#3493 closed patch (an actual patch, not a request for one) (fixed)
fails to build from source with GCC hardening options
| Reported by: | pabs | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | unspecified |
| Component: | other | Version: | 3.1 beta10 |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Operating System: | All/Non-Specific |
Description (last modified by dak180)
The attached patch fixes building from source while enabling the GCC hardening options:
CPPFLAGS="-D_FORTIFY_SOURCE=2" CFLAGS="-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security" CXXFLAGS="-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security" LDFLAGS="-fPIE -pie -Wl,-z,relro -Wl,-z,now"
This is how Debian enables these options (other distros turn them on by default in GCC):
Attachments (1)
Change History (8)
comment:1 Changed 11 years ago by dak180
- Description modified (diff)
comment:2 Changed 11 years ago by Cyp
comment:3 Changed 11 years ago by pabs
Added an updated patch that doesn't patch the generated code (why is it in tarball?). Based on this bug report yyerror (or equivalent) should not be marked with the format attribute:
comment:4 Changed 11 years ago by Paul Wise
- Resolution set to fixed
- Status changed from new to closed
fix an FTBFS with -Werror=format-security
Fixes ticket:3493.
comment:5 Changed 11 years ago by Paul Wise
fix an FTBFS with -Werror=format-security
Fixes ticket:3493.
comment:6 Changed 11 years ago by Paul Wise
fix an FTBFS with -Werror=format-security
Fixes ticket:3493.
comment:7 Changed 11 years ago by Paul Wise
fix an FTBFS with -Werror=format-security
Fixes ticket:3493.
Note: See
TracTickets for help on using
tickets.
I could not apply this patch, as lib/script/script_parser.cpp and src/scriptvals_parser.cpp are autogenerated (and appear in my out-of-main-tree build/ directory).
I have no idea how to apply the patch to the original lib/script/script_parser.ypp and src/scriptvals_parser.ypp files, as the relevant part of the code seems to be just a "%%" in the .ypp files.