diff options
Diffstat (limited to 'debian/patches/harden.diff')
| -rw-r--r-- | debian/patches/harden.diff | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/debian/patches/harden.diff b/debian/patches/harden.diff new file mode 100644 index 00000000..b0a368a5 --- /dev/null +++ b/debian/patches/harden.diff @@ -0,0 +1,21 @@ +From: Benjamin Barenblat <bbaren@mit.edu> +Subject: Remove build flags which impede hardening +Forwarded: no + +Vanilla urweb builds with -Wno-format-security and -U_FORTIFY_SOURCE. +Apparently, upstream added the former to cope with difficulties building on +OS X [1] and the latter to improve performance [2]. + +[1] http://hg.impredicative.com/urweb/rev/3d0cc841cafd +[2] http://hg.impredicative.com/urweb/rev/126d24ef6678 +--- a/src/c/Makefile.am ++++ b/src/c/Makefile.am +@@ -7,7 +7,7 @@ liburweb_fastcgi_la_SOURCES = fastcgi.c + liburweb_static_la_SOURCES = static.c + + AM_CPPFLAGS = -I$(srcdir)/../../include/urweb $(OPENSSL_INCLUDES) +-AM_CFLAGS = -Wimplicit -Wall -Werror -Wno-format-security -Wno-deprecated-declarations -U_FORTIFY_SOURCE $(PTHREAD_CFLAGS) ++AM_CFLAGS = -Wimplicit -Wall -Werror -Wno-deprecated-declarations $(PTHREAD_CFLAGS) + liburweb_la_LDFLAGS = $(AM_LDFLAGS) $(OPENSSL_LDFLAGS) \ + -export-symbols-regex '^(client_pruner|pthread_create_big|strcmp_nullsafe|uw_.*)' + liburweb_la_LIBADD = $(PTHREAD_LIBS) -lm $(OPENSSL_LIBS) |