diff --git a/debian/patches/0013-enable-hardening-for-helpers.patch b/debian/patches/0013-enable-hardening-for-helpers.patch index 10d2c6c..4ba4902 100644 --- a/debian/patches/0013-enable-hardening-for-helpers.patch +++ b/debian/patches/0013-enable-hardening-for-helpers.patch @@ -2,19 +2,48 @@ From: Andrej Shadura Date: Thu, 18 Jul 2019 13:00:01 -0300 Subject: Add $(CPPFLAGS), $(CFLAGS) and $(LDFLAGS) to $(COMPILE_FOR_BUILD) so that helpers are built with hardening ---- - src/Makefile.am | 1 + - 1 file changed, 1 insertion(+) +Author: Andrej Shadura +But don't leak host CFLAGS into build compiler invocation + +Author: Helmut Grohne +Bug-Debian: https://bugs.debian.org/1057339 +--- + configure.ac | 6 ++++++ + src/Makefile.am | 1 + + 2 files changed, 7 insertions(+) + +diff --git a/configure.ac b/configure.ac +index ef75632..61d76f2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -15,11 +15,17 @@ AC_SYS_LARGEFILE + AC_MSG_CHECKING([for build system compiler]) + if test "$cross_compiling" = yes; then + CC_FOR_BUILD=${CC_FOR_BUILD-cc} ++ CFLAGS_FOR_BUILD=${CFLAGS_FOR_BUILD-} ++ CPPFLAGS_FOR_BUILD=${CPPFLAGS_FOR_BUILD-} + else + CC_FOR_BUILD=${CC} ++ CFLAGS_FOR_BUILD=${CFLAGS} ++ CPPFLAGS_FOR_BUILD=${CPPFLAGS} + fi + AC_MSG_RESULT(${CC_FOR_BUILD}) + AC_SUBST(CC_FOR_BUILD) ++AC_SUBST(CFLAGS_FOR_BUILD) ++AC_SUBST(CPPFLAGS_FOR_BUILD) + + AC_MSG_CHECKING([for __attribute__((__alias__()))]) + dash_cv_have_attribute_alias=no diff --git a/src/Makefile.am b/src/Makefile.am -index 1732465..2c437bb 100644 +index 1732465..4d37f20 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -12,6 +12,7 @@ AM_CPPFLAGS_FOR_BUILD = $(COMMON_CPPFLAGS) COMPILE_FOR_BUILD = \ $(CC_FOR_BUILD) $(DEFAULT_INCLUDES) $(AM_CPPFLAGS_FOR_BUILD) \ $(CPPFLAGS_FOR_BUILD) \ -+ $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) \ ++ $(LDFLAGS) \ $(AM_CFLAGS_FOR_BUILD) $(CFLAGS_FOR_BUILD) bin_PROGRAMS = dash diff --git a/debian/patches/0022-Dont-leak-host-CFLAGS.patch b/debian/patches/0022-Dont-leak-host-CFLAGS.patch deleted file mode 100644 index 92f9c9a..0000000 --- a/debian/patches/0022-Dont-leak-host-CFLAGS.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: Helmut Grohne -Date: Mon, 4 Dec 2023 16:31:02 +0100 -Subject: Don't leak host CFLAGS into build compiler invocation - -Bug-Debian: https://bugs.debian.org/1057339 ---- - configure.ac | 6 ++++++ - src/Makefile.am | 2 +- - 2 files changed, 7 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 648f3d4..8fd365b 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -15,11 +15,17 @@ AC_SYS_LARGEFILE - AC_MSG_CHECKING([for build system compiler]) - if test "$cross_compiling" = yes; then - CC_FOR_BUILD=${CC_FOR_BUILD-cc} -+ CFLAGS_FOR_BUILD=${CFLAGS_FOR_BUILD-} -+ CPPFLAGS_FOR_BUILD=${CPPFLAGS_FOR_BUILD-} - else - CC_FOR_BUILD=${CC} -+ CFLAGS_FOR_BUILD=${CFLAGS} -+ CPPFLAGS_FOR_BUILD=${CPPFLAGS} - fi - AC_MSG_RESULT(${CC_FOR_BUILD}) - AC_SUBST(CC_FOR_BUILD) -+AC_SUBST(CFLAGS_FOR_BUILD) -+AC_SUBST(CPPFLAGS_FOR_BUILD) - - AC_MSG_CHECKING([for __attribute__((__alias__()))]) - dash_cv_have_attribute_alias=no -diff --git a/src/Makefile.am b/src/Makefile.am -index 2c437bb..4d37f20 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -12,7 +12,7 @@ AM_CPPFLAGS_FOR_BUILD = $(COMMON_CPPFLAGS) - COMPILE_FOR_BUILD = \ - $(CC_FOR_BUILD) $(DEFAULT_INCLUDES) $(AM_CPPFLAGS_FOR_BUILD) \ - $(CPPFLAGS_FOR_BUILD) \ -- $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) \ -+ $(LDFLAGS) \ - $(AM_CFLAGS_FOR_BUILD) $(CFLAGS_FOR_BUILD) - - bin_PROGRAMS = dash diff --git a/debian/patches/series b/debian/patches/series index 7480d31..16fdefd 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -10,5 +10,4 @@ 0019-builtin-Actually-accept-ulimit-r.patch 0020-Update-manpages.patch 0021-jobs-Implement-pipefail-option.patch -0022-Dont-leak-host-CFLAGS.patch 9001-Add-privmode.diff