[cb2bib] 10/14: Try patch to see if we can add flags to security-harden the binary.

Filippo Rusconi lopippo at moszumanska.debian.org
Mon Aug 17 13:34:54 UTC 2015 

This is an automated email from the git hooks/post-receive script.

lopippo pushed a commit to branch master
in repository cb2bib.

commit 5f7d721ef7115e91faff2fe79ab4756377a039c7
Author: Filippo Rusconi (Uploading Debian Developer) <lopippo at debian.org>
Date:   Mon Aug 17 12:58:07 2015 +0200

    Try patch to see if we can add flags to security-harden the binary.
---
 cb2bib.pro                           |  8 ++++++++
 debian/changelog                     |  2 +-
 debian/patches/hardening-rules.patch | 18 ++++++++++++++++++
 debian/patches/series                |  1 +
 4 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/cb2bib.pro b/cb2bib.pro
index e47b655..7cd7b8e 100644
--- a/cb2bib.pro
+++ b/cb2bib.pro
@@ -3,3 +3,11 @@ win32 {
 SUBDIRS += src/win
 }
 TEMPLATE = subdirs 
+
+# Addition by FRusconi <lopippo at debian.org> to security-harden the
+# binary.
+
+QMAKE_CPPFLAGS *= $(shell dpkg-buildflags --get CPPFLAGS)
+QMAKE_CFLAGS   *= $(shell dpkg-buildflags --get CFLAGS)
+QMAKE_CXXFLAGS *= $(shell dpkg-buildflags --get CXXFLAGS)
+QMAKE_LFLAGS   *= $(shell dpkg-buildflags --get LDFLAGS)
diff --git a/debian/changelog b/debian/changelog
index 6def8c4..33f0e5b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,7 +11,7 @@ cb2bib (1.9.2-1) unstable; urgency=medium
   * debian/rules: call qmake instead of cmake and fix call to rm in rule
     override_dh_clean;
 
-  * debian/patches: removed as useless now.
+  * debian/patches: add patch to security-harden the binary.
 
  -- Filippo Rusconi <lopippo at debian.org>  Mon, 17 Aug 2015 10:20:21 +0200
 
diff --git a/debian/patches/hardening-rules.patch b/debian/patches/hardening-rules.patch
new file mode 100644
index 0000000..828dbad
--- /dev/null
+++ b/debian/patches/hardening-rules.patch
@@ -0,0 +1,18 @@
+Patch to tell qmake the flags to harden the binary
+
+diff --git a/cb2bib.pro b/cb2bib.pro
+index e47b655..7cd7b8e 100644
+--- a/cb2bib.pro
++++ b/cb2bib.pro
+@@ -3,3 +3,11 @@ win32 {
+ SUBDIRS += src/win
+ }
+ TEMPLATE = subdirs 
++
++# Addition by FRusconi <lopippo at debian.org> to security-harden the
++# binary.
++
++QMAKE_CPPFLAGS *= $(shell dpkg-buildflags --get CPPFLAGS)
++QMAKE_CFLAGS   *= $(shell dpkg-buildflags --get CFLAGS)
++QMAKE_CXXFLAGS *= $(shell dpkg-buildflags --get CXXFLAGS)
++QMAKE_LFLAGS   *= $(shell dpkg-buildflags --get LDFLAGS)
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..8fcbf30
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+hardening-rules.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-science/packages/cb2bib.git

More information about the debian-science-commits mailing list