Package: gcc-4.4 Version: 4.4.2-1 Severity: wishlist Tags: patch Hello!
Based on the ubuntu-devel discussions[1], there are no objections yet from other developers about enabling the hardened compiler defaults in Debian. Thanks, -Kees [1] http://lists.debian.org/debian-gcc/2009/10/msg00186.html -- Kees Cook @debian.org
diff -uNrp gcc-4.4-4.4.1/debian~/rules.defs gcc-4.4-4.4.1/debian/rules.defs --- gcc-4.4-4.4.1/debian~/rules.defs 2009-10-25 10:46:48.000000000 -0700 +++ gcc-4.4-4.4.1/debian/rules.defs 2009-10-25 10:50:13.000000000 -0700 @@ -675,10 +675,8 @@ endif with_ssp := $(call envfilt, ssp, , , $(with_ssp)) ifeq ($(with_ssp),yes) - ifneq ($(distribution),Debian) - ifneq (,$(findstring gcc-4, $(PKGSOURCE))) - with_ssp_default := yes - endif + ifneq (,$(findstring gcc-4, $(PKGSOURCE))) + with_ssp_default := yes endif endif diff -uNrp gcc-4.4-4.4.1/debian~/rules.patch gcc-4.4-4.4.1/debian/rules.patch --- gcc-4.4-4.4.1/debian~/rules.patch 2009-10-25 10:46:48.000000000 -0700 +++ gcc-4.4-4.4.1/debian/rules.patch 2009-10-25 10:49:47.000000000 -0700 @@ -64,14 +64,12 @@ debian_patches += \ #endif hardening_patches = -ifneq ($(distribution),Debian) - ifneq (,$(findstring gcc-4, $(PKGSOURCE))) - hardening_patches += gcc-default-format-security \ +ifneq (,$(findstring gcc-4, $(PKGSOURCE))) + hardening_patches += gcc-default-format-security \ gcc-default-fortify-source gcc-default-relro \ testsuite-hardening-format \ testsuite-hardening-fortify \ testsuite-hardening-printf-types - endif endif ifeq ($(with_ssp)-$(with_ssp_default),yes-yes) hardening_patches += gcc-default-ssp