Bug#670993: busybox: Please use dpkg-buildflags for hardening support
Package: busybox
Version: 1:1.19.3-7
Severity: important
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu quantal ubuntu-patch
Hi guys,
In merging the latest version of the busybox package into Ubuntu for the
newly-opened quantal, I noticed that the package was not applying hardening
flags from dpkg-buildflags. As building with hardening enabled is a release
goal for wheezy, I would encourage you to apply the attached patch.
Note that this also turns on V=1 when building, without which it's rather
difficult to see from the logs what flags are being passed at all. Verbose
package build logs by default are definitely best practice so that it's
possible to do analysis of this kind of thing against buildd.debian.org.
Thanks for considering the patch.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org
=== modified file 'debian/rules'
--- debian/rules 2012-04-12 12:15:43 +0000
+++ debian/rules 2012-05-01 00:54:23 +0000
@@ -15,6 +15,11 @@
export CROSS_COMPILE = $(DEB_HOST_GNU_TYPE)-
endif
+export CFLAGS := $(shell dpkg-buildflags --get CFLAGS)
+export LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS)
+export CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS)
+CFLAGS := $(filter-out -Werror=format-security,$(CFLAGS))
+
build: build-arch build-indep
build-indep:
@@ -65,7 +70,7 @@
$(BUILD_DIR)/%/.built: DIR = $(BUILD_DIR)/$*
$(BUILD_DIR)/%/.built: $(BUILD_DIR)/%/.setup
dh_testdir
- $(MAKE) -C '$(DIR)' SKIP_STRIP=y install docs/busybox.1 BB_EXTRA_VERSION="$(VENDOR) $(VERSION_DEBIAN)"
+ $(MAKE) -C '$(DIR)' V=1 SKIP_STRIP=y install docs/busybox.1 BB_EXTRA_VERSION="$(VENDOR) $(VERSION_DEBIAN)"
touch $@
clean:
Reply to: