make: don't magically -D_FORTIFY_SOURCE=2

This is just annoying for development.  You want -O0 or -Og,
and consequently you get lots of warnings that are difficult to disable.

I believe hardening options are more of a responsibility/choice of the
caller, typically distributions have some general policies and pass the
flags (almost) uniformly to all packages.  I can't see any part of kresd
being so specific to warrant explicit hardening.

diff --git a/NEWS b/NEWS
index 1799b4c60f8bb3234492ee91ddc5c2f0391ba8de..359cce91d48a29f760734fd565e55a23b352686c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+
+- don't magically -D_FORTIFY_SOURCE=2 in some cases
+
 Knot Resolver 2.1.1 (2018-02-23)
 ================================
 

diff --git a/config.mk b/config.mk
index 38c6210c6f295f2aa2141b12ab67f296c6879f0c..69770d428ac3e448227a3b9dd66d24fa4aaae41f 100644 (file)
--- a/config.mk
+++ b/config.mk
@@ -43,6 +43,3 @@ BUILD_CFLAGS += -fvisibility=hidden
 ifeq (,$(findstring -O,$(CFLAGS)))
        BUILD_CFLAGS += -O2
 endif
-ifeq (,$(findstring -fsanitize=address,$(CFLAGS)))
-       BUILD_CFLAGS += -D_FORTIFY_SOURCE=2
-endif