Bug#669183: pkg-kde-tools: LDFLAGS hardening flags overwritten when using variables.mk

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#669183: pkg-kde-tools: LDFLAGS hardening flags overwritten when using variables.mk
From: Simon Ruderich <simon@ruderich.org>
Date: Wed, 18 Apr 2012 02:13:00 +0200
Message-id: <[🔎] 20120418001300.GA16945@ruderich.org>
Reply-to: Simon Ruderich <simon@ruderich.org>, 669183@bugs.debian.org

Package: pkg-kde-tools
Version: 0.14.3
Severity: normal
Tags: patch

Dear Maintainer,

The LDFLAGS hardening flags are missing when a package includes
variables.mk. For more hardening information please have a look
at [1], [2] and [3].

The attached patch fixes the issue. It also updates README.Debian
to prevent the overwrite of hardening flags and adds CPPFLAGS to
CFLAGS which are otherwise ignored by cmake.

I found no way to enable DEB_KDE_LINK_WITH_AS_NEEDED without
including variables.mk. But for compat=9 there is another simple
way. Just add this at the top of debian/rules:

    export DEB_LDFLAGS_MAINT_APPEND = -Wl,--no-undefined -Wl,--as-needed

Works fine for all build systems which respect LDFLAGS and is
documented in dpkg-buildflags(1). Maybe you could add that to
README.Debian as well.

Regards,
Simon

[1]: https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
[2]: https://wiki.debian.org/HardeningWalkthrough
[3]: https://wiki.debian.org/Hardening
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

diff -Nru pkg-kde-tools-0.14.3/debian/README.Debian pkg-kde-tools-0.14.3.1~debhelper1/debian/README.Debian
--- pkg-kde-tools-0.14.3/debian/README.Debian	2011-04-25 09:39:21.000000000 +0200
+++ pkg-kde-tools-0.14.3.1~debhelper1/debian/README.Debian	2012-04-18 01:52:47.000000000 +0200
@@ -68,9 +68,9 @@
 	mkdir -p builddir
 	cd builddir && cmake .. \
 		-DCMAKE_INSTALL_PREFIX=/usr \
-		-DCMAKE_C_FLAGS="$(CFLAGS)" \
-		-DCMAKE_LD_FLAGS="-Wl,-z,defs" \
-		-DCMAKE_CXX_FLAGS="$(CXXFLAGS)" \
+		-DCMAKE_C_FLAGS="$(CPPFLAGS) $(CFLAGS)" \
+		-DCMAKE_LD_FLAGS="$(LDFLAGS) -Wl,-z,defs" \
+		-DCMAKE_CXX_FLAGS="$(CPPFLAGS) $(CXXFLAGS)" \
 		-DCMAKE_SKIP_RPATH=ON \
 		-DCMAKE_VERBOSE_MAKEFILE=ON \
 		$(DEB_CMAKE_KDE4_FLAGS)
diff -Nru pkg-kde-tools-0.14.3/makefiles/1/variables.mk pkg-kde-tools-0.14.3.1~debhelper1/makefiles/1/variables.mk
--- pkg-kde-tools-0.14.3/makefiles/1/variables.mk	2011-03-27 14:13:44.000000000 +0200
+++ pkg-kde-tools-0.14.3.1~debhelper1/makefiles/1/variables.mk	2012-04-18 01:52:01.000000000 +0200
@@ -47,7 +47,7 @@
 
 ifneq (,$(DEB_KDE_LINKER_FLAGS))
     DEB_CMAKE_CUSTOM_FLAGS += \
-        -DCMAKE_SHARED_LINKER_FLAGS="$(DEB_KDE_LINKER_FLAGS)" \
-        -DCMAKE_MODULE_LINKER_FLAGS="$(DEB_KDE_LINKER_FLAGS)" \
-        -DCMAKE_EXE_LINKER_FLAGS="$(DEB_KDE_LINKER_FLAGS)"
+        -DCMAKE_SHARED_LINKER_FLAGS="$(LDFLAGS) $(DEB_KDE_LINKER_FLAGS)" \
+        -DCMAKE_MODULE_LINKER_FLAGS="$(LDFLAGS) $(DEB_KDE_LINKER_FLAGS)" \
+        -DCMAKE_EXE_LINKER_FLAGS="$(LDFLAGS) $(DEB_KDE_LINKER_FLAGS)"
 endif

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Bug#662824: marked as done (plasma-netbook: Impossible to install the package, dependency issues)
Next by Date: Processed: reassign 667336 to libqt4-dev, forcibly merging 667911 667336, affects 667911
Previous by thread: Bug#662824: marked as done (plasma-netbook: Impossible to install the package, dependency issues)
Next by thread: Processed: reassign 667336 to libqt4-dev, forcibly merging 667911 667336, affects 667911
Index(es):
- Date
- Thread