From 33e605d8f06ec3b72b6b2ab31fe476b5efce941b Mon Sep 17 00:00:00 2001 From: Andreas Hasenack Date: Mon, 25 Jun 2007 18:58:17 +0000 Subject: - use -fstack-protector by default with a reduced size parameter (4 bytes, taken from fedora) - only use -fstack-protector-all for serverbuild (should we really be doing this?) - dropped -fno-omit-frame-pointer from serverbuild macro according to discussion on cooker. Seems it was only there because of libsafe, which is no longer used --- macros.in | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/macros.in b/macros.in index 671ba1e..4166814 100644 --- a/macros.in +++ b/macros.in @@ -76,7 +76,8 @@ # common compilation flags %_fortify_cflags -Wp,-D_FORTIFY_SOURCE=2 -%__common_cflags -O2 %{debugcflags} -pipe %{?_fortify_cflags:%_fortify_cflags} -fexceptions +%_ssp_cflags -fstack-protector --param=ssp-buffer-size=4 +%__common_cflags -O2 %{debugcflags} -pipe %{?_fortify_cflags:%_fortify_cflags} %{?_ssp_cflags:%_ssp_cflags} -fexceptions #============================================================================== # ---- Optional rpmrc macros. @@ -434,7 +435,7 @@ then %{_scrollkeeper_bin} -q || true ; fi \ # # Servers opt flags -%serverbuild export CFLAGS="%optflags -fno-omit-frame-pointer -fstack-protector"; export CXXFLAGS="%optflags -fno-omit-frame-pointer -fstack-protector"; export RPM_OPT_FLAGS="%optflags -fno-omit-frame-pointer -fstack-protector" \ +%serverbuild export CFLAGS="%optflags -fstack-protector-all"; export CXXFLAGS="%optflags -fstack-protector-all"; export RPM_OPT_FLAGS="%optflags -fstack-protector-all" \ %{nil} %__libtoolize_configure %{?__libtoolize:(cd $CONFIGURE_TOP; [ -f configure.in -o -f configure.ac ] && %{__libtoolize} --copy --force)} -- cgit v1.2.1