[SCM] libutempter library packaging branch, master, updated. debian/1.1.5-4-17-g2fdd2ba

Felix Geyer fgeyer at moszumanska.debian.org
Sat Jun 13 14:58:49 UTC 2015 

Gitweb-URL: http://git.debian.org/?p=pkg-kde/krap/libutempter.git;a=commitdiff;h=486fef0

The following commit has been merged in the master branch:
commit 486fef0587d27a7e0f6059010217de64268c829c
Author: Felix Geyer <fgeyer at debian.org>
Date:   Sat Jun 13 16:48:17 2015 +0200

    Enable hardening flags pie and bindnow.
    
    * Enable hardening flags pie and bindnow. (Closes: #759751)
      - Add filter_pie_shared_lib.diff so the PIE flags are filtered when
        building the shared library.
---
 debian/changelog                          |  3 +++
 debian/patches/filter_pie_shared_lib.diff | 24 ++++++++++++++++++++++++
 debian/patches/series                     |  1 +
 debian/rules                              |  2 ++
 4 files changed, 30 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 678ee11..281be74 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,9 @@ libutempter (1.1.6-1) UNRELEASED; urgency=medium
   * Retire utempter system group. (Closes: #698858, #545184)
     - Make /usr/lib/utempter root:root owned. (Closes: #698590)
   * Bump Standards-Version to 3.9.6, no changes needed.
+  * Enable hardening flags pie and bindnow. (Closes: #759751)
+    - Add filter_pie_shared_lib.diff so the PIE flags are filtered when
+      building the shared library.
 
  -- Felix Geyer <fgeyer at debian.org>  Thu, 28 May 2015 18:23:38 +0200
 
diff --git a/debian/patches/filter_pie_shared_lib.diff b/debian/patches/filter_pie_shared_lib.diff
new file mode 100644
index 0000000..774968d
--- /dev/null
+++ b/debian/patches/filter_pie_shared_lib.diff
@@ -0,0 +1,24 @@
+Description: Filter PIE flags when building the shared library.
+Author: Felix Geyer <fgeyer at debian.org>
+
+--- a/Makefile
++++ b/Makefile
+@@ -47,15 +47,15 @@
+ all: $(TARGETS)
+ 
+ %.os: %.c
+-	$(COMPILE.c) -fPIC $< $(OUTPUT_OPTION)
++	$(CC) $(CPPFLAGS) $(filter-out -fPIE,$(CFLAGS)) -c -fPIC $< $(OUTPUT_OPTION)
+ 
+ $(PROJECT): utempter.c
+ 	$(LINK.c) -Wl,-z,now,-stats $(LDLIBS) $< $(OUTPUT_OPTION)
+ 
+ $(SHAREDLIB): iface.os $(MAP)
+-	$(LINK.o) -shared \
++	$(CC) $(filter-out -fPIE -pie,$(LDFLAGS)) -shared \
+ 		-Wl,-soname,$(SONAME),--version-script=$(MAP),-z,defs,-stats \
+-		-lc $< $(OUTPUT_OPTION)
++		-lc $< $(OUTPUT_OPTION) $(LDLIBS)
+ 
+ $(STATICLIB): iface.o
+ 	$(AR) $(ARFLAGS) $@ $<
diff --git a/debian/patches/series b/debian/patches/series
index 2502990..f2e16b3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 keep_env_build_flags.diff
+filter_pie_shared_lib.diff
diff --git a/debian/rules b/debian/rules
index 2e6d18f..f5b625e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,5 +1,7 @@
 #!/usr/bin/make -f
 
+export DEB_BUILD_MAINT_OPTIONS = hardening=+pie,+bindnow
+
 %:
 	dh $@ --parallel --list-missing
 

-- 
libutempter library packaging

More information about the pkg-kde-commits mailing list