diff options
-rw-r--r-- | debian/changelog | 8 | ||||
-rw-r--r-- | debian/patches/series | 1 | ||||
-rw-r--r-- | debian/patches/use-dpkg-buildflags.patch | 39 | ||||
-rwxr-xr-x | debian/rules | 4 |
4 files changed, 50 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog index 5f134ba..6f0cacc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +openvpn (2.2.1-7) unstable; urgency=low + + * Add dpkg-buildflags call on plugins built too. + Thanks Simon Ruderich for finding out, the nice patch and + clarification. (Closes: #655130) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 16 Mar 2012 10:49:28 +0100 + openvpn (2.2.1-6) unstable; urgency=low * /run transition: Replaced usage of /dev/.udev with /run/udev, diff --git a/debian/patches/series b/debian/patches/series index 0ef7026..b85da2b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -8,3 +8,4 @@ ipv6-payload.patch kfreebsd_support.patch accommodate_typo.patch manpage_fixes.patch +use-dpkg-buildflags.patch diff --git a/debian/patches/use-dpkg-buildflags.patch b/debian/patches/use-dpkg-buildflags.patch new file mode 100644 index 0000000..72c0ec2 --- /dev/null +++ b/debian/patches/use-dpkg-buildflags.patch @@ -0,0 +1,39 @@ +Description: Use build flags from environment for plugins (dpkg-buildflags). + Necessary for hardening flags. +Author: Simon Ruderich <simon@ruderich.org> +Last-Update: 2012-03-16 + +--- openvpn-2.2.1.orig/plugin/auth-pam/Makefile ++++ openvpn-2.2.1/plugin/auth-pam/Makefile +@@ -18,13 +18,13 @@ INCLUDE=-I../.. + CC_FLAGS=-O2 -Wall -DDLOPEN_PAM=$(DLOPEN_PAM) + + openvpn-auth-pam.so : auth-pam.o pamdl.o +- gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM) ++ gcc ${CFLAGS} ${CC_FLAGS} ${LDFLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM) + + auth-pam.o : auth-pam.c pamdl.h +- gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} auth-pam.c ++ gcc ${CFLAGS} ${CC_FLAGS} ${CPPFLAGS} -fPIC -c ${INCLUDE} auth-pam.c + + pamdl.o : pamdl.c pamdl.h +- gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} pamdl.c ++ gcc ${CFLAGS} ${CC_FLAGS} ${CPPFLAGS} -fPIC -c ${INCLUDE} pamdl.c + + clean : + rm -f *.o *.so +--- openvpn-2.2.1.orig/plugin/down-root/Makefile ++++ openvpn-2.2.1/plugin/down-root/Makefile +@@ -8,10 +8,10 @@ INCLUDE=-I../.. + CC_FLAGS=-O2 -Wall + + down-root.so : down-root.o +- gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc ++ gcc ${CFLAGS} ${CC_FLAGS} ${LDFLAGS} -fPIC -shared -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc + + down-root.o : down-root.c +- gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} down-root.c ++ gcc ${CFLAGS} ${CC_FLAGS} ${CPPFLAGS} -fPIC -c ${INCLUDE} down-root.c + + clean : + rm -f *.o *.so diff --git a/debian/rules b/debian/rules index 7b67808..ef1c3fd 100755 --- a/debian/rules +++ b/debian/rules @@ -21,8 +21,8 @@ override_dh_auto_build: # The one shipped in the tarball gets rebuild (chaging /bin/sh in some cases) sed -i -e '1s%.*%#!/bin/sh%' t_client.sh # make plugins - $(MAKE) -C plugin/auth-pam/ - $(MAKE) -C plugin/down-root/ + $(MAKE) -C plugin/auth-pam/ $(shell dpkg-buildflags --export=configure) + $(MAKE) -C plugin/down-root/ $(shell dpkg-buildflags --export=configure) # we may not want to run dh_auto_test #override_dh_auto_test: |