* Enabled hardened build flags, thanks Moritz Muehlenhoff (closes: #657846)

* Packaging updates
  * Move to 3.0 (native) source format
  * Bump DH compat level to 8
* Fix ordering of stdio.h/syslog.h includes (closes: #707385)
* Create accounting_dir in init script if necessary (closes: #418156)
* Bump Standards-Version to 3.9.4.0
  * Add build-arch/build-indep targets to debian/rules
* Fix: compiling Warning

Makefile

@@ -10,20 +10,18 @@ DEFINES =
 DEFINES += -DLIBDIR='"$(libdir)"'
 DEFINES += -DETCDIR='"$(etcdir)"'
 
-OPTIM =
-OPTIM += -g
-OPTIM += -O3
+DEB_CFLAGS_MAINT_APPEND=-Wall -O3 -Wno-format-zero-length
 
 CC = gcc
 LD = gcc
 INCLUDES = -I.
-CPPFLAGS = $(INCLUDES) $(DEFINES)
-CFLAGS = -Wall -Wformat-security -Wno-format-zero-length $(OPTIM)
-LDFLAGS =
+CPPFLAGS = `dpkg-buildflags --get CPPFLAGS` $(INCLUDES) $(DEFINES)
+CFLAGS = `dpkg-buildflags --get CFLAGS`
+LDFLAGS = `dpkg-buildflags --get LDFLAGS`
 LDLIBS =
 INSTALL = install -c -D -o root -g root
 
-l2tpns.LIBS = -lm -lcli -ldl
+l2tpns.LIBS = -lcli -ldl
 
 OBJS = arp.o cli.o cluster.o constants.o control.o icmp.o l2tpns.o \
     ll.o md5.o ppp.o radius.o tbf.o util.o pppoe.o l2tplac.o

cli.c

@@ -1791,7 +1791,7 @@ static int cmd_uptime(struct cli_def *cli, const char *command, char **argv, int
 		return CLI_HELP_NO_ARGS;
 
 	fh = fopen("/proc/loadavg", "r");
-	fgets(buf, 100, fh);
+	p = fgets(buf, 100, fh);
 	fclose(fh);
 
 	for (i = 0; i < 3; i++)

debian/compat

@@ -1 +1 @@
-4
+8

debian/control

@@ -2,12 +2,12 @@ Source: l2tpns
 Section: net
 Priority: optional
 Maintainer: Jonathan McDowell <noodles@earth.li>
-Build-Depends: debhelper (>> 4), libcli-dev (>> 1.8.5)
-Standards-Version: 3.7.2.0
+Build-Depends: debhelper (>> 8), libcli-dev (>> 1.8.5)
+Standards-Version: 3.9.4.0
 
 Package: l2tpns
 Architecture: any
-Depends: ${shlibs:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}
 Description: layer 2 tunnelling protocol network server (LNS)
  l2tpns is a daemon designed to terminate large volumes of layer 2
  tunnelling protocol (RFC 2661: L2TP) sessions.

debian/init.d

@@ -19,6 +19,7 @@ DAEMON=/usr/sbin/l2tpns
 NAME=l2tpns
 DESC=l2tpns
 ARGS="-d"
+ACCTDIR=$(grep "set accounting_dir" /etc/l2tpns/startup-config | sed -e 's/.* "//' -e 's/".*//')
 
 test -f $DAEMON || exit 0
 
@@ -27,6 +28,9 @@ set -e
 case "$1" in
   start)
 	echo -n "Starting $DESC: "
+	if [ ! -d "$ACCTDIR" ]; then
+		mkdir -p "$ACCTDIR"
+	fi
 	start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
 		--exec $DAEMON -- $ARGS
 	echo "$NAME."

debian/preinst

@@ -1,13 +0,0 @@
-#! /bin/sh
-# preinst script for l2tpns
-
-set -e
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
-
-

debian/rules

@@ -2,9 +2,6 @@
 # Sample debian/rules that uses debhelper.
 # GNU copyright 1997 to 1999 by Joey Hess.
 
-ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
-	CFLAGS += -g
-endif
 ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
 	INSTALL_PROGRAM += -s
 endif
@@ -16,8 +13,9 @@ configure-stamp:
 
 	touch configure-stamp
 
-build: build-stamp
-
+build: build-arch build-indep
+build-arch: build-stamp
+build-indep: build-stamp
 build-stamp: configure-stamp 
 	dh_testdir
 
@@ -33,14 +31,14 @@ clean:
 	rm -f build-stamp configure-stamp
 
 	# Add here commands to clean up after the build process.
-	-$(MAKE) clean
+	[ ! -f Makefile ] || $(MAKE) clean
 
 	dh_clean
 
 install: build
 	dh_testdir
 	dh_testroot
-	dh_clean -k
+	dh_prep
 	dh_installdirs
 
 	$(MAKE) install DESTDIR=$(CURDIR)/debian/l2tpns

debian/source/format

@@ -0,0 +1 @@
+3.0 (native)

garden.c

@@ -157,7 +157,7 @@ int plugin_become_master(void)
     for (i = 0; up_commands[i] && *up_commands[i]; i++)
     {
 	f->log(3, 0, 0, "Running %s\n", up_commands[i]);
-	system(up_commands[i]);
+	int status = system(up_commands[i]);
     }
 
     return PLUGIN_RET_OK;
@@ -176,6 +176,7 @@ int garden_session(sessiont *s, int flag, char *newuser)
 {
     char cmd[2048];
     sessionidt sess;
+	int status;
 
     if (!s) return 0;
     if (!s->opened) return 0;
@@ -191,7 +192,7 @@ int garden_session(sessiont *s, int flag, char *newuser)
 	    f->fmtaddr(htonl(s->ip), 0));
 
 	f->log(3, sess, s->tunnel, "%s\n", cmd);
-	system(cmd);
+	status = system(cmd);
 	s->walled_garden = 1;
     }
     else
@@ -229,7 +230,7 @@ int garden_session(sessiont *s, int flag, char *newuser)
 	f->log(3, sess, s->tunnel, "%s\n", cmd);
 	while (--count)
 	{
-	    int status = system(cmd);
+	    status = system(cmd);
 	    if (WEXITSTATUS(status) != 0) break;
 	}
 
@@ -272,7 +273,7 @@ int plugin_init(struct pluginfuncs *funcs)
 	for (i = 0; down_commands[i] && *down_commands[i]; i++)
 	{
 	    f->log(3, 0, 0, "Running %s\n", down_commands[i]);
-	    system(down_commands[i]);
+	    int status = system(down_commands[i]);
 	}
     }
 
@@ -289,7 +290,7 @@ void plugin_done()
     for (i = 0; down_commands[i] && *down_commands[i]; i++)
     {
 	f->log(3, 0, 0, "Running %s\n", down_commands[i]);
-	system(down_commands[i]);
+	int status = system(down_commands[i]);
     }
 }
 

l2tpns.c

@@ -10,6 +10,7 @@
 #include <fcntl.h>
 #include <linux/if_tun.h>
 #define SYSLOG_NAMES
+#include <stdio.h>
 #include <syslog.h>
 #include <malloc.h>
 #include <net/route.h>
@@ -19,7 +20,6 @@
 #include <netinet/ip6.h>
 #include <stdarg.h>
 #include <stdlib.h>
-#include <stdio.h>
 #include <string.h>
 #include <ctype.h>
 #include <sys/ioctl.h>
@@ -5050,9 +5050,9 @@ int main(int argc, char *argv[])
 		case 'd':
 			if (fork()) exit(0);
 			setsid();
-			freopen("/dev/null", "r", stdin);
-			freopen("/dev/null", "w", stdout);
-			freopen("/dev/null", "w", stderr);
+			FILE *in = freopen("/dev/null", "r", stdin);
+			FILE *out = freopen("/dev/null", "w", stdout);
+			FILE *err = freopen("/dev/null", "w", stderr);
 			break;
 		case 'v':
 			optdebug++;
@@ -5103,7 +5103,7 @@ int main(int argc, char *argv[])
 			LOG(0, 0, 0, "Can't set ulimit: %s\n", strerror(errno));
 
 		// Make core dumps go to /tmp
-		chdir("/tmp");
+		int ret = chdir("/tmp");
 	}
 
 	if (config->scheduler_fifo)