diff options
| author |  Benjamin Barenblat <bbaren@mit.edu> | 2015-03-10 19:44:41 -0400 |
|---|---|---|
| committer | Benjamin Barenblat <bbaren@mit.edu> | 2015-03-10 19:44:41 -0400 |
| commit | c895765a02447d3f49ba446f7861dd2e02d23401 (patch) | |
| tree | 22554622b3f9b1f0744f34393bb632e55d3c3a7b | |
| parent | 1a6c47ce83b8d962a5e70c9260ebba2d4f9c5118 (diff) | |
Harden build
| -rw-r--r-- | debian/patches/harden.diff | 21 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
2 files changed, 22 insertions, 0 deletions
diff --git a/debian/patches/harden.diff b/debian/patches/harden.diff new file mode 100644 index 00000000..13c6068b --- /dev/null +++ b/debian/patches/harden.diff @@ -0,0 +1,21 @@ +From: Benjamin Barenblat <bbaren@mit.edu> +Subject: Remove build flags which impede hardening +Forwarded: no + +Vanilla urweb builds with -Wno-format-security and -U_FORTIFY_SOURCE. +Apparently, upstream added the former to cope with difficulties building on +OS X [1] and the latter to improve performance [2]. + +[1] http://hg.impredicative.com/urweb/rev/3d0cc841cafd +[2] http://hg.impredicative.com/urweb/rev/126d24ef6678 +--- a/src/c/Makefile.am ++++ b/src/c/Makefile.am +@@ -7,7 +7,7 @@ liburweb_fastcgi_la_SOURCES = fastcgi.c + liburweb_static_la_SOURCES = static.c + + AM_CPPFLAGS = -I$(srcdir)/../../include/urweb $(OPENSSL_INCLUDES) +-AM_CFLAGS = -Wimplicit -Wall -Werror -Wno-format-security -Wno-deprecated-declarations -U_FORTIFY_SOURCE $(PTHREAD_CFLAGS) ++AM_CFLAGS = -Wimplicit -Wall -Werror -Wno-deprecated-declarations $(PTHREAD_CFLAGS) + liburweb_la_LDFLAGS = $(AM_LDFLAGS) $(OPENSSL_LDFLAGS) + liburweb_la_LIBADD = $(PTHREAD_LIBS) -lm $(OPENSSL_LIBS) + liburweb_http_la_LIBADD = liburweb.la diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 00000000..7e2a646c --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +harden.diff |