diff options
| author | Guillem Jover <guillem@hadrons.org> | 2012-01-01 06:30:54 +0100 |
|---|---|---|
| committer | Guillem Jover <guillem@hadrons.org> | 2012-01-01 06:55:10 +0100 |
| commit | e81f15cafae52f278d7c0740a7a5b506cf328c53 (patch) | |
| tree | 88df12eff31c944101fb5d59f04ebaeb64b31d8c | |
| parent | adf353076baa629d88544067ef15ac9302c83172 (diff) | |
| download | inetutils-e81f15cafae52f278d7c0740a7a5b506cf328c53.tar.gz | |
Use dpkg-buildflags to set build flags (enables default hardening flags)
Fix code to not fail on -Wformat-security.
Closes: #653436
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/patches/71_ftbfs_format_security.patch | 108 | ||||
| -rw-r--r-- | debian/patches/series | 1 | ||||
| -rwxr-xr-x | debian/rules | 12 |
4 files changed, 115 insertions, 8 deletions
diff --git a/debian/changelog b/debian/changelog index ce4b812..2793840 100644 --- a/debian/changelog +++ b/debian/changelog @@ -17,6 +17,8 @@ inetutils (2:1.9-1) UNRELEASED; urgency=low - debian/patches/62_inetd_change_ipv6_protocol_semantics.patch: Likewise. - debian/patches/70_ftbfs_non-linux.patch: Likewise. * Pass “-Im4 -Iam” to autoreconf call in debian/rules. + * Use dpkg-buildflags to set build flags (enables default hardening flags). + Fix code to not fail on -Wformat-security. (Closes: #653436) -- Guillem Jover <guillem@debian.org> Sun, 01 Jan 2012 04:34:04 +0100 diff --git a/debian/patches/71_ftbfs_format_security.patch b/debian/patches/71_ftbfs_format_security.patch new file mode 100644 index 0000000..08be8c7 --- /dev/null +++ b/debian/patches/71_ftbfs_format_security.patch @@ -0,0 +1,108 @@ +--- + lib/argp-parse.c | 2 +- + telnet/utilities.c | 36 ++++++++++++++++++------------------ + 2 files changed, 19 insertions(+), 19 deletions(-) + +--- a/telnet/utilities.c ++++ b/telnet/utilities.c +@@ -876,7 +876,7 @@ printsub (char direction, unsigned char + fprintf (NetTrace, "INFO "); + env_common: + { +- register int noquote = 2; ++ const char *quote = ""; + #if defined ENV_HACK && defined OLD_ENVIRON + extern int old_env_var, old_env_value; + #endif +@@ -891,15 +891,15 @@ printsub (char direction, unsigned char + { + # ifdef ENV_HACK + if (old_env_var == OLD_ENV_VALUE) +- fprintf (NetTrace, "\" (VALUE) " + noquote); ++ fprintf (NetTrace, "%s(VALUE) ", quote); + else + # endif +- fprintf (NetTrace, "\" VAR " + noquote); ++ fprintf (NetTrace, "%sVAR ", quote); + } + else + #endif /* OLD_ENVIRON */ +- fprintf (NetTrace, "\" VALUE " + noquote); +- noquote = 2; ++ fprintf (NetTrace, "%sVALUE ", quote); ++ quote = ""; + break; + + case NEW_ENV_VAR: +@@ -909,47 +909,47 @@ printsub (char direction, unsigned char + { + # ifdef ENV_HACK + if (old_env_value == OLD_ENV_VAR) +- fprintf (NetTrace, "\" (VAR) " + noquote); ++ fprintf (NetTrace, "%s(VAR) ", quote); + else + # endif +- fprintf (NetTrace, "\" VALUE " + noquote); ++ fprintf (NetTrace, "%sVALUE ", quote); + } + else + #endif /* OLD_ENVIRON */ +- fprintf (NetTrace, "\" VAR " + noquote); +- noquote = 2; ++ fprintf (NetTrace, "%sVAR ", quote); ++ quote = ""; + break; + + case ENV_ESC: +- fprintf (NetTrace, "\" ESC " + noquote); +- noquote = 2; ++ fprintf (NetTrace, "%sESC ", quote); ++ quote = ""; + break; + + case ENV_USERVAR: +- fprintf (NetTrace, "\" USERVAR " + noquote); +- noquote = 2; ++ fprintf (NetTrace, "%sUSERVAR ", quote); ++ quote = ""; + break; + + default: + if (isprint (pointer[i]) && pointer[i] != '"') + { +- if (noquote) ++ if (quote[0] == '\0') + { + putc ('"', NetTrace); +- noquote = 0; ++ quote = "\" "; + } + putc (pointer[i], NetTrace); + } + else + { +- fprintf (NetTrace, "\" %03o " + noquote, ++ fprintf (NetTrace, "%s%03o ", quote, + pointer[i]); +- noquote = 2; ++ quote = ""; + } + break; + } + } +- if (!noquote) ++ if (quote[0] != '\0') + putc ('"', NetTrace); + break; + } +--- a/lib/argp-parse.c ++++ b/lib/argp-parse.c +@@ -154,7 +154,7 @@ argp_version_parser (int key, char *arg, + else if (argp_program_version) + fprintf (state->out_stream, "%s\n", argp_program_version); + else +- __argp_error (state, dgettext (state->root_argp->argp_domain, ++ __argp_error (state, "%s", dgettext (state->root_argp->argp_domain, + "(PROGRAM ERROR) No version known!?")); + if (! (state->flags & ARGP_NO_EXIT)) + exit (0); diff --git a/debian/patches/series b/debian/patches/series index ba4b0b9..43c0d1d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,3 +6,4 @@ 51_add_load_confdir_support.patch 62_inetd_change_ipv6_protocol_semantics.patch 70_ftbfs_non-linux.patch +71_ftbfs_format_security.patch diff --git a/debian/rules b/debian/rules index c27e00a..4911a56 100755 --- a/debian/rules +++ b/debian/rules @@ -10,13 +10,9 @@ else conf_gnu_type += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) endif -CFLAGS = -Wall -g - -ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS))) - CFLAGS += -O0 -else - CFLAGS += -O2 -endif +CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS) +CFLAGS = -Wall $(shell dpkg-buildflags --get CFLAGS) +LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS) # Override default upstream setuid mode, as they rejected this change. SUIDMODE="-o root -m 4755" @@ -61,7 +57,7 @@ build-indep: build-arch: debian/control config.status dh_testdir - $(MAKE) CFLAGS="$(CFLAGS)" + $(MAKE) CPPFLAGS="$(CPPFLAGS)" CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" build: build-indep build-arch |