Re: Heads-up: dpkg-buildflags switching to -fstack-protector-strong
Hi!
On Wed, 2014-06-25 at 17:26:31 +0200, Romain Francoise wrote:
> There was a previous discussion about this on the dpkg mailing list, see:
>
> https://lists.debian.org/debian-dpkg/2014/06/msg00031.html
>
> In preparation of this switch David Suárez did a full archive rebuild on
> EC2, the results of which are detailed in the post linked above.
> In summary, the bulk of the failures is for packages that explicitly use
> an older GCC version, which doesn't understand -fstack-protector-strong.
> If your package is affected, you will need to filter out the new flag
> and re-add the old one, or disable stack protection entirely (which is
> the least preferred option). See dpkg-buildflags(1) for details on how
> to do this.
Actually, I guess it might not have been obvious, but with the change
I mentioned in [C], it should be possible to disable the strong variant
bug still keep the normal stack-ptorector enabled.
[C] <https://lists.debian.org/debian-dpkg/2014/06/msg00032.html>
Something like:
DEB_BUILD_MAINT_OPTIONS=hardening=-stackprotectorstrong
(With the actual feature name sill open for minor tweaks.) Disabling
stackprotector will disable both features. But, yeah the best fix going
forward is to make the package build with gcc >= 4.9.
Thanks,
Guillem
Reply to: