[SCM] CERNLIB is a suite of data analysis tools and libraries created for use in physics experiments, but also with applications to other fields such as the biological sciences branch, master, updated. upstream/2006.dfsg.2-47-g2c774a1

Lifeng Sun lifongsun at gmail.com
Thu Jul 5 12:31:18 UTC 2012 

The following commit has been merged in the master branch:
commit 6e34735834a854dae8d2b8173f0a775bb56599a6
Author: Lifeng Sun <lifongsun at gmail.com>
Date:   Thu Jul 5 18:02:42 2012 +0800

    Enable harden-flags.

diff --git a/debian/patches/00list b/debian/patches/00list
index 1c707de..5bb47b1 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -31,6 +31,7 @@
 136-fix-typo-automaticly-automatically.dpatch
 137-fix-typo-lenght-length.dpatch
 138-remove-declaration-repeat.dpatch
+139-harden-flags.dpatch
 201-update-kuip-helper-apps.dpatch
 202-fix-includes-in-minuit-example.dpatch
 205-max-path-length-to-256.dpatch
diff --git a/debian/patches/139-harden-flags.dpatch b/debian/patches/139-harden-flags.dpatch
new file mode 100644
index 0000000..5babadb
--- /dev/null
+++ b/debian/patches/139-harden-flags.dpatch
@@ -0,0 +1,11 @@
+--- a/src/packlib/kuip/code_kuip/kmenu.c
++++ b/src/packlib/kuip/code_kuip/kmenu.c
+@@ -1404,7 +1404,7 @@
+          printf ("See also:\n    ");
+          for (i = 0; i < nval; i++) {
+              if (i == ncmd) continue;
+-             printf (flis_name[i]);
++             printf ("%s", flis_name[i]);
+              if (i < nval-1)
+                 printf (", ");
+              else
diff --git a/debian/patches/304-update-Imake-config-files.dpatch b/debian/patches/304-update-Imake-config-files.dpatch
old mode 100755
new mode 100644
index 0b9d03f..9f6d4a9
--- a/debian/patches/304-update-Imake-config-files.dpatch
+++ b/debian/patches/304-update-Imake-config-files.dpatch
@@ -7,9 +7,8 @@
 ## DP: to support most Linux architectures.
 
 @DPATCH@
-diff -urNad cernlib-2006.dfsg.2~/src/config/Imake.cf cernlib-2006.dfsg.2/src/config/Imake.cf
---- cernlib-2006.dfsg.2~/src/config/Imake.cf	2006-09-15 02:34:47.000000000 -0700
-+++ cernlib-2006.dfsg.2/src/config/Imake.cf	2008-03-14 10:03:13.000000000 -0700
+--- a/src/config/Imake.cf
++++ b/src/config/Imake.cf
 @@ -1,27 +1,5 @@
 -/* $Id: Imake.cf,v 1.6 2006/09/15 09:34:47 mclareni Exp $
 - *
@@ -402,11 +401,11 @@ diff -urNad cernlib-2006.dfsg.2~/src/config/Imake.cf cernlib-2006.dfsg.2/src/con
 -#define SparcArchitecture
 -#define SunArchitecture
 -#endif
--#endif
 +/* Systems based on kernel of FreeBSD */
 +#if defined(__FreeBSD_kernel__)
 +#define KFreeBSDArchitecture
  #endif
+-#endif
 -#undef i80386
 -#undef mc68000
 -#undef sparc
@@ -1458,9 +1457,8 @@ diff -urNad cernlib-2006.dfsg.2~/src/config/Imake.cf cernlib-2006.dfsg.2/src/con
  
  #ifndef MacroIncludeFile
  XCOMM WARNING:  Imake.cf not configured; guessing at definitions!!!
-diff -urNad cernlib-2006.dfsg.2~/src/config/linux-lp64.cf cernlib-2006.dfsg.2/src/config/linux-lp64.cf
---- cernlib-2006.dfsg.2~/src/config/linux-lp64.cf	2006-12-20 06:21:03.000000000 -0800
-+++ cernlib-2006.dfsg.2/src/config/linux-lp64.cf	2008-03-14 10:03:13.000000000 -0700
+--- a/src/config/linux-lp64.cf
++++ b/src/config/linux-lp64.cf
 @@ -153,7 +153,7 @@
  # define XargsCmd               xargs
  # define FortranSaveFlags       -fno-automatic
@@ -1470,9 +1468,8 @@ diff -urNad cernlib-2006.dfsg.2~/src/config/linux-lp64.cf cernlib-2006.dfsg.2/sr
  # define NoOpFortranDebugFlags  -O0
  # define CernlibSystem          -DCERNLIB_LINUX -DCERNLIB_UNIX -DCERNLIB_LNX -DCERNLIB_QMGLIBC -DCERNLIB_GFORTRAN -DCERNLIB_QMLXIA64
  
