From 17fef13bb8cd0283eb6d23a8661f08d118b918bf Mon Sep 17 00:00:00 2001
From: Joachim Wiedorn <ad_debian@joonet.de>
Date: Sun, 9 Jun 2013 21:15:23 +0200
Subject: [PATCH] Add CFLAGS and LDFLAGS for hardening

---
 debian/changelog                          |   4 +-
 debian/patches/11_add-compile-flags.patch | 170 ++++++++++++++++++++++
 debian/patches/series                     |   1 +
 debian/patches/ubuntu.series              |   1 +
 4 files changed, 175 insertions(+), 1 deletion(-)
 create mode 100644 debian/patches/11_add-compile-flags.patch

diff --git a/debian/changelog b/debian/changelog
index aa95228..b43c7c3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,8 +13,10 @@ lilo (1:24.0-1) unstable; urgency=low
     - Bump to Standards Version 3.9.4 (no changes).
     - Remove suggestion to package lilo-doc.
     - Move to debhelper >=9.
+  * Fix: add full support for CFLAGS and LDFLAGS
+      to support hardening flags.
 
- -- Joachim Wiedorn <ad_debian@joonet.de>  Fri, 07 Jun 2013 23:00:00 +0200
+ -- Joachim Wiedorn <ad_debian@joonet.de>  Sat, 08 Jun 2013 14:27:16 +0200
 
