[pkg-sec] Help with CFLAGS/LDFLAGS on t50
Lukas Schwaighofer
lukas at schwaighofer.name
Tue Jun 20 17:23:24 UTC 2017
Hi Samuel,
I agree with Gianfranco regarding PIE. However, looking at the compile
flags, I found that the configure script adds the following to the
CFLAGS (with your gcc_flags.patch applied):
CFLAGS+=" -s -DNDEBUG -fno-stack-protector"
These options come after the "-g" and "-fstack-protector-strong" added
by dpkg-buildflags and disable both of them.
You should definitely remove "-s" (for the dbgsym package, the symbols
will be stripped from the binary package automatically).
You probably should also remove "-fno-stack-protector" (although there
may be a reason why this was added by upstream…).
Regards
Lukas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20170620/060d8aa1/attachment.sig>
More information about the Pkg-security-team
mailing list