1 commit 664591620ddc73ac6838c6ed152c2b3c4233d609
2 Author: Michael Tremer <michael.tremer@ipfire.org>
3 Date: Tue Sep 16 15:49:25 2014 +0200
5 CFLAGS: Enable more hardening
7 -fstack-protector-strong is available since GCC 4.9
9 -D_FORTIFY_SOURCE=2 is automatically enabled in IPFire since
10 GCC 4.9 and when optimization is enabled (e.g. -O2).
12 diff --git a/macros/cflags.macro b/macros/cflags.macro
13 index a2c583c..52a069a 100644
14 --- a/macros/cflags.macro
15 +++ b/macros/cflags.macro
18 # Export CFLAGS + CXXFLAGS
19 -GLOBAL_CFLAGS = -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC
20 -GLOBAL_CFLAGS += -fstack-protector-all --param=ssp-buffer-size=4
21 +GLOBAL_CFLAGS = -O2 -g -pipe -Wall -Werror=format-security
22 +GLOBAL_CFLAGS += -fexceptions -fPIC -fstack-protector-strong --param=ssp-buffer-size=4
23 +GLOBAL_CFLAGS += -grecord-gcc-switches
25 CFLAGS_i686 = -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables
26 CFLAGS_x86_64 = -m64 -mtune=generic