 lilo (1:23.2-4) unstable; urgency=medium
 
diff --git a/debian/patches/11_add-compile-flags.patch b/debian/patches/11_add-compile-flags.patch
new file mode 100644
index 0000000..406729c
--- /dev/null
+++ b/debian/patches/11_add-compile-flags.patch
@@ -0,0 +1,170 @@
+Package:     lio
+Subject:     add compile flags for hardening
+Author:      Joachim Wiedorn <ad_debian at joonet.de>
+Forwarded:   no
+Last-Update: 2013-06-08
+
+To support hardening CFLAGS and LDFLAGS must be used
+by compiler executions.
+---
+
+diff -urNa s10/src/Makefile s11/src/Makefile
+--- s10/src/Makefile	2013-06-07 22:44:13.000000000 +0200
++++ s11/src/Makefile	2013-06-08 13:16:36.415275904 +0200
+@@ -16,14 +16,14 @@
+ 
+ SHELL=/bin/sh
+ CC=gcc
+-CPP=$(CC) -E -P -ffreestanding
++CPP=$(CC) -E
+ AS86=as86 -0 -a
+ LD86=ld86 -0
+ NASM=nasm
+ G=`cat foo1 foo2 | grep version | cut -d " " -f 3`
+ 
+-CFLAGS=$(OPT) -Wall $(PCONFIG)
+-LDFLAGS=#-Xlinker -qmagic
++FREE=-P -ffreestanding
++CFLAGS=$(FREE) $(OPT) -Wall $(PCONFIG)
+ LIBS=$(DEVMAPPER)
+ 
+ OBJS=lilo.o raid.o map.o geometry.o boot.o device.o common.o bsect.o cfg.o \
+@@ -79,7 +79,7 @@
+ 	echo $(MAN_DIR)
+ 
+ .c.o:
+-		$(CC) -c $(CFLAGS) $*.c
++		$(CC) -c $(CPPFLAGS) $(CFLAGS) $*.c
+ 
+ .s.o:
+ 		$(AS86) -w -l $*.lis -o $*.o $*.s
+@@ -91,7 +91,7 @@
+ 		dd if=$*.img of=$*.b bs=32 skip=1
+ 
+ edit:		$(EDIT)
+-		$(CC) $(CFLAGS) -DSTANDALONE -o edit $(EDIT) $(LDFLAGS)
++		$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -DSTANDALONE -o edit $(EDIT)
+ 
+ loader.i:	mkloader first.b second.b third.b bitmap.b mbr.b chain.b mbr2.b
+ 		./mkloader >loader.i
+@@ -100,30 +100,30 @@
+ 		cp disk.b disk.com
+ 
+ disk.s:		disk.S read.S bdata.h biosdata.S lilo.h Makefile
+-		$(CPP) -traditional $(PCONFIG) -o disk.s  disk.S
++		$(CPP) $(CPPFLAGS) -traditional $(PCONFIG) -o disk.s  disk.S
+ 
+ mbr.s:		mbr.S lilo.h Makefile
+-		$(CPP) -traditional $(PCONFIG) -DMBR=0xafbbe760 \
++		$(CPP) $(CPPFLAGS) -traditional $(PCONFIG) -DMBR=0xafbbe760 \
+ 			-o mbr.s  mbr.S
+ 
+ mbr.b:		mbr.img
+ 		dd if=$*.img of=$*.b bs=32 skip=49
+ 
+ mbr2.s:		mbr.S lilo.h Makefile
+-		$(CPP) -traditional $(PCONFIG) -DMBX=0x93c00848 \
++		$(CPP) $(CPPFLAGS) -traditional $(PCONFIG) -DMBX=0x93c00848 \
+ 			-o mbr2.s  mbr.S
+ 
+ mbr2.b: mbr2.img
+ 	dd if=$*.img of=$*.b bs=32 skip=49
+ 
+ bootsect.s: bootsect.S disk.b
+-	$(CPP) -traditional $(PCONFIG) \
++	$(CPP) $(CPPFLAGS) -traditional $(PCONFIG) \
+ 		-DSIZEDISKB=`wc -c <disk.b | sed "s/ //g"` \
+ 		-o bootsect.s  bootsect.S
+ 
+ pseudo1.s: bootsect.S pseudo.S disk.com
+ 	cat bootsect.S pseudo.S >$(TMP).S
+-	$(CPP) -traditional $(PCONFIG) \
++	$(CPP) $(CPPFLAGS) -traditional $(PCONFIG) \
+ 		-DSIZEKRNL=`wc -c <disk.com | sed "s/ //g"` \
+ 		-DSIZEDISKB=512 -o pseudo1.s $(TMP).S
+ 	rm -f $(TMP).S
+@@ -131,7 +131,7 @@
+ pseudo2.s: bootsect.S pseudo.S
+ 	$(MAKE) -C ../diagnose all
+ 	cat bootsect.S pseudo.S >$(TMP).S
+-	$(CPP) -traditional $(PCONFIG) \
++	$(CPP) $(CPPFLAGS) -traditional $(PCONFIG) \
+ 		-DSIZEKRNL=`wc -c <../diagnose/test4.com | sed "s/ //g"` \
+ 		-DSIZEDISKB=512 -o pseudo2.s $(TMP).S
+ 	rm -f $(TMP).S
+@@ -139,7 +139,7 @@
+ pseudo3.s: bootsect.S pseudo.S
+ 	$(MAKE) -C ../diagnose all
+ 	cat bootsect.S pseudo.S >$(TMP).S
+-	$(CPP) -traditional $(PCONFIG) \
++	$(CPP) $(CPPFLAGS) -traditional $(PCONFIG) \
