[libgsf] Updated debianisation

[J.H.M. Dassen (Ray) <jdassen src gnome org>]

commit 0f3ba71d5c6a09ee789334d3aefa6647e5e5e70a
Author: J.H.M. Dassen (Ray) <jdassen debian org>
Date:   Sat Feb 19 12:02:01 2011 +0100

    Updated debianisation

 debian/changelog           |    8 ++++++++
 debian/control             |    2 +-
 debian/patches/git-eb38dfc |   21 +++++++++++++++++++++
 debian/patches/series      |    1 +
 debian/rules               |    5 +++++
 5 files changed, 36 insertions(+), 1 deletions(-)
---
diff --git a/debian/changelog b/debian/changelog
index 64c7cd1..084d994 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+libgsf (1.14.19-3) unstable; urgency=low
+
+  * [debian/control, debian/rules] Harden build.
+  * [debian/patches/git-eb38dfc] Backport patch to address format issue
+    highlighted by hardened build.
+
+ -- J.H.M. Dassen (Ray) <jdassen debian org>  Sat, 19 Feb 2011 11:43:59 +0100
+
 libgsf (1.14.19-2) unstable; urgency=low
 
   * [debian/libgsf-1-114.symbols, debian/libgsf-gnome-1-114.symbols] New.
diff --git a/debian/control b/debian/control
index 33366e5..005e7c6 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: libgsf
 Section: libs
 Priority: optional
 Maintainer: J.H.M. Dassen (Ray) <jdassen debian org>
-Build-Depends: debhelper (>= 7.0.0), dh-buildinfo,
+Build-Depends: debhelper (>= 7.0.0), dh-buildinfo, hardening-includes,
  gtk-doc-tools (>= 1.2-1.2), 
  libglib2.0-dev (>= 2.16.1), libglib2.0-doc, libxml2-dev (>= 2.6.10),
  libgtk2.0-dev, libbonobo2-dev (>= 2.6.0-2), libgnomevfs2-dev (>= 2.6.1.1-3),
diff --git a/debian/patches/git-eb38dfc b/debian/patches/git-eb38dfc
new file mode 100644
index 0000000..7c962fe
--- /dev/null
+++ b/debian/patches/git-eb38dfc
@@ -0,0 +1,21 @@
+commit eb38dfc2b7337e1a729f6e250c421b79dc52e38b
+Author: J.H.M. Dassen (Ray) <jdassen debian org>
+Date:   Sat Feb 19 10:20:36 2011 +0100
+
+    Fix gsf_output_set_error call
+    gsf_output_set_error uses printf-style formats. This change fixes an "error:
+    format not a string literal and no format arguments" during hardened builds.
+
+diff --git a/gsf-gnome/gsf-output-bonobo.c b/gsf-gnome/gsf-output-bonobo.c
+index 87831e1..e88a345 100644
+--- a/gsf-gnome/gsf-output-bonobo.c
++++ b/gsf-gnome/gsf-output-bonobo.c
+@@ -94,7 +94,7 @@ gsf_output_bonobo_seek (GsfOutput *output, gsf_off_t offset,
+ 		(bonobo->stream, offset, bwhence, &ev);
+ 	if (BONOBO_EX (&ev)) {
+ 		gsf_output_set_error (output, 0,
+-			bonobo_exception_get_text (&ev));
++			"%s", bonobo_exception_get_text (&ev));
+ 		CORBA_exception_free (&ev);
+ 		return FALSE;
+ 	}
diff --git a/debian/patches/series b/debian/patches/series
index 636ad80..db55b4f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 refresh-config-sub-guess-1.14.19-1
+git-eb38dfc
diff --git a/debian/rules b/debian/rules
index ddf659c..599fefe 100755
--- a/debian/rules
+++ b/debian/rules
@@ -5,6 +5,8 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
+include /usr/share/hardening-includes/hardening.make
+
 ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
 	CFLAGS += -O0
 else
@@ -14,6 +16,9 @@ ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
 	INSTALL_PROGRAM += -s
 endif
 
+CFLAGS += $(HARDENING_CFLAGS)
+LDFLAGS += $(HARDENING_LDFLAGS)
+
 # Ensure the build aborts when there are still references to undefined
 # symbols.
 LDFLAGS += -Wl,-z,defs