New debdiff. handles -U_FORTIFY_SOURCE and correct variations on -D_FORTIFY_SOURCE, -D_FORTIFY_SOURCE=*. I have also documented -Wformat, -Wformat-security, and found a reasonable place to document FORTIFY_SOURCE (with -O2, since that's when it takes effect).
Remaining bugs we can discuss at UDS (or just live with): - direct call to preprocessor will lack fortify define - direct call to ld will lack relro As a point of comparison, the wrapper had the same issue with the preprocessor, but not with the linker. I have tested the results, both for behavior and for the correct ability to disable. ** Attachment added: "final hardening options patches" http://launchpadlibrarian.net/14093685/gcc-4.3_4.3.0-3ubuntu5.debdiff ** Changed in: gcc-4.3 (Ubuntu) Assignee: Matthias Klose (doko) => Kees Cook (keescook) Status: Incomplete => In Progress -- add security hardening options https://bugs.launchpad.net/bugs/225448 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
