# @def_cxxflags_* is the same as @def_cflags_*.
my @def_cppflags = ();
my @def_cppflags_fortify = (
- '-D_FORTIFY_SOURCE=2',
+ '-D_FORTIFY_SOURCE=2', # must be first, see cppflags_fortify_broken()
+);
+my @def_cppflags_fortify_bad = (
+ # These flags may overwrite -D_FORTIFY_SOURCE=2.
+ '-D_FORTIFY_SOURCE=0',
+ '-D_FORTIFY_SOURCE=1',
);
my @def_ldflags = ();
my @def_ldflags_relro = (
# References to all used flags.
my @flag_refs_all = (
@flag_refs,
+ \@def_cppflags_fortify_bad,
\@def_ldflags_pic,
);
# Renaming rules for the output so the regex parts are not visible. Also
return 0;
}
+sub cppflags_fortify_broken {
+ my ($line, $missing_flags) = @_;
+
+ # This doesn't take the position into account, but is a simple solution.
+ # And if the build system tries to force -D_FORTIFY_SOURCE=0/1, something
+ # is wrong anyway.
+
+ if (any_flags_used($line, @def_cppflags_fortify_bad)) {
+ # $def_cppflags_fortify[0] must be -D_FORTIFY_SOURCE=2!
+ push @{$missing_flags}, $def_cppflags_fortify[0];
+ return 1;
+ }
+
+ return 0;
+}
+
# Modifies $missing_flags_ref array.
sub pic_pie_conflict {
my ($line, $pie, $missing_flags_ref, @flags_pie) = @_;
}
$exit |= $exit_code{flags_missing};
}
- if ($preprocess and not all_flags_used($line, \@missing, @cppflags)
+ if ($preprocess
+ and (not all_flags_used($line, \@missing, @cppflags)
+ # The fortify flag might be overwritten, detect that.
+ or ($harden_fortify
+ and cppflags_fortify_broken($line, \@missing)))
# Assume dpkg-buildflags returns the correct flags.
and index($line, '`dpkg-buildflags --get CPPFLAGS`') == -1) {
if (not $option_buildd) {
ruderich.org/simon / blhc / blhc.git / blobdiff