDAL_CFLAGS} ${DEFAULT_OPTS} -fpic -o 
libzoo_service.${EXT} ${CFLAGS}  service_internal.o service.o sqlapi.o 
${FCGI_LDFLAGS} ${GDAL_LIBS} ${HARDENING_LDFLAGS}
+ 
+ zoo_loader.cgi: version.h libzoo_service.${EXT} zoo_loader.c 
zoo_service_loader.o  ulinet.o service.h lex.sr.o service_conf.tab.o 
service_conf.y ulinet.o main_conf_read.tab.o lex.cr.o request_parser.o 
response_print.o server_internal.o caching.o ${MS_FILE} ${PYTHON_FILE} 
${PHP_FILE} ${JAVA_FILE} ${JS_FILE} ${PERL_FILE} ${RUBY_FILE} ${YAML_FILE} 
${OTB_FILE} ${SAGA_FILE}
+       g++ -g -O2 ${JSCFLAGS} ${PHPCFLAGS}  ${PERLCFLAGS} ${RUBYCFLAGS}  
${JAVACFLAGS} ${XML2CFLAGS} ${PYTHONCFLAGS} ${CFLAGS} -c zoo_loader.c  
-fno-common -DPIC -o zoo_loader.o
+--- a/zoo-project/zoo-services/ogr/base-vect-ops/Makefile
++++ b/zoo-project/zoo-services/ogr/base-vect-ops/Makefile
+@@ -1,6 +1,6 @@
+ ZRPATH=../../..
+ include ${ZRPATH}/zoo-kernel/ZOOMakefile.opts
+-CFLAGS=${ZOO_CFLAGS} ${JSCFLAGS} ${XML2CFLAGS} ${GDAL_CFLAGS} ${GEOS_CFLAGS} 
-DLINUX_FREE_ISSUE #-DDEBUG
++CFLAGS=${ZOO_CFLAGS} ${JSCFLAGS} ${XML2CFLAGS} ${GDAL_CFLAGS} ${GEOS_CFLAGS} 
${HARDENING_CFLAGS} ${HARDENING_CPPFLAGS} -DLINUX_FREE_ISSUE #-DDEBUG
+ 
+ ifneq ($(MS_FILE),)
+       MS_FILES=${ZRPATH}/zoo-kernel/${MS_FILE} -lmapserver
+@@ -9,7 +9,7 @@ else
+ endif
+ 
+ cgi-env/ogr_service.zo: service.c
+-      g++ ${CFLAGS} -shared -fpic -o cgi-env/ogr_service.zo ./service.c 
${GDAL_LIBS} ${XML2LDFLAGS} ${MACOS_LD_FLAGS} ${ZOO_LDFLAGS} 
${MACOS_LD_NET_FLAGS} ${GEOS_LDFLAGS} -lfcgi  -lpthread -L${ZRPATH}/zoo-kernel/ 
-lzoo_service
++      g++ ${CFLAGS} -shared -fpic -o cgi-env/ogr_service.zo ./service.c 
${GDAL_LIBS} ${XML2LDFLAGS} ${MACOS_LD_FLAGS} ${ZOO_LDFLAGS} 
${MACOS_LD_NET_FLAGS} ${GEOS_LDFLAGS} ${HARDENING_LDFLAGS} -lfcgi  -lpthread 
-L${ZRPATH}/zoo-kernel/ -lzoo_service
+ 
+ install:
+       install -d ${CGI_DIR}/ogr/base-vect-ops
diff --git a/debian/patches/series b/debian/patches/series
index 38edaa7..a663e39 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 spelling-errors.patch
+hardening-buildflags.patch
diff --git a/debian/rules b/debian/rules
index e69c318..ebd3f7a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -2,7 +2,7 @@
 # -*- makefile -*-
 
 # Enable hardening build flags
-export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie
 
 %:
        dh $@ --with autoreconf --parallel
diff --git a/debian/zoo-kernel.lintian-overrides 
b/debian/zoo-kernel.lintian-overrides
new file mode 100644
index 0000000..1c3b8d5
--- /dev/null
+++ b/debian/zoo-kernel.lintian-overrides
@@ -0,0 +1,3 @@
+# PIE breaks the build
+zoo-kernel: hardening-no-pie usr/lib/cgi-bin/zoo_loader.cgi
+

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-grass/zoo-project.git

_______________________________________________
Pkg-grass-devel mailing list
Pkg-grass-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel

Reply via email to