]> git.ipfire.org Git - pakfire.git/commitdiff
projects / pakfire.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7526884)
CFLAGS: Enable more hardening
authorMichael Tremer <michael.tremer@ipfire.org>
Tue, 16 Sep 2014 13:49:25 +0000 (15:49 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Wed, 17 Sep 2014 13:15:21 +0000 (15:15 +0200)
-fstack-protector-strong is available since GCC 4.9

-D_FORTIFY_SOURCE=2 is automatically enabled in IPFire since
GCC 4.9 and when optimization is enabled (e.g. -O2).

macros/cflags.macro patch | blob | blame | history

diff --git a/macros/cflags.macro b/macros/cflags.macro
index a2c583c5bc7eb95a7b1848d71f1da98d9530c277..52a069a711be91f6cb5e173abde42657c5b03a85 100644 (file)
--- a/macros/cflags.macro
+++ b/macros/cflags.macro
@@ -1,7 +1,8 @@
 
 # Export CFLAGS + CXXFLAGS
-GLOBAL_CFLAGS   = -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC
-GLOBAL_CFLAGS  += -fstack-protector-all --param=ssp-buffer-size=4
+GLOBAL_CFLAGS   = -O2 -g -pipe -Wall -Werror=format-security
+GLOBAL_CFLAGS  += -fexceptions -fPIC -fstack-protector-strong --param=ssp-buffer-size=4
+GLOBAL_CFLAGS  += -grecord-gcc-switches
 
 CFLAGS_i686     = -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables
 CFLAGS_x86_64   = -m64 -mtune=generic
Pakfire is the package management and build system for IPFire 3.x.