This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=c6f9ce27a30158fcda26efe120e6086321a90abb commit c6f9ce27a30158fcda26efe120e6086321a90abb Author: Guillem Jover <[email protected]> AuthorDate: Thu Dec 21 00:26:08 2023 +0100 Dpkg::Vendor::Debian: Parametrize fortify level For Debian we default to 2 for now, but this could change. Other vendors might want a different level. --- scripts/Dpkg/Vendor/Debian.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm index 956d2194b..3516faea3 100644 --- a/scripts/Dpkg/Vendor/Debian.pm +++ b/scripts/Dpkg/Vendor/Debian.pm @@ -357,6 +357,7 @@ sub set_build_features { # glibc 2.16 and later warn when using -O0 and _FORTIFY_SOURCE. $use_feature{hardening}{fortify} = 0; } + $flags->set_option_value('fortify-level', 2); # Handle logical feature interactions. if ($use_feature{hardening}{relro} == 0) { @@ -553,7 +554,8 @@ sub _add_build_flags { # Fortify Source if ($flags->use_feature('hardening', 'fortify')) { - $flags->append('CPPFLAGS', '-D_FORTIFY_SOURCE=2'); + my $fortify_level = $flags->get_option_value('fortify-level'); + $flags->append('CPPFLAGS', "-D_FORTIFY_SOURCE=$fortify_level"); } # Format Security -- Dpkg.Org's dpkg
