[pkg-firebird-general] Bug#654793: firebird2.5: Hardeneng flags not fully enabled

Wed Jan 11 08:23:12 UTC 2012

-=| Alex Peshkoff, 11.01.2012 11:57:55 +0400 |=-
>  On 01/10/12 21:17, Moritz Muehlenhoff wrote:
> > On Tue, Jan 10, 2012 at 11:06:04AM +0200, Damyan Ivanov wrote:
> >>> - The check for fortified source functions depends on the use of 
> >>> such functions. If none of them are present the error "no 
> >>> protectable libc functions used" is shown. However, there are also 
> >>> results that show "no" (e.g. /usr/bin/fbsvcmgr). As such, there 
> >>> might indeed be a problem with the LDFLAGS being overwritten.
> >> Most of the binaries suffer from this, and in the end the reason 
> >> appears to be missing usage of CPPFLAGS when compiling C++ sources.
> > That's correct. I've meant CPPFLAGS.
> 
> CPreProcessorFLAGS when compiling C++ resources? I always use for it
> CXXFLAGS, which are taken into an account in firebird makefiles.
> 
> http://stackoverflow.com/questions/495598/difference-between-cppflags-and-cxxflags-in-gnu-make

CPP can pre-process all kinds of sources, C, C++, Fortran... and we 
want all of them to have that _FORTIFY_SOURCE=2 define. I think this 
is the reason to put it in CPPFLAGS -- to have it when pre-processing 
all source files.

As I understand it, CPPFLAGS is now taken into account when compiling 
plain C sources by pure luck -- the build system relies on the 
implicit rule for .c -> .o compilation in 'make'. And since explicit 
rules are used for .cpp -> .o compilation, CPPFLAGS integration is 
gone.

From 
https://www.gnu.org/savannah-checkouts/gnu/make/manual/html_node/Catalogue-of-Rules.html#Catalogue-of-Rules

Compiling C programs
    n.o is made automatically from n.c with a recipe of the form 
    ‘$(CC) $(CPPFLAGS) $(CFLAGS) -c’.
Compiling C++ programs
    n.o is made automatically from n.cc, n.cpp, or n.C with a recipe 
    of the form ‘$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c’. We encourage you 
    to use the suffix ‘.cc’ for C++ source files instead of ‘.C’.
Compiling Pascal programs
    n.o is made automatically from n.p with the recipe ‘$(PC) 
    $(PFLAGS) -c’.
Compiling Fortran and Ratfor programs
    n.o is made automatically from n.r, n.F or n.f by running the 
    Fortran compiler. The precise recipe used is as follows:

    ‘.f’
        ‘$(FC) $(FFLAGS) -c’.
    ‘.F’
        ‘$(FC) $(FFLAGS) $(CPPFLAGS) -c’.
    ‘.r’
        ‘$(FC) $(FFLAGS) $(RFLAGS) -c’. 

So using CPPFLAGS for C++ sources is the default, not some exotic :)

Hopefully this makes the patch integrating CPPFLAGS acceptable.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-firebird-general/attachments/20120111/6e162730/attachment.pgp>