Commit 7e991c8d authored by Chris Knadle's avatar Chris Knadle
Browse files

debian/patches: update 35-add-dpkg-buildflags.diff for mumble 1.3

parent 852096d8
Description: Add dpkg-buildflags hardening flags via QMake
https://wiki.debian.org/Hardening#Notes_for_packages_using_QMake
Note that the overlay intentionally disables the "-z,now" linker flag in
order to be able to resolve OpenGL symbols at runtime without linking
against a specific libGL implementation.
The overlay intentionally disables the "-z,now" linker flag in
order to be able to resolve OpenGL symbols at runtime without
linking against a specific libGL implementation.
Author: Christopher Knadle <Chris.Knadle@coredump.us>
Last-Updated: 2015-12-23
Last-Updated: 2018-09-18
--- a/compiler.pri
+++ b/compiler.pri
@@ -85,6 +85,11 @@
--- a/qmake/compiler.pri
+++ b/qmake/compiler.pri
@@ -216,6 +216,11 @@
unix {
unix|win32-g++ {
DEFINES *= RESTRICT=__restrict__
+ # Add Debian hardening flags via dpkg-buildflags
+ QMAKE_CPPFLAGS *= $(shell dpkg-buildflags --get CPPFLAGS)
+ QMAKE_CFLAGS *= $(shell dpkg-buildflags --get CFLAGS)
+ QMAKE_CXXFLAGS *= $(shell dpkg-buildflags --get CXXFLAGS)
+ QMAKE_LFLAGS *= $(shell dpkg-buildflags --get LDFLAGS)
QMAKE_CFLAGS *= -Wfatal-errors -fvisibility=hidden
QMAKE_CXXFLAGS *= -Wfatal-errors -fvisibility=hidden
!CONFIG(quiet-build-log) {
QMAKE_CFLAGS *= -fvisibility=hidden
QMAKE_CXXFLAGS *= -fvisibility=hidden
QMAKE_OBJECTIVE_CFLAGS *= -fvisibility=hidden
--- a/overlay_gl/overlay_gl.pro
+++ b/overlay_gl/overlay_gl.pro
@@ -8,6 +8,16 @@
VERSION = 1.2.19
SOURCES = overlay.c
LIBS *= -lrt -ldl
+# Add Debian hardening flags via dpkg-buildflags
+QMAKE_CPPFLAGS *= $(shell dpkg-buildflags --get CPPFLAGS)
+QMAKE_CFLAGS *= $(shell dpkg-buildflags --get CFLAGS)
+QMAKE_CXXFLAGS *= $(shell dpkg-buildflags --get CXXFLAGS)
+QMAKE_LFLAGS *= $(shell dpkg-buildflags --get LDFLAGS)
+#... but specifically remove "-z,now" because mumble-overlay (libmumble.so)
+# needs to be able to resolve OpenGL symbols at runtime rather than linking
+# to a specific libGL implementation
+QMAKE_LFLAGS -= -z,now
+#
QMAKE_CFLAGS *= -fvisibility=hidden $(CFLAGS_ADD)
QMAKE_LFLAGS -= -Wl,--no-undefined
QMAKE_LFLAGS *= $(LFLAGS_ADD)
@@ -24,6 +24,16 @@
linux* {
LIBS *= -lrt -ldl
}
+ # Add Debian hardening flags via dpkg-buildflags
+ QMAKE_CPPFLAGS *= $(shell dpkg-buildflags --get CPPFLAGS)
+ QMAKE_CFLAGS *= $(shell dpkg-buildflags --get CFLAGS)
+ QMAKE_CXXFLAGS *= $(shell dpkg-buildflags --get CXXFLAGS)
+ QMAKE_LFLAGS *= $(shell dpkg-buildflags --get LDFLAGS)
+ #... but specifically remove "-z,now" because mumble-overlay (libmumble.so)
+ # needs to be able to resolve OpenGL symbols at runtime rather than linking
+ # to a specific libGL implementation
+ QMAKE_LFLAGS -= -z,now
+ #
QMAKE_CFLAGS *= -fvisibility=hidden $(CFLAGS_ADD)
QMAKE_LFLAGS -= -Wl,--no-undefined
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment