Bug#685882: unblock: zoneminder/1.25.0-3

To: Julien Cristau <jcristau@debian.org>
Cc: 685882@bugs.debian.org
Subject: Bug#685882: unblock: zoneminder/1.25.0-3
From: Vagrant Cascadian <vagrant@freegeek.org>
Date: Tue, 28 Aug 2012 12:45:15 -0700
Message-id: <[🔎] 20120828194515.GK21245@talon.fglan>
Reply-to: Vagrant Cascadian <vagrant@freegeek.org>, 685882@bugs.debian.org
In-reply-to: <[🔎] 20120827171023.GN5484@radis.cristau.org>
References: <[🔎] 20120825213734.GJ21245@talon.fglan> <[🔎] 20120827171023.GN5484@radis.cristau.org>

retitle 685882 unblock: zoneminder/1.25.0-3
thanks

On Mon, Aug 27, 2012 at 07:10:23PM +0200, Julien Cristau wrote:
> On Sat, Aug 25, 2012 at 14:37:34 -0700, Vagrant Cascadian wrote:
> 
> > diff -Nru zoneminder-1.25.0/debian/rules zoneminder-1.25.0/debian/rules
> > --- zoneminder-1.25.0/debian/rules	2011-12-12 14:48:18.000000000 -0800
> > +++ zoneminder-1.25.0/debian/rules	2012-08-23 13:27:54.000000000 -0700
> > @@ -17,21 +17,18 @@
> >  DEB_HOST_GNU_TYPE   ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
> >  DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
> >  
> > -CFLAGS = -Wall -g
> > -CPPFLAGS = -D__STDC_CONSTANT_MACROS
> > -CXXFLAGS = -DZM_FFMPEG_CVS -DHAVE_LIBCRYPTO
> > -
> > -ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
> > -	CFLAGS += -O0
> > -else
> > -	CFLAGS += -O2
> > -endif
> > +CFLAGS = $(shell dpkg-buildflags --get CFLAGS)
> > +CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS)
> > +CXXFLAGS = $(shell dpkg-buildflags --get CXXFLAGS)
> > +CFLAGS += -Wall -g
> > +CPPFLAGS += -D__STDC_CONSTANT_MACROS
> > +CXXFLAGS += -DZM_FFMPEG_CVS -DHAVE_LIBCRYPTO
> >  
> >  %:
> >  	dh $@ --with autoreconf
> >  
> >  override_dh_auto_configure:
> > -	CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --sysconfdir=/etc/zm --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --with-mysql=/usr  --with-webdir=/usr/share/zoneminder --with-ffmpeg=/usr --with-cgidir=/usr/lib/cgi-bin --with-webuser=www-data --with-webgroup=www-data --enable-crashtrace=no --enable-mmap=yes
> > +	./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --sysconfdir=/etc/zm --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --with-mysql=/usr  --with-webdir=/usr/share/zoneminder --with-ffmpeg=/usr --with-cgidir=/usr/lib/cgi-bin --with-webuser=www-data --with-webgroup=www-data --enable-crashtrace=no --enable-mmap=yes
> >  
> How are the build flags passed to configure?  They don't seem to be
> explicitly exported, and you removed them from the configure cmdline.

Apologies, they're not recognized at all...

Updated debian/rules to export the various *FLAGS variables, and added LDFLAGS,
to catch all the cases lintian complains about regarding hardening build flags.

Uploaded zoneminder 1.25.0-3, new debdiff (against 1.25.0-1.1) attached...

Thanks for your viligant review!


