[Build-common-hackers] Bug#712729: Bug#712729: cdbs: langcore.mk: support dpkg-buildflags' DEB_CFLAGS_MAINT_APPEND and similar
Jonas Smedegaard
dr at jones.dk
Sun Jan 19 19:50:14 UTC 2014
Quoting Simon Ruderich (2014-01-19 18:42:47)
> Raising severity because this causes missing hardening flags for
> packages (e.g. shadow and therefore no PIE for setuid su) when the
> maintainer uses the DEB_* (which includes DEB_BUILD_MAINT_OPTIONS)
> approach documented in dpkg-buildflags to add additional flags.
>
> The attached patch should fix this issue by exporting all DEB_* flags
> when calling dpkg-buildflags. The real issue is that GNU make's
> $(shell ..) doesn't use the exported environment which is normally
> used when calling subprocesses.
>
> There should be no backwards incompatible changes because the
> maintainer must manually set the DEB_* variables. If none of those
> variables are used, nothing happens.
Thanks a lot, both for the explanation and the patch.
I appen to have my head deep into cdbs these days, and will apply the
patch right now - expected to be released later tonight or tomorrow.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 966 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/build-common-hackers/attachments/20140119/5ad7a9f4/attachment-0001.sig>
More information about the Build-common-hackers
mailing list