+ 		-DSIZEKRNL=`wc -c <../diagnose/test5.com | sed "s/ //g"` \
+ 		-DSIZEDISKB=512 -o pseudo3.s $(TMP).S
+ 	rm -f $(TMP).S
+@@ -176,13 +176,13 @@
+ 		cp -p dparam.S dparam.s
+ 
+ lilo:		$(OBJS)
+-		$(CC) -o lilo $(LDFLAGS) $(OBJS) $(LIBS)
++		$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o lilo $(OBJS) $(LIBS)
+ 
+ lilo.static:	$(OBJS)
+-		$(CC) -o lilo.static -static $(LDFLAGS) $(OBJS) $(LIBS)
++		$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o lilo.static -static $(OBJS) $(LIBS)
+ 
+ common.s:	common.h
+-		$(CPP) -C -traditional -DLILO_ASM -o common.s common.h
++		$(CPP) $(CPPFLAGS) -C -traditional -DLILO_ASM -o common.s common.h
+ 
+ bitmap.o: bitmap.s common.s
+ third.o: third.s common.s
+@@ -191,25 +191,25 @@
+ chain.o: chain.s common.s
+ 
+ first.s:	first.S lilo.h version.h Makefile
+-		$(CPP) $(PCONFIG) -DFIRST=0x62177489 -o first.s first.S
++		$(CPP) $(CPPFLAGS) $(PCONFIG) -DFIRST=0x62177489 -o first.s first.S
+ 
+ second.s:	second.S read.S volume.S mapper.S biosdata.S shs3.S bdata.h lilo.h version.h \
+ 			graph.S menu.S strlen.S bitmap.S crt.S display4.S Makefile
+-		$(CPP) $(PCONFIG) -DTEXT=0x9dd476ec second.S -o second.s
++		$(CPP) $(CPPFLAGS) $(PCONFIG) -DTEXT=0x9dd476ec second.S -o second.s
+ 
+ third.s:	second.S read.S volume.S mapper.S biosdata.S shs3.S bdata.h lilo.h version.h \
+ 			graph.S menu.S strlen.S bitmap.S crt.S display4.S Makefile
+-		$(CPP) $(PCONFIG) -DMENU=0x2012a4a7 second.S -o third.s
++		$(CPP) $(CPPFLAGS) $(PCONFIG) -DMENU=0x2012a4a7 second.S -o third.s
+ 
+ bitmap.s:	second.S read.S volume.S mapper.S biosdata.S shs3.S bdata.h lilo.h version.h \
+ 			graph.S menu.S strlen.S bitmap.S crt.S display4.S Makefile
+-		$(CPP) $(PCONFIG) -DBITMAP=0x2ece2fbe second.S -o bitmap.s
++		$(CPP) $(CPPFLAGS) $(PCONFIG) -DBITMAP=0x2ece2fbe second.S -o bitmap.s
+ 
+ chain.s:	chain.S lilo.h version.h first.b Makefile
+-		$(CPP) $(PCONFIG) -DCHAIN=0x536a7646 chain.S -o chain.s
++		$(CPP) $(CPPFLAGS) $(PCONFIG) -DCHAIN=0x536a7646 chain.S -o chain.s
+ 
+ xxx.s:		chain.S lilo.h Makefile
+-		$(CPP) chain.S -DXXX -o xxx.s
++		$(CPP) $(CPPFLAGS) chain.S -DXXX -o xxx.s
+ 
+ $(OBJS):	Makefile
+ 
+@@ -254,14 +254,14 @@
+ 
+ dep:
+ 	sed '/\#\#\# Dependencies/q' <Makefile >tmp_make
+-	$(CPP) $(CFLAGS) -MM *.c >>tmp_make
++	$(CPP) $(CFLAGS) $(CPPFLAGS) -MM *.c >>tmp_make
+ 	mv tmp_make Makefile
+ 
+ version:	common.c lilo.h common.h
+-	$(CC) $(CFLAGS) -DSHS_MAIN -o version common.c
++	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -DSHS_MAIN -o version common.c
+ 
+ mkloader:	temp.c
+-	$(CC) $(CFLAGS) -DLILO_BINARY -o mkloader temp.c
++	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -DLILO_BINARY -o mkloader temp.c
+ 
+ 
+ tidy:
diff --git a/debian/patches/series b/debian/patches/series
index 67043c9..d5b7580 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@
 08_install-also-dat-files.patch
 09_use-of-newer-debhelper.patch
 10_fix-src-makefile.patch
+11_add-compile-flags.patch
diff --git a/debian/patches/ubuntu.series b/debian/patches/ubuntu.series
index 7e09052..55c1ac5 100644
--- a/debian/patches/ubuntu.series
+++ b/debian/patches/ubuntu.series
@@ -7,3 +7,4 @@
 08_install-also-dat-files.patch
 09_use-of-newer-debhelper.patch
 10_fix-src-makefile.patch
+11_add-compile-flags.patch
-- 
2.39.2