Bug#552688: enable hardening defaults
Package: gcc-4.4
Version: 4.4.2-1
Severity: wishlist
Tags: patch
Hello!
Based on the ubuntu-devel discussions[1], there are no objections yet
from other developers about enabling the hardened compiler defaults in
Debian.
Thanks,
-Kees
[1] http://lists.debian.org/debian-gcc/2009/10/msg00186.html
--
Kees Cook @debian.org
diff -uNrp gcc-4.4-4.4.1/debian~/rules.defs gcc-4.4-4.4.1/debian/rules.defs
--- gcc-4.4-4.4.1/debian~/rules.defs 2009-10-25 10:46:48.000000000 -0700
+++ gcc-4.4-4.4.1/debian/rules.defs 2009-10-25 10:50:13.000000000 -0700
@@ -675,10 +675,8 @@ endif
with_ssp := $(call envfilt, ssp, , , $(with_ssp))
ifeq ($(with_ssp),yes)
- ifneq ($(distribution),Debian)
- ifneq (,$(findstring gcc-4, $(PKGSOURCE)))
- with_ssp_default := yes
- endif
+ ifneq (,$(findstring gcc-4, $(PKGSOURCE)))
+ with_ssp_default := yes
endif
endif
diff -uNrp gcc-4.4-4.4.1/debian~/rules.patch gcc-4.4-4.4.1/debian/rules.patch
--- gcc-4.4-4.4.1/debian~/rules.patch 2009-10-25 10:46:48.000000000 -0700
+++ gcc-4.4-4.4.1/debian/rules.patch 2009-10-25 10:49:47.000000000 -0700
@@ -64,14 +64,12 @@ debian_patches += \
#endif
hardening_patches =
-ifneq ($(distribution),Debian)
- ifneq (,$(findstring gcc-4, $(PKGSOURCE)))
- hardening_patches += gcc-default-format-security \
+ifneq (,$(findstring gcc-4, $(PKGSOURCE)))
+ hardening_patches += gcc-default-format-security \
gcc-default-fortify-source gcc-default-relro \
testsuite-hardening-format \
testsuite-hardening-fortify \
testsuite-hardening-printf-types
- endif
endif
ifeq ($(with_ssp)-$(with_ssp_default),yes-yes)
hardening_patches += gcc-default-ssp
Reply to: