From c895765a02447d3f49ba446f7861dd2e02d23401 Mon Sep 17 00:00:00 2001
From: Benjamin Barenblat <bbaren@mit.edu>
Date: Tue, 10 Mar 2015 19:44:41 -0400
Subject: Harden build

---
 debian/patches/harden.diff | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 debian/patches/harden.diff

(limited to 'debian/patches/harden.diff')

diff --git a/debian/patches/harden.diff b/debian/patches/harden.diff
new file mode 100644
index 00000000..13c6068b
--- /dev/null
+++ b/debian/patches/harden.diff
@@ -0,0 +1,21 @@
+From: Benjamin Barenblat <bbaren@mit.edu>
+Subject: Remove build flags which impede hardening
+Forwarded: no
+
+Vanilla urweb builds with -Wno-format-security and -U_FORTIFY_SOURCE.
+Apparently, upstream added the former to cope with difficulties building on
+OS X [1] and the latter to improve performance [2].
+
+[1] http://hg.impredicative.com/urweb/rev/3d0cc841cafd
+[2] http://hg.impredicative.com/urweb/rev/126d24ef6678
+--- a/src/c/Makefile.am
++++ b/src/c/Makefile.am
+@@ -7,7 +7,7 @@ liburweb_fastcgi_la_SOURCES = fastcgi.c
+ liburweb_static_la_SOURCES = static.c
+ 
+ AM_CPPFLAGS = -I$(srcdir)/../../include/urweb $(OPENSSL_INCLUDES)
+-AM_CFLAGS = -Wimplicit -Wall -Werror -Wno-format-security -Wno-deprecated-declarations -U_FORTIFY_SOURCE $(PTHREAD_CFLAGS)
++AM_CFLAGS = -Wimplicit -Wall -Werror -Wno-deprecated-declarations $(PTHREAD_CFLAGS)
+ liburweb_la_LDFLAGS = $(AM_LDFLAGS) $(OPENSSL_LDFLAGS)
+ liburweb_la_LIBADD = $(PTHREAD_LIBS) -lm $(OPENSSL_LIBS)
+ liburweb_http_la_LIBADD = liburweb.la
-- 
cgit v1.2.3