merge 213994 233208 thanks Thomas Sjögren writes: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Package: gcc-3.3 > Version: 3.3.3-0pre4 > Priority: wishlist > > As Javier Fernandez-Sanguino Pen~a and David Alan Gilbert mentions in > #213994 [1] it would be a good thing if the SSP patch in the GCC-package
please use follow-ups to existing reports. > would be enabled by default. This would, hopefully, make developers > compile packages with the -fstack-protector, or -fstack-protector-all, > option and thus increase the basic security of Debian. > The protector compile option has been tested successfully, for example: > 1. The Adamantix distribution [2], based on Debian, which uses this option by > default has recompiled many packages with this option without any real > problemes. > 2. Hardened-Gentoo [3] uses this option as well. > 3. The recompiled gcc package made available by Steve Kemp [4] works > without any problems on Debian stable and unstable and has been used to > compile both 2.4 and 2.6 vanilla kernels [5] and a number of different > packages and programs (Apache, the GCC-packege itself, ...). the patch will not be enabled for the upcoming sarge release. the toolchain is frozen. I don't know if it will be enabled for sid. you show that some testing on ix86 has been done, but not for other architectures. My point for not enabling it is that I don't have the resources to have an upstream compiler for each affected architecture and the time to revalidate each report submitted to the Debian BTS with an upstream compiler. Matthias