summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog8
-rw-r--r--debian/patches/series1
-rw-r--r--debian/patches/use-dpkg-buildflags.patch39
-rwxr-xr-xdebian/rules4
4 files changed, 50 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index 5f134ba..6f0cacc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+openvpn (2.2.1-7) unstable; urgency=low
+
+ * Add dpkg-buildflags call on plugins built too.
+ Thanks Simon Ruderich for finding out, the nice patch and
+ clarification. (Closes: #655130)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 16 Mar 2012 10:49:28 +0100
+
openvpn (2.2.1-6) unstable; urgency=low
* /run transition: Replaced usage of /dev/.udev with /run/udev,
diff --git a/debian/patches/series b/debian/patches/series
index 0ef7026..b85da2b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@ ipv6-payload.patch
kfreebsd_support.patch
accommodate_typo.patch
manpage_fixes.patch
+use-dpkg-buildflags.patch
diff --git a/debian/patches/use-dpkg-buildflags.patch b/debian/patches/use-dpkg-buildflags.patch
new file mode 100644
index 0000000..72c0ec2
--- /dev/null
+++ b/debian/patches/use-dpkg-buildflags.patch
@@ -0,0 +1,39 @@
+Description: Use build flags from environment for plugins (dpkg-buildflags).
+ Necessary for hardening flags.
+Author: Simon Ruderich <simon@ruderich.org>
+Last-Update: 2012-03-16
+
+--- openvpn-2.2.1.orig/plugin/auth-pam/Makefile
++++ openvpn-2.2.1/plugin/auth-pam/Makefile
+@@ -18,13 +18,13 @@ INCLUDE=-I../..
+ CC_FLAGS=-O2 -Wall -DDLOPEN_PAM=$(DLOPEN_PAM)
+
+ openvpn-auth-pam.so : auth-pam.o pamdl.o
+- gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM)
++ gcc ${CFLAGS} ${CC_FLAGS} ${LDFLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM)
+
+ auth-pam.o : auth-pam.c pamdl.h
+- gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} auth-pam.c
++ gcc ${CFLAGS} ${CC_FLAGS} ${CPPFLAGS} -fPIC -c ${INCLUDE} auth-pam.c
+
+ pamdl.o : pamdl.c pamdl.h
+- gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} pamdl.c
++ gcc ${CFLAGS} ${CC_FLAGS} ${CPPFLAGS} -fPIC -c ${INCLUDE} pamdl.c
+
+ clean :
+ rm -f *.o *.so
+--- openvpn-2.2.1.orig/plugin/down-root/Makefile
++++ openvpn-2.2.1/plugin/down-root/Makefile
+@@ -8,10 +8,10 @@ INCLUDE=-I../..
+ CC_FLAGS=-O2 -Wall
+
+ down-root.so : down-root.o
+- gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc
++ gcc ${CFLAGS} ${CC_FLAGS} ${LDFLAGS} -fPIC -shared -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc
+
+ down-root.o : down-root.c
+- gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} down-root.c
++ gcc ${CFLAGS} ${CC_FLAGS} ${CPPFLAGS} -fPIC -c ${INCLUDE} down-root.c
+
+ clean :
+ rm -f *.o *.so
diff --git a/debian/rules b/debian/rules
index 7b67808..ef1c3fd 100755
--- a/debian/rules
+++ b/debian/rules
@@ -21,8 +21,8 @@ override_dh_auto_build:
# The one shipped in the tarball gets rebuild (chaging /bin/sh in some cases)
sed -i -e '1s%.*%#!/bin/sh%' t_client.sh
# make plugins
- $(MAKE) -C plugin/auth-pam/
- $(MAKE) -C plugin/down-root/
+ $(MAKE) -C plugin/auth-pam/ $(shell dpkg-buildflags --export=configure)
+ $(MAKE) -C plugin/down-root/ $(shell dpkg-buildflags --export=configure)
# we may not want to run dh_auto_test
#override_dh_auto_test: