diff options
Diffstat (limited to 'debian/patches')
| -rw-r--r-- | debian/patches/500-buildflags.patch | 33 | ||||
| -rw-r--r-- | debian/patches/505-fix-viewer-desktop-file.patch | 26 | ||||
| -rw-r--r-- | debian/patches/hardening.patch | 38 | ||||
| -rw-r--r-- | debian/patches/libexec.patch | 16 | ||||
| -rw-r--r-- | debian/patches/series | 4 |
5 files changed, 117 insertions, 0 deletions
diff --git a/debian/patches/500-buildflags.patch b/debian/patches/500-buildflags.patch new file mode 100644 index 0000000..46cf411 --- /dev/null +++ b/debian/patches/500-buildflags.patch @@ -0,0 +1,33 @@ +Description: Poke requested Debian buildflags for hardening into Makefile +Author: Jörg Frings-Fürst <debian@jff-webhosting.net> +Last-Update: 2015-01-07 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/Makefile +=================================================================== +--- trunk.orig/Makefile ++++ trunk/Makefile +@@ -394,10 +394,11 @@ VALA_CFLAGS := `pkg-config --cflags $(EX + $(foreach def,$(DEFINES),-D$(def)) + + VALA_LDFLAGS := `pkg-config --libs $(EXT_PKGS) $(DIRECT_LIBS) gthread-2.0` ++VALA_LDFLAGS += -fPIE -pie -Wl,-z,relro -Wl,-z,now + + # REQUIRED_CFLAGS absolutely get appended to CFLAGS, whatever the + # the value of CFLAGS in the environment +-REQUIRED_CFLAGS := -fPIC ++REQUIRED_CFLAGS := -g -O2 -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 + + # setting CFLAGS in configure.mk overrides build type + ifndef CFLAGS +@@ -410,8 +411,8 @@ PLUGIN_CFLAGS = -O2 -g -pipe + endif + endif + +-CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS) +-PLUGIN_CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS) ++CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS) -fstack-protector-strong ++PLUGIN_CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS) -fPIC -fno-stack-protector + + # Required for gudev-1.0 + CFLAGS += -DG_UDEV_API_IS_SUBJECT_TO_CHANGE diff --git a/debian/patches/505-fix-viewer-desktop-file.patch b/debian/patches/505-fix-viewer-desktop-file.patch new file mode 100644 index 0000000..eeaa76c --- /dev/null +++ b/debian/patches/505-fix-viewer-desktop-file.patch @@ -0,0 +1,26 @@ +Description: Fix viewer desktop file + A typo in the Makefile, probably due to a quick copy/paste, results in an + incorrectly generated desktop file for the photo viewer. +Author: Raphaël Halimi <raphael.halimi@gmail.com> +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776745 +Bug: https://bugzilla.gnome.org/show_bug.cgi?id=743799 +Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=743799 +Last-Update: 2015-02-01 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/Makefile +=================================================================== +--- trunk.orig/Makefile ++++ trunk/Makefile +@@ -493,9 +493,8 @@ endif + misc/shotwell-viewer.desktop: misc/shotwell-viewer.desktop.head $(EXPANDED_CORE_PO_FILES) + cp misc/shotwell-viewer.desktop.head misc/shotwell-viewer.desktop + $(foreach lang,$(CORE_SUPPORTED_LANGUAGES), echo X-GNOME-FullName[$(lang)]=`TEXTDOMAINDIR=locale-langpack \ +- LANGUAGE=$(lang) gettext --domain=shotwell $(DESKTOP_APP_FULL_NAME)` \ +- echo X-GNOME-FullName[$(lang)]=`TEXTDOMAINDIR=locale-langpack LANGUAGE=$(lang) gettext \ +- --domain=shotwell $(DIRECT_EDIT_DESKTOP_APP_FULL_NAME)` >> misc/shotwell-viewer.desktop ; \ ++ LANGUAGE=$(lang) gettext --domain=shotwell $(DIRECT_EDIT_DESKTOP_APP_FULL_NAME)` \ ++ >> misc/shotwell-viewer.desktop ; \ + echo GenericName[$(lang)]=`TEXTDOMAINDIR=locale-langpack LANGUAGE=$(lang) gettext \ + --domain=shotwell $(DIRECT_EDIT_DESKTOP_APPLICATION_CLASS)` >> misc/shotwell-viewer.desktop ;) + ifndef DISABLE_DESKTOP_VALIDATE diff --git a/debian/patches/hardening.patch b/debian/patches/hardening.patch new file mode 100644 index 0000000..33d92a6 --- /dev/null +++ b/debian/patches/hardening.patch @@ -0,0 +1,38 @@ +Description: pass compiler flags set in debian/rules to compiler +Author: Devid Antonio Filoni <d.filoni@ubuntu.com> + +Index: trunk/Makefile +=================================================================== +--- trunk.orig/Makefile 2014-10-09 12:18:23.260829459 +0200 ++++ trunk/Makefile 2014-10-09 12:18:23.252829340 +0200 +@@ -35,7 +35,7 @@ + LOCAL_LANG_DIR=locale-langpack + SYSTEM_LANG_DIR := $(DESTDIR)$(PREFIX)/share/locale + +-VALAFLAGS := -g --enable-checking --target-glib=2.32 --thread --fatal-warnings --enable-experimental --enable-deprecated $(USER_VALAFLAGS) ++VALAFLAGS := $(foreach w,$(CPPFLAGS) $(CFLAGS) $(LDFLAGS),-X $(w)) --enable-checking --target-glib=2.32 --thread --enable-experimental --enable-deprecated $(USER_VALAFLAGS) + ifdef UNITY_SUPPORT + VALAFLAGS := $(VALAFLAGS) --define UNITY_SUPPORT + endif +@@ -671,7 +671,7 @@ + @ + + $(EXPANDED_OBJ_FILES): %.o: %.c $(CONFIG_IN) Makefile +- $(CC) -c $(VALA_CFLAGS) $(CFLAGS) -o $@ $< ++ $(CC) -c $(VALA_CFLAGS) $(CPPFLAGS) $(CFLAGS) -o $@ $< + + $(PROGRAM): $(EXPANDED_OBJ_FILES) $(RESOURCES) $(LANG_STAMP) $(THUMBNAILER_BIN) misc/gschemas.compiled $(DOC_LANG_STAMP) + $(CC) $(EXPANDED_OBJ_FILES) $(CFLAGS) $(LDFLAGS) $(RESOURCES) $(VALA_LDFLAGS) $(EXPORT_FLAGS) -o $@ +Index: trunk/plugins/Makefile.plugin.mk +=================================================================== +--- trunk.orig/plugins/Makefile.plugin.mk 2014-10-09 12:18:23.260829459 +0200 ++++ trunk/plugins/Makefile.plugin.mk 2014-10-09 12:19:22.945701585 +0200 +@@ -41,7 +41,7 @@ + all: $(PLUGIN).so + + .stamp: $(SRC_FILES) $(MAKE_FILES) $(HEADER_FILES) +- $(VALAC) --target-glib=$(MIN_GLIB_VERSION) -g --enable-checking --fatal-warnings --save-temps --compile --enable-deprecated \ ++ $(VALAC) --target-glib=$(MIN_GLIB_VERSION) -g --enable-checking --save-temps --compile --enable-deprecated \ + --vapidir=../ $(foreach pkg,$(PKGS),--pkg=$(pkg)) $(foreach pkg,$(CUSTOM_VAPI_PKGS),--pkg=$(pkg)) \ + -X -I../.. -X -fPIC \ + $(foreach dfn,$(DEFINES),-X $(dfn)) \ diff --git a/debian/patches/libexec.patch b/debian/patches/libexec.patch new file mode 100644 index 0000000..0e06218 --- /dev/null +++ b/debian/patches/libexec.patch @@ -0,0 +1,16 @@ +Description: do not install files in libexec directory +Author: Luca Falavigna <dktrkranz@debian.org> + +Index: shotwell-0.15.0/Makefile +=================================================================== +--- shotwell-0.15.0.orig/Makefile 2013-10-13 09:51:58.893357001 +0200 ++++ shotwell-0.15.0/Makefile 2013-10-13 09:54:33.885361749 +0200 +@@ -27,7 +27,7 @@ + + -include configure.mk + ifndef LIBEXECDIR +-LIBEXECDIR=$(PREFIX)/libexec/shotwell ++LIBEXECDIR=$(PREFIX)/share/shotwell + endif + + CORE_SUPPORTED_LANGUAGES=$(shell cat po/LINGUAS) diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..782add2 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,4 @@ +500-buildflags.patch +505-fix-viewer-desktop-file.patch +hardening.patch +libexec.patch |