commit | 607f1f800ac975dadd43af8a8036b6c8a6e4284e | [log] [tgz] |
---|---|---|
author | Stefan Berger <stefanb@linux.ibm.com> | Mon Apr 04 08:49:37 2022 -0400 |
committer | Stefan Berger <stefanb@us.ibm.com> | Mon Apr 04 11:45:36 2022 -0400 |
tree | aa56816d2c9defb0b5518f9ae99181e0a3bfc7db | |
parent | f4cdeb61b9af9260d5d1021ea3ea30b1109a175d [diff] |
build-sys: Fix configure script to support _FORTIFY_SOURCE=3 gcc 12.1 supports _FORTIFY_SOURCE=3. Modify the existing check for whether _FORTIFY_SOURCE=2 can be used to test compile with the user provided CFLAGS and only add _D_FORTIFY_SOURCE=2 to the HARDENING_CFLAGS if the user doesn't provide anything that's not compatible. Following an online article _FORTIFY_SOURCE=3 may add more overhead, so we only go up to level 2 for now and let build servers or user provide the higher level via the CFLAGS. https://developers.redhat.com/blog/2021/04/16/broadening-compiler-checks-for-buffer-overflows-in-_fortify_source#what_s_next_for__fortify_source Resolves: https://github.com/stefanberger/swtpm/issues/688 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>