diff options
Diffstat (limited to 'debian/patches')
-rw-r--r-- | debian/patches/harden.diff | 21 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 22 insertions, 0 deletions
diff --git a/debian/patches/harden.diff b/debian/patches/harden.diff new file mode 100644 index 00000000..13c6068b --- /dev/null +++ b/debian/patches/harden.diff @@ -0,0 +1,21 @@ +From: Benjamin Barenblat <bbaren@mit.edu> +Subject: Remove build flags which impede hardening +Forwarded: no + +Vanilla urweb builds with -Wno-format-security and -U_FORTIFY_SOURCE. +Apparently, upstream added the former to cope with difficulties building on +OS X [1] and the latter to improve performance [2]. + +[1] http://hg.impredicative.com/urweb/rev/3d0cc841cafd +[2] http://hg.impredicative.com/urweb/rev/126d24ef6678 +--- a/src/c/Makefile.am ++++ b/src/c/Makefile.am +@@ -7,7 +7,7 @@ liburweb_fastcgi_la_SOURCES = fastcgi.c + liburweb_static_la_SOURCES = static.c + + AM_CPPFLAGS = -I$(srcdir)/../../include/urweb $(OPENSSL_INCLUDES) +-AM_CFLAGS = -Wimplicit -Wall -Werror -Wno-format-security -Wno-deprecated-declarations -U_FORTIFY_SOURCE $(PTHREAD_CFLAGS) ++AM_CFLAGS = -Wimplicit -Wall -Werror -Wno-deprecated-declarations $(PTHREAD_CFLAGS) + liburweb_la_LDFLAGS = $(AM_LDFLAGS) $(OPENSSL_LDFLAGS) + liburweb_la_LIBADD = $(PTHREAD_LIBS) -lm $(OPENSSL_LIBS) + liburweb_http_la_LIBADD = liburweb.la diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 00000000..7e2a646c --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +harden.diff |