[med-svn] [swarm-cluster] 04/04: enable full hardening

Sascha Steinbiss satta at debian.org
Sat Sep 17 15:17:23 UTC 2016


This is an automated email from the git hooks/post-receive script.

satta pushed a commit to branch master
in repository swarm-cluster.

commit 430a11840351aecaa0a90d823f5d623bf4207efe
Author: Sascha Steinbiss <satta at debian.org>
Date:   Sat Sep 17 15:17:12 2016 +0000

    enable full hardening
---
 debian/changelog               |  1 +
 debian/patches/hardening.patch | 17 ++++++++++++++++-
 debian/rules                   |  6 +-----
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index bc83352..a45d2e7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ swarm-cluster (2.1.9-1) unstable; urgency=medium
 
   * Team upload.
   * New upstream version.
+  * Enable full hardening.
 
  -- Sascha Steinbiss <satta at debian.org>  Sat, 17 Sep 2016 15:09:20 +0000
 
diff --git a/debian/patches/hardening.patch b/debian/patches/hardening.patch
index ba6ba74..9e92224 100644
--- a/debian/patches/hardening.patch
+++ b/debian/patches/hardening.patch
@@ -4,7 +4,7 @@ Description: Propagate hardening options
 
 --- a/src/Makefile
 +++ b/src/Makefile
-@@ -28,7 +28,7 @@ COMMON=-g
+@@ -28,7 +28,7 @@
  COMPILEOPT=-Wall -Wsign-compare -O3 -msse2 -mtune=core2 -Icityhash
  
  LIBS=-lpthread
@@ -13,3 +13,18 @@ Description: Propagate hardening options
  
  CXX=g++
  CXXFLAGS=$(COMPILEOPT) $(COMMON)
+@@ -44,7 +44,7 @@
+ .SUFFIXES:.o .cc
+ 
+ %.o : %.cc $(DEPS)
+-	$(CXX) $(CXXFLAGS) -c -o $@ $<
++	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c -o $@ $<
+ 
+ all : $(PROG)
+ 
+@@ -57,4 +57,4 @@
+ 	rm -rf swarm *.o *~ ../bin/ gmon.out cityhash/*.o ../man/*~ ../*~
+ 
+ ssse3.o : ssse3.cc $(DEPS)
+-	$(CXX) -mssse3 $(CXXFLAGS) -c -o $@ $<
++	$(CXX) -mssse3 $(CPPFLAGS) $(CXXFLAGS) -c -o $@ $<
diff --git a/debian/rules b/debian/rules
index 7e1e377..7dcf202 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,11 +1,7 @@
 #!/usr/bin/make -f
 
 export DH_OPTIONS
-
-# does not build with these options
-# export DEB_BUILD_MAINT_OPTIONS = hardening=+all
-# export DEB_BUILD_MAINT_OPTIONS = hardening=+pie
-export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
 %:
 	dh $@ --sourcedirectory=src

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-med/swarm-cluster.git



More information about the debian-med-commit mailing list