pakfire/patches/0001-CFLAGS-Enable-more-hardening.patch

   1 commit 664591620ddc73ac6838c6ed152c2b3c4233d609
   2 Author: Michael Tremer <michael.tremer@ipfire.org>
   3 Date:   Tue Sep 16 15:49:25 2014 +0200
   4
   5     CFLAGS: Enable more hardening
   6
   7     -fstack-protector-strong is available since GCC 4.9
   8
   9     -D_FORTIFY_SOURCE=2 is automatically enabled in IPFire since
  10     GCC 4.9 and when optimization is enabled (e.g. -O2).
  11
  12 diff --git a/macros/cflags.macro b/macros/cflags.macro
  13 index a2c583c..52a069a 100644
  14 --- a/macros/cflags.macro
  15 +++ b/macros/cflags.macro
  16 @@ -1,7 +1,8 @@
  17
  18  # Export CFLAGS + CXXFLAGS
  19 -GLOBAL_CFLAGS   = -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC
  20 -GLOBAL_CFLAGS  += -fstack-protector-all --param=ssp-buffer-size=4
  21 +GLOBAL_CFLAGS   = -O2 -g -pipe -Wall -Werror=format-security
  22 +GLOBAL_CFLAGS  += -fexceptions -fPIC -fstack-protector-strong --param=ssp-buffer-size=4
  23 +GLOBAL_CFLAGS  += -grecord-gcc-switches
  24
  25  CFLAGS_i686     = -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables
  26  CFLAGS_x86_64   = -m64 -mtune=generic