On 5/8/19 4:51 PM, Ken Moffat via blfs-support wrote:
Looking at the CFLAGS and CXXFLAGS which get used by various
packages, and external references, I note that fedora prefer to
harden almost everything by using -DFORTIFY_SOURCE=2 [ NB - do NOT
pass that to glibc, one small part of glibc already uses it, the
other parts will be broken if it is forced ].
Looking, a few packages in LFS already use this (in particular, now
that we've found that perl thought gcc-8 and later was earlier than
gcc-4, and did not support it, perl and the modules it *compiles*
use that), and a few in BLFS (e.g. openssh, cairo, rxvt-unicode,
libsndfile
But then I noticed that firefox and qtwebengine pass two fortify
flags: -UFORTIFY_SOURCE -DFORTIFY_SOURCE=2
My initial reading tells me that -UFORTIFY_SOURCE turns it *off*.
Can anyone confirm what the pair are supposed to do ? I'm guessing:
· turn OFF any existing define, in case it is less than 2
· and then force it to 2
TIA
I use the following flags and they work on everything in LFS-8.4 except grub
CPPFLAGS=" -D_FORTIFY_SOURCE=2"
CFLSGS=" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt"
CXXFLAGS=" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt"
LDFLAGS=" -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
The _FORTIFY_SOURCE is/controls a macro and is in effect when it is non
zero so I would concur with you that the
-UFORTIFY_SOURCE
turns it off, except for the fact that one is
FORTIFY_SOURCE and the other is _FORTIFY_SOURCE. Are they the same the gcc
docs don't say.
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
