#1099019 ace: actually build with hardening flags and enable branch protection

Package:
src:ace
Source:
src:ace
Submitter:
Emanuele Rocca
Date:
2025-02-27 14:15:03 UTC
Severity:
normal
Tags:
#1099019#5
Date:
2025-02-27 10:55:26 UTC
From:
To:
Hi,

ace currently does not use the flags set by dpkg-buildflags, despite
obviously wanting to do so in d/rules. The reason is that the upstream
build system is using CCFLAGS instead of CXXFLAGS.

Please consider applying the following patch to actually build with hardening
flags, and enable branch protection.

Thanks!
  Emanuele

diff --git a/debian/rules b/debian/rules
index a1da33b..5e37786 100755
--- a/debian/rules
+++ b/debian/rules
@@ -9,11 +9,10 @@
 # Copyright © 2010-2014 Johnny Willemsen <jwillemsen@remedy.nl>

 #export DEB_BUILD_MAINT_OPTIONS = hardening=+all
-export DEB_BUILD_MAINT_OPTIONS = hardening=+format,+fortify,+stackprotector,+relro,+bindnow
+export DEB_BUILD_MAINT_OPTIONS = hardening=+format,+fortify,+stackprotector,+relro,+bindnow,+branch
 DPKG_EXPORT_BUILDFLAGS = 1
 include /usr/share/dpkg/buildflags.mk
-export DEB_CFLAGS_MAINT_APPEND = $(CPPFLAGS)
-export DEB_CXXFLAGS_MAINT_APPEND = $(CPPFLAGS)
+export CCFLAGS = $(CXXFLAGS)
 export DEB_CPPFLAGS_MAINT_APPEND = -g

 MWCFLAGS := -type gnuace -noreldefs
#1099019#10
Date:
2025-02-27 13:35:54 UTC
From:
To:
Hi,

The debian build files are stored upstream at
https://github.com/DOCGroup/ACE_TAO/tree/master/ACE/debian. I recommend
to open pull requests with the proposed patches there.

Johnny
#1099019#15
Date:
2025-02-27 13:35:54 UTC
From:
To:
Hi,

The debian build files are stored upstream at
https://github.com/DOCGroup/ACE_TAO/tree/master/ACE/debian. I recommend
to open pull requests with the proposed patches there.

Johnny