live well,
  vagrant

diff -Nru zoneminder-1.25.0/debian/changelog zoneminder-1.25.0/debian/changelog
--- zoneminder-1.25.0/debian/changelog	2012-05-13 08:03:32.000000000 -0700
+++ zoneminder-1.25.0/debian/changelog	2012-08-28 12:10:05.000000000 -0700
@@ -1,3 +1,24 @@
+zoneminder (1.25.0-3) unstable; urgency=low
+
+  * debian/rules: Export CFLAGS, CPPFLAGS, CXXFLAGS and LDFLAGS, to ensure 
+    hardening build flags are enabled. 
+
+ -- Vagrant Cascadian <vagrant@debian.org>  Tue, 28 Aug 2012 12:10:03 -0700
+
+zoneminder (1.25.0-2) unstable; urgency=low
+
+  [ Vagrant Cascadian ]
+  * Add a patch to disable checking for updated versions by default, as 
+    upgrades should happen through package management.
+  * Use dpkg-buildflags in debian/rules to set default compiler flags.
+  * Ensure zoneminder is stopped before starting (Closes: #657407).
+
+  [ Peter Howard ]
+  * Fix postinst to add permission for table creation during upgrade 
+    (Closes: #657407).
+
+ -- Vagrant Cascadian <vagrant@debian.org>  Thu, 23 Aug 2012 12:40:34 -0700
+
 zoneminder (1.25.0-1.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru zoneminder-1.25.0/debian/patches/do_not_check_for_updates_by_default zoneminder-1.25.0/debian/patches/do_not_check_for_updates_by_default
--- zoneminder-1.25.0/debian/patches/do_not_check_for_updates_by_default	1969-12-31 16:00:00.000000000 -0800
+++ zoneminder-1.25.0/debian/patches/do_not_check_for_updates_by_default	2012-08-23 12:36:21.000000000 -0700
@@ -0,0 +1,17 @@
+Default to not checking for updated versions of ZoneMinder, as users should 
+get updates through the package. Also prevents "phoning home" to 
+zoneminder.com.
+
+Index: zoneminder/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in
+===================================================================
+--- zoneminder.orig/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in	2011-12-12 14:48:18.183612192 -0800
++++ zoneminder/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in	2012-05-13 15:10:34.057470903 -0700
+@@ -1290,7 +1290,7 @@
+ 	},
+ 	{
+ 		name => "ZM_CHECK_FOR_UPDATES",
+-		default => "yes",
++		default => "no",
+ 		description => "Check with zoneminder.com for updated versions",
+ 		help => "From ZoneMinder version 1.17.0 onwards new versions are expected to be more frequent. To save checking manually for each new version ZoneMinder can check with the zoneminder.com website to determine the most recent release. These checks are infrequent, about once per week, and no personal or system information is transmitted other than your current version number. If you do not wish these checks to take place or your ZoneMinder system has no internet access you can switch these check off with this configuration variable",
+ 		type => $types{boolean},
diff -Nru zoneminder-1.25.0/debian/patches/series zoneminder-1.25.0/debian/patches/series
--- zoneminder-1.25.0/debian/patches/series	2012-05-13 07:59:11.000000000 -0700
+++ zoneminder-1.25.0/debian/patches/series	2012-08-23 12:36:42.000000000 -0700
@@ -10,3 +10,4 @@
 zm-ffmpeg-as-c-library
 include-avutil-mathematics-header
 Fix-FTBFS-with-gcc-4.7
+do_not_check_for_updates_by_default
diff -Nru zoneminder-1.25.0/debian/postinst zoneminder-1.25.0/debian/postinst
--- zoneminder-1.25.0/debian/postinst	2011-12-12 14:48:18.000000000 -0800
+++ zoneminder-1.25.0/debian/postinst	2012-08-23 12:35:44.000000000 -0700
@@ -26,7 +26,7 @@
 				OLD_ZM_VERSION=$(echo 'select Value from Config where Name = "ZM_DYN_CURR_VERSION";' | mysql --defaults-file=/etc/mysql/debian.cnf --skip-column-names zm ) 
 			fi
 			if [ -n "$OLD_ZM_VERSION" ] && [ "$OLD_ZM_VERSION" != "$VERSION" ] ; then
-				echo 'grant lock tables, alter on zm.* to 'zmuser'@localhost identified by "zmpass";' | mysql --defaults-file=/etc/mysql/debian.cnf mysql
+				echo 'grant lock tables, create, alter on zm.* to 'zmuser'@localhost identified by "zmpass";' | mysql --defaults-file=/etc/mysql/debian.cnf mysql
 				# stop zoneminder before performing database upgrade.
 				invoke-rc.d zoneminder stop || true
 				zmupdate.pl --nointeractive --version $OLD_ZM_VERSION 
@@ -41,4 +41,10 @@
 			chown www-data:www-data -R /var/cache/zoneminder
 		fi
 fi
+# Ensure zoneminder is stopped...
+if [ -x "/etc/init.d/zoneminder" ]; then
+	if invoke-rc.d zoneminder status ; then
+		invoke-rc.d zoneminder stop || exit $?
+	fi
+fi
 #DEBHELPER#
diff -Nru zoneminder-1.25.0/debian/rules zoneminder-1.25.0/debian/rules
--- zoneminder-1.25.0/debian/rules	2011-12-12 14:48:18.000000000 -0800
+++ zoneminder-1.25.0/debian/rules	2012-08-28 12:00:10.000000000 -0700
@@ -17,21 +17,19 @@
 DEB_HOST_GNU_TYPE   ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
 DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
 
-CFLAGS = -Wall -g
-CPPFLAGS = -D__STDC_CONSTANT_MACROS
-CXXFLAGS = -DZM_FFMPEG_CVS -DHAVE_LIBCRYPTO
-
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-	CFLAGS += -O0
-else
-	CFLAGS += -O2
-endif
+export CFLAGS = $(shell dpkg-buildflags --get CFLAGS)
+export CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS)
+export CXXFLAGS = $(shell dpkg-buildflags --get CXXFLAGS)
+export LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS)
+CFLAGS += -Wall -g
+CPPFLAGS += -D__STDC_CONSTANT_MACROS
+CXXFLAGS += -DZM_FFMPEG_CVS -DHAVE_LIBCRYPTO
 
 %:
 	dh $@ --with autoreconf
 
 override_dh_auto_configure:
-	CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --sysconfdir=/etc/zm --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --with-mysql=/usr  --with-webdir=/usr/share/zoneminder --with-ffmpeg=/usr --with-cgidir=/usr/lib/cgi-bin --with-webuser=www-data --with-webgroup=www-data --enable-crashtrace=no --enable-mmap=yes
+	./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --sysconfdir=/etc/zm --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --with-mysql=/usr  --with-webdir=/usr/share/zoneminder --with-ffmpeg=/usr --with-cgidir=/usr/lib/cgi-bin --with-webuser=www-data --with-webgroup=www-data --enable-crashtrace=no --enable-mmap=yes
 
 override_dh_clean:
 	# check to make sure that postinst contains the correct upstream version

Reply to:

Follow-Ups:
- Processed: Re: Bug#685882: unblock: zoneminder/1.25.0-3
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

References:
- Bug#685882: unblock: zoneminder/1.25.0-2
  - From: Vagrant Cascadian <vagrant@debian.org>
- Bug#685882: unblock: zoneminder/1.25.0-2
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: Processed: Re: Bug#685882: unblock: zoneminder/1.25.0-3
Next by Date: re: miredo: FTBFS `pkglibdir' is not a legitimate directory for `PROGRAMS'
Previous by thread: Bug#685882: unblock: zoneminder/1.25.0-2
Next by thread: Processed: Re: Bug#685882: unblock: zoneminder/1.25.0-3
Index(es):
- Date
- Thread