On Thu, Apr 18, 2019 at 10:59:04PM +0100, Ken Moffat wrote: > I was looking through my logs to identify which packages do not use > my CFLAGS, CXXFLAGS (thinking about trying LTO at some point) and > reading the voluminous output from perl's Configure I noticed: > > Guessing which symbols your C compiler and preprocessor define... > You seem not to have gcc 4.* or later, not adding -D_FORTIFY_SOURCE. > > That is because 5.28.1 has the following: > > case "$gccversion" in > [4567].*) case "$optimize$ccflags" in > > Using > sed -i 's/^\(\[4567\)/\18/' Configure > gives me > > Guessing which symbols your C compiler and preprocessor define... > Adding -D_FORTIFY_SOURCE=2 to ccflags... > > ĸen
This still applies to 5.28.2. I guess that distros such as fedora and Arch have not reported this upstream because they *always* force their own CFLAGS which include a -DFORTIFY_SOURCE setting. Compare our own builds of perl-5.26.1 on LFS-8.2 when we were still on gcc-7 : Guessing which symbols your C compiler and preprocessor define... Adding -D_FORTIFY_SOURCE=2 to ccflags... I'm thinking about adding that to my own CFLAGS for everything which I compile in my normal desktop builds, but first I need to continue checking which packages currently ignore my CFLAGS - a slow job, because so many now are not verbose. Of course, some people don't care about hardening. ĸen -- With a few red lights, a few old bits, we made the place to sweat. No matter what we get out of this, I know, I know we'll never forget. Smoke on the water, a fire in the sky. Smoke, on the water. -- http://lists.linuxfromscratch.org/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page