[Pkg-octave-commit] [octave-ltfat] 01/01: Add security hardening build flags
Rafael Laboissière
rlaboiss-guest at moszumanska.debian.org
Fri Sep 12 11:58:41 UTC 2014
This is an automated email from the git hooks/post-receive script.
rlaboiss-guest pushed a commit to branch master
in repository octave-ltfat.
commit 29ef0ec4743ff8dea4cc3317b141bf9a6191f09b
Author: Rafael Laboissiere <rafael at laboissiere.net>
Date: Fri Sep 12 08:25:45 2014 -0300
Add security hardening build flags
---
debian/patches/add-hardening-flags.patch | 20 ++++++++++++++++++++
debian/patches/series | 1 +
debian/rules | 2 ++
3 files changed, 23 insertions(+)
diff --git a/debian/patches/add-hardening-flags.patch b/debian/patches/add-hardening-flags.patch
new file mode 100644
index 0000000..cbefb67
--- /dev/null
+++ b/debian/patches/add-hardening-flags.patch
@@ -0,0 +1,20 @@
+Description: Allow the use of default value in CFLAGS
+ This changes allow the inclusion of security hardening build flags
+ for CFLAGS and CPPFLAGS, via debian/rules. This is one of the
+ release goals of Debian, see:
+ https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
+Author: Rafael Laboissiere <rafael at laboissiere.net>
+Forwarded: https://savannah.gnu.org/bugs/index.php?43210
+Last-Update: 2014-09-12
+
+--- octave-ltfat-1.4.4.orig/src/Makefile_unix
++++ octave-ltfat-1.4.4/src/Makefile_unix
+@@ -22,7 +22,7 @@ ifndef SFFTW
+ endif
+
+
+-CFLAGS=-O3 -fPIC -std=c99 -Ithirdparty
++CFLAGS+=-O3 -fPIC -std=c99 -Ithirdparty
+ SHARED_FLAGS=-shared -Wl,--no-undefined -lc -lm -L"$(MATLABROOT)/bin/$(ARCH)" \
+ -lmwblas -lmwlapack $(DFFTW) $(SFFTW)
+
diff --git a/debian/patches/series b/debian/patches/series
index 7867fa2..b86bc9b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
autoload-yes.patch
add-subdirs-to-loadpath.patch
+add-hardening-flags.patch
diff --git a/debian/rules b/debian/rules
index 66b8920..7579519 100755
--- a/debian/rules
+++ b/debian/rules
@@ -5,6 +5,8 @@ include /usr/share/cdbs/1/class/octave-pkg.mk
OCTPKG_TEST_ENV = xvfb-run
+export CFLAGS = $(shell dpkg-buildflags --get CFLAGS) $(shell dpkg-buildflags --get CPPFLAGS)
+
# The following rule is needed because an empty lib/ directory is
# needed for building the package correctly. Even though there is one
# in the tarball, it is not created by gbp-import-orig, hence the
--
Alioth's /home/groups/pkg-octave/bin/git-commit-notice on /srv/git.debian.org/git/pkg-octave/octave-ltfat.git
More information about the Pkg-octave-commit
mailing list