[Pkg-ocaml-maint-commits] [ocaml] 01/05: obey hardening LDFLAGS (Closes: #792502)
Mehdi Dogguy
mehdi at moszumanska.debian.org
Thu Dec 22 00:00:54 UTC 2016
This is an automated email from the git hooks/post-receive script.
mehdi pushed a commit to branch debian/sid
in repository ocaml.
commit a36a945244e581785e36ea457b0b3a4f2ede0af6
Author: Mehdi Dogguy <mehdi at debian.org>
Date: Thu Dec 22 00:14:41 2016 +0100
obey hardening LDFLAGS (Closes: #792502)
---
debian/changelog | 8 ++++
...LAGS-for-linking-all-executables-and-shar.patch | 44 ++++++++++++++++++++++
debian/patches/series | 1 +
debian/rules | 3 ++
4 files changed, 56 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index c336057..b74401b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ocaml (4.02.3-9) UNRELEASED; urgency=medium
+
+ * obey hardening LDFLAGS (Closes: #792502). Thanks to Török Edwin
+ for the patch!
+ - add patch 0013-Obey-ldflags.patch
+
+ -- Mehdi Dogguy <mehdi at debian.org> Thu, 22 Dec 2016 00:12:38 +0100
+
ocaml (4.02.3-8) unstable; urgency=medium
* Default to PIC on arm, to fix failing armhf tests (Closes: #837359).
diff --git a/debian/patches/0013-Use-CCLINKFLAGS-for-linking-all-executables-and-shar.patch b/debian/patches/0013-Use-CCLINKFLAGS-for-linking-all-executables-and-shar.patch
new file mode 100644
index 0000000..6cdc64c
--- /dev/null
+++ b/debian/patches/0013-Use-CCLINKFLAGS-for-linking-all-executables-and-shar.patch
@@ -0,0 +1,44 @@
+From: Torok Edwin <edwin at etorok.net>
+Date: Wed, 15 Jul 2015 16:33:23 +0300
+Subject: Use CCLINKFLAGS for linking all executables and shared libraries
+
+This allows packagers to set additional linker flags for executables and shared
+libraries created by OCaml, and for the OCaml tools themselves.
+OCaml code can be linked with various C stubs and C libraries that would
+benefit from using hardening link flags, such as -Wl,-z,relro.
+
+Origin: other
+Bug-Debian: https://bugs.debian.org/702349
+Forwarded: no
+Last-Update: <2015-07-15>
+---
+ configure | 2 ++
+ tools/Makefile.shared | 2 +-
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/configure b/configure
+index c37a2e5..b58a86d 100755
+--- a/configure
++++ b/configure
+@@ -768,6 +768,8 @@ if test $with_sharedlibs = "yes"; then
+ shared_libraries_supported=true;;
+ esac
+ fi
++mksharedlib="$mksharedlib $CCLINKFLAGS"
++mkexe="$mkexe $CCLINKFLAGS"
+
+ if test -z "$mkmaindll"; then
+ mkmaindll=$mksharedlib
+diff --git a/tools/Makefile.shared b/tools/Makefile.shared
+index 0b90cd3..2d5546e 100644
+--- a/tools/Makefile.shared
++++ b/tools/Makefile.shared
+@@ -287,7 +287,7 @@ endif
+
+ objinfo_helper$(EXE): objinfo_helper.c ../config/s.h
+ $(BYTECC) $(CCOUT)objinfo_helper$(EXE) $(BYTECCCOMPOPTS) \
+- objinfo_helper.c $(LIBBFD_LINK)
++ objinfo_helper.c $(LIBBFD_LINK) $(CCLINKFLAGS)
+
+ OBJINFO=../compilerlibs/ocamlcommon.cma \
+ ../compilerlibs/ocamlbytecomp.cma \
diff --git a/debian/patches/series b/debian/patches/series
index 552c4d7..7ca62b3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,4 @@
0010-Add-a-.file-directive-to-generated-.s-files.patch
0011-Compatibility-with-x32-architecture.patch
0012-arm-default-PIC.patch
+0013-Use-CCLINKFLAGS-for-linking-all-executables-and-shar.patch
diff --git a/debian/rules b/debian/rules
index a1e56b3..438b0d0 100755
--- a/debian/rules
+++ b/debian/rules
@@ -61,6 +61,9 @@ endif
export OCAML_OPT_ARCH
export OCAML_STDLIB_DIR
+export DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow
+export CCLINKFLAGS=$(shell dpkg-buildflags --get LDFLAGS)
+
CONFIGURE_OPTS := \
--host $(DEB_BUILD_GNU_TYPE)\
--with-pthread -prefix $(DEB_TEST_BUILD_PREFIX)/usr \
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ocaml-maint/packages/ocaml.git
More information about the Pkg-ocaml-maint-commits
mailing list