[Git][debian-gis-team/tilemaker][master] Enable hardening by fortifying functions.

ǝɹʇʇɐʃǝ◖ xıʃǝɟ (@xamanu) gitlab at salsa.debian.org
Wed Sep 8 01:09:21 BST 2021 


ǝɹʇʇɐʃǝ◖ xıʃǝɟ pushed to branch master at Debian GIS Project / tilemaker


Commits:
351461c3 by Felix Delattre at 2021-09-08T00:06:45+00:00
Enable hardening by fortifying functions.

- - - - -


6 changed files:

- debian/changelog
- debian/patches/0002-Avoid-calling-git-outside-of-repository.patch
- + debian/patches/0004-Allow-CXXFLAGS-to-be-set-by-environment.patch
- + debian/patches/0005-Add-pthread-option-to-LIB-options.patch
- debian/patches/series
- debian/rules


Changes:

=====================================
debian/changelog
=====================================
@@ -7,5 +7,6 @@ tilemaker (2.0.0+ds-1~exp1) experimental; urgency=medium
   * Add patch to add man page for tilemaker.
   * Add patch to rely on packaged rapidjson dependency.
   * Add example configuration and processing files.
+  * Add patches for hardening by fortifying functions.
 
- -- Felix Delattre <debian at xama.nu>  Fri, 03 Sep 2021 13:44:11 +0000
+ -- Felix Delattre <debian at xama.nu>  Wed, 08 Sep 2021 00:05:42 +0000


=====================================
debian/patches/0002-Avoid-calling-git-outside-of-repository.patch
=====================================
@@ -1,8 +1,8 @@
 From: Felix Delattre <felix at delattre.de>
 Date: Fri, 27 Aug 2021 14:55:35 +0000
 Subject: Avoid calling git outside of repository
-Origin: https://github.com/systemed/tilemaker/pull/298/commits/40e76bf286d3638ddf4a1d2c4134480e79b6c5f1
-Bug: https://github.com/systemed/tilemaker/pull/298
+Origin: https://github.com/systemed/tilemaker/pull/311/commits/b8035b0cbb43807f4df8568653b6dd42c254b009
+Bug: https://github.com/systemed/tilemaker/pull/311
 
 ---
  Makefile | 2 +-


=====================================
debian/patches/0004-Allow-CXXFLAGS-to-be-set-by-environment.patch
=====================================
@@ -0,0 +1,23 @@
+From: Felix Delattre <felix at delattre.de>
+Date: Tue, 7 Sep 2021 19:44:38 +0000
+Subject: Allow CXXFLAGS to be set by environment.
+Origin: https://github.com/systemed/tilemaker/pull/312/commits/b66e69d7a9dd427e4e133ffc27692487f06cfa5a
+Bug: https://github.com/systemed/tilemaker/pull/312
+
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 838c110..1e7bbe1 100644
+--- a/Makefile
++++ b/Makefile
+@@ -64,7 +64,7 @@ endif
+ prefix = /usr/local
+ MANPREFIX := /usr/share/man
+ TM_VERSION ?= $(shell git describe --tags --abbrev=0)
+-CXXFLAGS := -O3 -Wall -Wno-unknown-pragmas -Wno-sign-compare -std=c++14 -pthread -fPIE -DTM_VERSION=$(TM_VERSION) $(CONFIG)
++CXXFLAGS ?= -O2 -Wall -Wno-unknown-pragmas -Wno-sign-compare -std=c++14 -pthread -fPIE -DTM_VERSION=$(TM_VERSION) $(CONFIG)
+ LIB := -L/usr/local/lib -lz $(LUA_LIBS) -lboost_program_options -lsqlite3 -lboost_filesystem -lboost_system -lboost_iostreams -lprotobuf -lshp
+ INC := -I/usr/local/include -isystem ./include -I./src $(LUA_CFLAGS)
+ 


=====================================
debian/patches/0005-Add-pthread-option-to-LIB-options.patch
=====================================
@@ -0,0 +1,23 @@
+From: Felix Delattre <felix at delattre.de>
+Date: Tue, 7 Sep 2021 20:38:00 +0000
+Subject: Add -pthread option to LIB options.
+Origin: https://github.com/systemed/tilemaker/pull/313/commits/7800607d227e939bba597a606223a304d2430add
+Bug: https://github.com/systemed/tilemaker/pull/313
+
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 1e7bbe1..aa6d486 100644
+--- a/Makefile
++++ b/Makefile
+@@ -65,7 +65,7 @@ prefix = /usr/local
+ MANPREFIX := /usr/share/man
+ TM_VERSION ?= $(shell git describe --tags --abbrev=0)
+ CXXFLAGS ?= -O2 -Wall -Wno-unknown-pragmas -Wno-sign-compare -std=c++14 -pthread -fPIE -DTM_VERSION=$(TM_VERSION) $(CONFIG)
+-LIB := -L/usr/local/lib -lz $(LUA_LIBS) -lboost_program_options -lsqlite3 -lboost_filesystem -lboost_system -lboost_iostreams -lprotobuf -lshp
++LIB := -L/usr/local/lib -lz $(LUA_LIBS) -lboost_program_options -lsqlite3 -lboost_filesystem -lboost_system -lboost_iostreams -lprotobuf -lshp -pthread
+ INC := -I/usr/local/include -isystem ./include -I./src $(LUA_CFLAGS)
+ 
+ 


=====================================
debian/patches/series
=====================================
@@ -1,3 +1,5 @@
 0001-Add-DESTDIR-to-makefile.patch
 0002-Avoid-calling-git-outside-of-repository.patch
 0003-Add-man-page-for-tilemaker.patch
+0004-Allow-CXXFLAGS-to-be-set-by-environment.patch
+0005-Add-pthread-option-to-LIB-options.patch


=====================================
debian/rules
=====================================
@@ -4,13 +4,19 @@
 #export DH_VERBOSE = 1
 
 # Enable hardening build flags
-export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
+# Obtain and set version information from debian package
 include /usr/share/dpkg/pkg-info.mk
+TM_VERSION := $(shell echo $(DEB_VERSION_UPSTREAM) | sed -e 's/\+.*//')
 
-export TM_VERSION := $(shell echo $(DEB_VERSION_UPSTREAM) | sed -e 's/\+.*//')
+# Allow debug package to be created
+CONFIG := -g
 
-export CONFIG := -g
+# Allow hardening by fortifying functions
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+CXXFLAGS := -O2 -Wall -Wno-unknown-pragmas -Wno-sign-compare -std=c++14 -pthread -fPIE -DTM_VERSION=$(TM_VERSION) $(CONFIG) $(CPPFLAGS)
 
 %:
 	dh $@



View it on GitLab: https://salsa.debian.org/debian-gis-team/tilemaker/-/commit/351461c3b5d3bc815e974994eadb1df7e14b401d

-- 
View it on GitLab: https://salsa.debian.org/debian-gis-team/tilemaker/-/commit/351461c3b5d3bc815e974994eadb1df7e14b401d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-grass-devel/attachments/20210908/5582d195/attachment-0001.htm>

More information about the Pkg-grass-devel mailing list