[dm-devel] [PATCH 03/12] enable gcc format-security check
Hannes Reinecke
hare at suse.de
Fri Jul 4 06:18:42 UTC 2014
On 06/30/2014 07:13 AM, Benjamin Marzinski wrote:
> -Wformat-security warns about format-strigs that represent possible
> security problems. This is check is now enabled for fedora builds, and it
> seems like a reasonable thing to always be checking.
>
> Signed-off-by: Benjamin Marzinski <bmarzins at redhat.com>
> ---
> Makefile.inc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/Makefile.inc b/Makefile.inc
> index 0669d32..1486721 100644
> --- a/Makefile.inc
> +++ b/Makefile.inc
> @@ -46,7 +46,7 @@ GZIP = gzip -9 -c
> INSTALL_PROGRAM = install
>
> ifndef RPM_OPT_FLAGS
> - RPM_OPT_FLAGS = -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4
> + RPM_OPT_FLAGS = -O2 -g -pipe -Wformat-security -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
> endif
>
> OPTFLAGS = $(RPM_OPT_FLAGS) -Wunused -Wstrict-prototypes
>
'-fstack-protector-strong' is not recognized on any of my gcc
versions supplied by SUSE. Can we please revert it to the original
'-fstack-protector'?
'-Wformat-security' is okay, though.
Cheers,
Hannes
--
Dr. Hannes Reinecke zSeries & Storage
hare at suse.de +49 911 74053 688
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: J. Hawn, J. Guild, F. Imendörffer, HRB 16746 (AG Nürnberg)
More information about the dm-devel
mailing list