Ubuntu dpkg 1.14.20ubuntu2

To: dpkg@packages.qa.debian.org
Subject: Ubuntu dpkg 1.14.20ubuntu2
From: Ubuntu Merge-o-Matic <mom@ubuntu.com>
Date: Mon, 07 Jul 2008 20:30:40 -0000
Message-id: <[🔎] 20080707203040.6540.30365@casey.canonical.com>

This e-mail has been sent due to an upload to Ubuntu that contains Ubuntu
changes.  It contains the difference between the new version and the
previous version of the same source package in Ubuntu.

Format: 1.7
Date: Thu, 03 Jul 2008 13:18:50 -0700
Source: dpkg
Binary: dpkg dselect dpkg-dev
Architecture: source
Version: 1.14.20ubuntu2
Distribution: intrepid
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Kees Cook <kees@ubuntu.com>
Description: 
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
Changes: 
 dpkg (1.14.20ubuntu2) intrepid; urgency=low
 .
   * scripts/dpkg-buildpackage.pl, man/dpkg-buildpackage.1: implement
     handling of hardening-wrapper options via DEB_BUILD_OPTIONS
     (Debian bug #489771).
Files: 
 338a2354ad24943134814a900f7bccb9 1357 admin required dpkg_1.14.20ubuntu2.dsc
 7dba047ca956fa1b9ec938d721c1b96c 6655734 admin required dpkg_1.14.20ubuntu2.tar.gz
Original-Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>

diff -pruN 1.14.20ubuntu1/debian/changelog 1.14.20ubuntu2/debian/changelog
--- 1.14.20ubuntu1/debian/changelog	2008-06-26 13:07:58.000000000 +0100
+++ 1.14.20ubuntu2/debian/changelog	2008-07-07 19:00:02.000000000 +0100
@@ -1,3 +1,11 @@
+dpkg (1.14.20ubuntu2) intrepid; urgency=low
+
+  * scripts/dpkg-buildpackage.pl, man/dpkg-buildpackage.1: implement
+    handling of hardening-wrapper options via DEB_BUILD_OPTIONS
+    (Debian bug #489771).
+
+ -- Kees Cook <kees@ubuntu.com>  Thu, 03 Jul 2008 13:18:50 -0700
+
 dpkg (1.14.20ubuntu1) intrepid; urgency=low
 
   * Resynchronise with Debian. Remaining changes:
diff -pruN 1.14.20ubuntu1/man/dpkg-buildpackage.1 1.14.20ubuntu2/man/dpkg-buildpackage.1
--- 1.14.20ubuntu1/man/dpkg-buildpackage.1	2008-06-26 13:06:51.000000000 +0100
+++ 1.14.20ubuntu2/man/dpkg-buildpackage.1	2008-07-07 18:46:04.000000000 +0100
@@ -286,6 +286,38 @@ have to be stripped from these options. 
 Optimization options appended to the compiler flags when linking code,
 which must not be overwritten by the package (mostly used to for test
 builds). Default value: empty.
+.TP
+.B DEB_BUILD_OPTIONS
+As indicated above,
+.BR noopt
+will disable optimation.
+Additionally, when used with the
+.BR hardening-wrapper
+package, the values
+.BR hardening
+and
+.BR nohardening
+will be converted into their respective DEB_BUILD_HARDENING values.
+The
+.BR hardening
+option can also include (optionally prefixed with
+.BR no
+) the following sub-options:
+.BR stackprotector
+.BR format
+.BR fortify
+.BR pie
+.BR relro
+For example,
+.BR DEB_BUILD_OPTIONS=hardening=nopie
+would cause
+.BR DEB_BUILD_HARDENING_PIE=0
+to be set, or
+.BR DEB_BUILD_OPTIONS=nohardening
+would cause
+.BR DEB_BUILD_HARDENING=0
+to be set.
+See http://wiki.debian.org/Hardening for further details.
 .
 .SH BUGS
 It should be possible to specify spaces and shell metacharacters in
diff -pruN 1.14.20ubuntu1/scripts/dpkg-buildpackage.pl 1.14.20ubuntu2/scripts/dpkg-buildpackage.pl
--- 1.14.20ubuntu1/scripts/dpkg-buildpackage.pl	2008-06-26 13:06:51.000000000 +0100
+++ 1.14.20ubuntu2/scripts/dpkg-buildpackage.pl	2008-07-07 18:56:42.000000000 +0100
@@ -278,6 +278,41 @@ foreach my $flag (keys %flags) {
     }
 }
 
+# Allow control of hardening-wrapper via dpkg-buildpackage DEB_BUILD_OPTIONS
+my $hardening = $build_opts->{'hardening'};
+if (defined $build_opts->{'nohardening'}) {
+    $hardening = 0;
+}
+if (defined $hardening) {
+    my $flag = 'DEB_BUILD_HARDENING';
+    if ($hardening ne "0") {
+        if (! -x '/usr/bin/hardened-cc') {
+            syserr(_g("%s: 'hardening' flag found but 'hardening-wrapper' not installed\n"),
+                $progname);
+        }
+        if ($hardening ne "1") {
+            my @options = split(/,\s*/,$hardening);
+            $hardening=1;
+
+            my @hardopts = ('format', 'fortify', 'stackprotector',
+                            'pie', 'relro');
+            foreach my $item (@hardopts) {
+                my $upitem = uc($item);
+                foreach my $option (@options) {
+                    if ($option =~ /^(no)?$item$/) {
+                        $ENV{$flag.'_'.$upitem} = ($1 eq "");
+                    }
+                }
+            }
+        }
+    }
+    if (defined $ENV{$flag}) {
+        printf(_g("%s: overriding %s in environment: %s\n"), $progname,
+                $flag, $hardening);
+    }
+    $ENV{$flag}=$hardening;
+}
+
 my $cwd = cwd();
 my $dir = basename($cwd);

Reply to:

Prev by Date: Re: [Lf_desktop] LSB Package API
Next by Date: Re: Multiarch and idea for improved diversions and alternatives handling
Previous by thread: Re: [Lf_desktop] LSB Package API
Next by thread: New Build-Options field and build-arch option, please review
Index(es):
- Date
- Thread