[zoo-project] 23/23: Add patch to use hardening buildflags set in the environment.

Bas Couwenberg sebastic at debian.org
Sun Jun 26 17:27:47 UTC 2016 

This is an automated email from the git hooks/post-receive script.

sebastic pushed a commit to branch master
in repository zoo-project.

commit 7d94a7d415a625a4f880b85cf6c7957479246e60
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date:   Sun Jun 26 02:39:05 2016 +0200

    Add patch to use hardening buildflags set in the environment.
---
 debian/patches/hardening-buildflags.patch | 76 +++++++++++++++++++++++++++++++
 debian/patches/series                     |  1 +
 debian/rules                              |  2 +-
 debian/zoo-kernel.lintian-overrides       |  3 ++
 4 files changed, 81 insertions(+), 1 deletion(-)

diff --git a/debian/patches/hardening-buildflags.patch b/debian/patches/hardening-buildflags.patch
new file mode 100644
index 0000000..c0222aa
--- /dev/null
+++ b/debian/patches/hardening-buildflags.patch
@@ -0,0 +1,76 @@
+Description: Use hardening buildflags set in the environment.
+Author: Bas Couwenberg <sebastic at debian.org>
+
+--- a/thirds/cgic206/Makefile
++++ b/thirds/cgic206/Makefile
+@@ -6,7 +6,7 @@ ifeq ($(OS),Darwin)
+ else
+ 	LIBS= -L./ -lcgic /usr/lib/libfcgi.a
+ endif
+-CFLAGS=-g -Wall ${MACOS_CFLAGS}
++#CFLAGS+=-g -Wall ${MACOS_CFLAGS}
+ CC=gcc
+ AR=ar
+ RANLIB=ranlib
+--- a/zoo-project/zoo-kernel/configure.ac
++++ b/zoo-project/zoo-kernel/configure.ac
+@@ -826,6 +826,14 @@ AC_SUBST([SAGA_LDFLAGS])
+ AC_SUBST([SAGA_FILE])
+ AC_SUBST([SAGA_ENABLED])
+ 
++HARDENING_CFLAGS=`dpkg-buildflags --get CFLAGS`
++HARDENING_CPPFLAGS=`dpkg-buildflags --get CPPFLAGS`
++HARDENING_LDFLAGS=`dpkg-buildflags --get LDFLAGS`
++
++AC_SUBST([HARDENING_CFLAGS])
++AC_SUBST([HARDENING_CPPFLAGS])
++AC_SUBST([HARDENING_LDFLAGS])
++
+ AC_CONFIG_FILES([Makefile])
+ AC_CONFIG_FILES([ZOOMakefile.opts])
+ AC_OUTPUT
+--- a/zoo-project/zoo-kernel/ZOOMakefile.opts.in
++++ b/zoo-project/zoo-kernel/ZOOMakefile.opts.in
+@@ -95,6 +95,10 @@ SAGA_LDFLAGS=@SAGA_LDFLAGS@
+ SAGA_ENABLED=@SAGA_ENABLED@
+ SAGA_FILE=@SAGA_FILE@
+ 
+-CFLAGS=@RELY_ON_DB@ @DEB_DEF@ -fpic @OPENSSL_CFLAGS@ ${FCGI_CFLAGS} ${YAML_CFLAGS} ${MACOS_CFLAGS} ${MS_CFLAGS} -I../../thirds/cgic206 -I. -DLINUX_FREE_ISSUE #-DDEBUG #-DDEBUG_SERVICE_CONF
+-LDFLAGS=-lzoo_service @DEFAULT_LIBS@ -L../../thirds/cgic206 -lcgic ${GDAL_LIBS} ${XML2LDFLAGS} ${PYTHONLDFLAGS} ${PERLLDFLAGS}  ${PHPLDFLAGS} ${JAVALDFLAGS} ${JSLDFLAGS}  ${FCGI_LDFLAGS} @OPENSSL_LDFLAGS@ -luuid ${MS_LDFLAGS} ${MACOS_LD_FLAGS} ${MACOS_LD_NET_FLAGS} ${YAML_LDFLAGS} ${OTBLDFLAGS} ${SAGA_LDFLAGS}
++HARDENING_CFLAGS=@HARDENING_CFLAGS@
++HARDENING_CPPFLAGS=@HARDENING_CPPFLAGS@
++HARDENING_LDFLAGS=@HARDENING_LDFLAGS@
++
++CFLAGS=${HARDENING_CFLAGS} ${HARDENING_CPPFLAGS} @RELY_ON_DB@ @DEB_DEF@ -fpic @OPENSSL_CFLAGS@ ${FCGI_CFLAGS} ${YAML_CFLAGS} ${MACOS_CFLAGS} ${MS_CFLAGS} -I../../thirds/cgic206 -I. -DLINUX_FREE_ISSUE #-DDEBUG #-DDEBUG_SERVICE_CONF
++LDFLAGS=-lzoo_service @DEFAULT_LIBS@ -L../../thirds/cgic206 -lcgic ${GDAL_LIBS} ${XML2LDFLAGS} ${PYTHONLDFLAGS} ${PERLLDFLAGS}  ${PHPLDFLAGS} ${JAVALDFLAGS} ${JSLDFLAGS}  ${FCGI_LDFLAGS} @OPENSSL_LDFLAGS@ -luuid ${MS_LDFLAGS} ${MACOS_LD_FLAGS} ${MACOS_LD_NET_FLAGS} ${YAML_LDFLAGS} ${OTBLDFLAGS} ${SAGA_LDFLAGS} ${HARDENING_LDFLAGS}
+ 
+--- a/zoo-project/zoo-kernel/Makefile.in
++++ b/zoo-project/zoo-kernel/Makefile.in
+@@ -93,7 +93,7 @@ zoo_service_loader.o: zoo_service_loader
+ 	g++ -g -O2 ${XML2CFLAGS} ${CFLAGS} ${SAGA_CFLAGS} ${OTBCFLAGS} ${PYTHONCFLAGS} ${JAVACFLAGS} ${JSCFLAGS} ${PERLCFLAGS} ${PHPCFLAGS} ${SAGA_ENABLED} ${OTB_ENABLED} ${PYTHON_ENABLED} ${JS_ENABLED} ${PHP_ENABLED} ${PERL_ENABLED} ${JAVA_ENABLED} -c zoo_service_loader.c  -fno-common -DPIC -o zoo_service_loader.o
+ 
+ libzoo_service.${EXT}: version.h service_internal.o service.o sqlapi.o
+-	gcc -shared  ${GDAL_CFLAGS} ${DEFAULT_OPTS} -fpic -o libzoo_service.${EXT} ${CFLAGS}  service_internal.o service.o sqlapi.o ${FCGI_LDFLAGS} ${GDAL_LIBS}
++	gcc -shared  ${GDAL_CFLAGS} ${DEFAULT_OPTS} -fpic -o libzoo_service.${EXT} ${CFLAGS}  service_internal.o service.o sqlapi.o ${FCGI_LDFLAGS} ${GDAL_LIBS} ${HARDENING_LDFLAGS}
+ 
+ zoo_loader.cgi: version.h libzoo_service.${EXT} zoo_loader.c zoo_service_loader.o  ulinet.o service.h lex.sr.o service_conf.tab.o service_conf.y ulinet.o main_conf_read.tab.o lex.cr.o request_parser.o response_print.o server_internal.o caching.o ${MS_FILE} ${PYTHON_FILE} ${PHP_FILE} ${JAVA_FILE} ${JS_FILE} ${PERL_FILE} ${RUBY_FILE} ${YAML_FILE} ${OTB_FILE} ${SAGA_FILE}
+ 	g++ -g -O2 ${JSCFLAGS} ${PHPCFLAGS}  ${PERLCFLAGS} ${RUBYCFLAGS}  ${JAVACFLAGS} ${XML2CFLAGS} ${PYTHONCFLAGS} ${CFLAGS} -c zoo_loader.c  -fno-common -DPIC -o zoo_loader.o
+--- a/zoo-project/zoo-services/ogr/base-vect-ops/Makefile
++++ b/zoo-project/zoo-services/ogr/base-vect-ops/Makefile
+@@ -1,6 +1,6 @@
+ ZRPATH=../../..
+ include ${ZRPATH}/zoo-kernel/ZOOMakefile.opts
+-CFLAGS=${ZOO_CFLAGS} ${JSCFLAGS} ${XML2CFLAGS} ${GDAL_CFLAGS} ${GEOS_CFLAGS} -DLINUX_FREE_ISSUE #-DDEBUG
++CFLAGS=${ZOO_CFLAGS} ${JSCFLAGS} ${XML2CFLAGS} ${GDAL_CFLAGS} ${GEOS_CFLAGS} ${HARDENING_CFLAGS} ${HARDENING_CPPFLAGS} -DLINUX_FREE_ISSUE #-DDEBUG
+ 
+ ifneq ($(MS_FILE),)
+ 	MS_FILES=${ZRPATH}/zoo-kernel/${MS_FILE} -lmapserver
+@@ -9,7 +9,7 @@ else
+ endif
+ 
+ cgi-env/ogr_service.zo: service.c
+-	g++ ${CFLAGS} -shared -fpic -o cgi-env/ogr_service.zo ./service.c ${GDAL_LIBS} ${XML2LDFLAGS} ${MACOS_LD_FLAGS} ${ZOO_LDFLAGS} ${MACOS_LD_NET_FLAGS} ${GEOS_LDFLAGS} -lfcgi  -lpthread -L${ZRPATH}/zoo-kernel/ -lzoo_service
++	g++ ${CFLAGS} -shared -fpic -o cgi-env/ogr_service.zo ./service.c ${GDAL_LIBS} ${XML2LDFLAGS} ${MACOS_LD_FLAGS} ${ZOO_LDFLAGS} ${MACOS_LD_NET_FLAGS} ${GEOS_LDFLAGS} ${HARDENING_LDFLAGS} -lfcgi  -lpthread -L${ZRPATH}/zoo-kernel/ -lzoo_service
+ 
+ install:
+ 	install -d ${CGI_DIR}/ogr/base-vect-ops
diff --git a/debian/patches/series b/debian/patches/series
index 38edaa7..a663e39 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 spelling-errors.patch
+hardening-buildflags.patch
diff --git a/debian/rules b/debian/rules
index e69c318..ebd3f7a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -2,7 +2,7 @@
 # -*- makefile -*-
 
 # Enable hardening build flags
-export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie
 
 %:
 	dh $@ --with autoreconf --parallel
diff --git a/debian/zoo-kernel.lintian-overrides b/debian/zoo-kernel.lintian-overrides
new file mode 100644
index 0000000..1c3b8d5
--- /dev/null
+++ b/debian/zoo-kernel.lintian-overrides
@@ -0,0 +1,3 @@
+# PIE breaks the build
+zoo-kernel: hardening-no-pie usr/lib/cgi-bin/zoo_loader.cgi
+

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/zoo-project.git

More information about the Pkg-grass-devel mailing list