The following commit has been merged in the master branch:
commit d6fc0364f28ff2d5d4f7094db9cca5e2f34c8b0d
Author: Guillem Jover <[email protected]>
Date: Tue Oct 30 05:56:23 2012 +0100
dpkg-buildflags: Mask fortify hardening option on noopt
New glibc 2.16 and later, issue a warning on this condition. Just
disable the hardening flags in such case.
Closes: #691745
diff --git a/debian/changelog b/debian/changelog
index f8d084f..7775a0a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -47,6 +47,9 @@ dpkg (1.17.0) UNRELEASED; urgency=low
Thanks to Jonathan Nieder <[email protected]>.
* Rename dpkg-buildflags configure exporter to cmdline, but preserve
configure as a legacy alias.
+ * Mask fortify hardening option from dpkg-buildflags output on noopt.
+ New glibc 2.16 and later, issue a warning on this condition.
+ Closes: #691745
-- Guillem Jover <[email protected]> Fri, 03 Aug 2012 13:21:00 +0200
diff --git a/man/dpkg-buildflags.1 b/man/dpkg-buildflags.1
index cec51d1..488647e 100644
--- a/man/dpkg-buildflags.1
+++ b/man/dpkg-buildflags.1
@@ -230,7 +230,10 @@ blocked. If an application depends on such a format
string, it will need
to be worked around.
Note that for this option to have any effect, the source must also
-be compiled with \fB\-O1\fP or higher.
+be compiled with \fB\-O1\fP or higher. If the environment variable
+\fBDEB_BUILD_OPTIONS\fP contains \fInoopt\fP, then \fBfortify\fP
+support will be disabled, due to new warnings being issued by
+glibc 2.16 and later.
.TP
.B stackprotector
This setting (enabled by default) adds
diff --git a/scripts/Dpkg/BuildFlags.pm b/scripts/Dpkg/BuildFlags.pm
index b94006c..27a2631 100644
--- a/scripts/Dpkg/BuildFlags.pm
+++ b/scripts/Dpkg/BuildFlags.pm
@@ -71,6 +71,7 @@ sub load_vendor_defaults {
$self->{'source'} = {};
$self->{'features'} = {};
my $build_opts = Dpkg::BuildOptions->new();
+ $self->{'build-options'} = $build_opts;
my $default_flags = $build_opts->has("noopt") ? "-g -O0" : "-g -O2";
$self->{flags} = {
CPPFLAGS => '',
diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm
index 6793784..81b5714 100644
--- a/scripts/Dpkg/Vendor/Debian.pm
+++ b/scripts/Dpkg/Vendor/Debian.pm
@@ -133,6 +133,12 @@ sub add_hardening_flags {
$use_feature{"relro"} = 0;
}
+ # Mask features that might be influenced by other flags.
+ if ($flags->{'build-options'}->has('noopt')) {
+ # glibc 2.16 and later warn when using -O0 and _FORTIFY_SOURCE.
+ $use_feature{'fortify'} = 0;
+ }
+
# Handle logical feature interactions.
if ($use_feature{"relro"} == 0) {
# Disable bindnow if relro is not enabled, since it has no
--
dpkg's main repository
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
