blob: a8030ec3a17ecd255f175347872224ac13168e7d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
Description: Poke requested Debian buildflags for hardening into Makefile
Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
Last-Update: 2015-01-07
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
Index: trunk/Makefile
===================================================================
--- trunk.orig/Makefile
+++ trunk/Makefile
@@ -395,10 +395,11 @@ VALA_CFLAGS := `pkg-config --cflags $(EX
$(foreach def,$(DEFINES),-D$(def))
VALA_LDFLAGS := `pkg-config --libs $(EXT_PKGS) $(DIRECT_LIBS) gthread-2.0`
+VALA_LDFLAGS += -fPIE -pie -Wl,-z,relro -Wl,-z,now
# REQUIRED_CFLAGS absolutely get appended to CFLAGS, whatever the
# the value of CFLAGS in the environment
-REQUIRED_CFLAGS := -fPIC
+REQUIRED_CFLAGS := -g -O2 -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
# setting CFLAGS in configure.mk overrides build type
ifndef CFLAGS
@@ -411,8 +412,8 @@ PLUGIN_CFLAGS = -O2 -g -pipe
endif
endif
-CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS)
-PLUGIN_CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS)
+CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS) -fstack-protector-strong
+PLUGIN_CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS) -fPIC -fno-stack-protector
# Required for gudev-1.0
CFLAGS += -DG_UDEV_API_IS_SUBJECT_TO_CHANGE
|