-diff -urNad cernlib-2006.dfsg.2~/src/config/linux.cf cernlib-2006.dfsg.2/src/config/linux.cf
---- cernlib-2006.dfsg.2~/src/config/linux.cf	2006-09-15 02:34:48.000000000 -0700
-+++ cernlib-2006.dfsg.2/src/config/linux.cf	2008-03-14 10:08:50.000000000 -0700
+--- a/src/config/linux.cf
++++ b/src/config/linux.cf
 @@ -68,20 +68,20 @@
  #define OSVendor		/**/
  #define OSMajorVersion		2
@@ -1908,7 +1905,7 @@ diff -urNad cernlib-2006.dfsg.2~/src/config/linux.cf cernlib-2006.dfsg.2/src/con
 -# define DefaultCCOptions	
 -# define OptimizedCDebugFlags	-O -g -fomit-frame-pointer
 +# ifndef DefaultCCOptions
-+# define DefaultCCOptions
++# define DefaultCCOptions	-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security
 +# endif
 +# ifndef OptimizedCDebugFlags
 +# define OptimizedCDebugFlags	OptimizationLevel DefaultCCOptions
@@ -1926,7 +1923,7 @@ diff -urNad cernlib-2006.dfsg.2~/src/config/linux.cf cernlib-2006.dfsg.2/src/con
 +# define OptimisedFortranFlags  OptimizedCDebugFlags /* -funroll-loops */
 +/* Remove -fomit-frame-pointer since -O implies it and it inhibits debugging */
 +# ifndef DefaultFCOptions
-+# define DefaultFCOptions       -fno-range-check -fno-automatic -fno-second-underscore
++# define DefaultFCOptions       -D_FORTIFY_SOURCE=2 -fno-range-check -fno-automatic -fno-second-underscore -fstack-protector --param=ssp-buffer-size=4
 +# endif
  # define NoOpFortranDebugFlags  -O0
 -# define CernlibSystem          -DCERNLIB_LINUX -DCERNLIB_UNIX -DCERNLIB_LNX -DCERNLIB_QMGLIBC -DCERNLIB_GFORTRAN
@@ -1980,3 +1977,23 @@ diff -urNad cernlib-2006.dfsg.2~/src/config/linux.cf cernlib-2006.dfsg.2/src/con
  
  /* End  CERNLIB changes */
  
+--- a/src/config/Imake.tmpl
++++ b/src/config/Imake.tmpl
+@@ -813,7 +813,7 @@
+ #endif
+ #endif
+ #ifndef ExtraLoadOptions
+-#define ExtraLoadOptions /**/
++#define ExtraLoadOptions -Wl,-z,relro
+ #endif
+ #ifndef ExtraLoadFlags
+ #define ExtraLoadFlags /**/
+@@ -1100,7 +1100,7 @@
+     PROOFOPTIONS = ProofOptions
+ #endif
+      STD_INCLUDES = StandardIncludes
+-  STD_CPP_DEFINES = StandardCppDefines
++  STD_CPP_DEFINES = StandardCppDefines -D_FORTIFY_SOURCE=2
+       STD_DEFINES = StandardDefines
+  EXTRA_LOAD_FLAGS = ExtraLoadFlags
+   EXTRA_LDOPTIONS = ExtraLoadOptions
diff --git a/debian/patches/800-implement-shared-library-rules-in-Imake.dpatch b/debian/patches/800-implement-shared-library-rules-in-Imake.dpatch
index dd80339..89ced4e 100755
--- a/debian/patches/800-implement-shared-library-rules-in-Imake.dpatch
+++ b/debian/patches/800-implement-shared-library-rules-in-Imake.dpatch
@@ -97,7 +97,7 @@ diff -urNad cernlib-2006.dfsg.2~/src/config/biglib.rules cernlib-2006.dfsg.2/src
 +	@echo rebuild version library $@ in $(CURRENT_DIR)		@@\
 +	@$(RM) $@							@@\
 +	@date								@@\
-+	@$(FCLINK) -shared -Wl,-soname=SharedLibrarySonameName(libname)\ @@\
++	@$(FCLINK) -Wl,-z,relro -shared -Wl,-soname=SharedLibrarySonameName(libname)\ @@\
 +		-o $@ `cat version/objects.list` `cernlib -v "" -dy libname\ @@\
 +		| sed s/Concat(-l,libname)//g`				@@\
 +	@date

-- 
CERNLIB is a suite of data analysis tools and libraries created for use in physics experiments, but also with applications to other fields such as the biological sciences

More information about the debian-science-commits mailing list