commit | d57ee9a0f213c45597289b131d227691a658d53b | [log] [tgz] |
---|---|---|
author | Stefan Berger <stefanb@linux.ibm.com> | Mon Apr 04 08:49:37 2022 -0400 |
committer | Stefan Berger <stefanb@us.ibm.com> | Mon Apr 04 19:01:56 2022 -0400 |
tree | 4f289ae2cb7358fd58b3c968169f1f417eb63151 | |
parent | 2214310d5beaf77a438a808b39402acdbf1a935e [diff] |
build-sys: Fix configure script to support _FORTIFY_SOURCE=3 gcc 12.1 supports _FORTIFY_SOURCE=3. Modify the existing check for whether _FORTIFY_SOURCE=2 can be used to test compile with the user provided CFLAGS and only add _D_FORTIFY_SOURCE=2 to the HARDENING_CFLAGS if the user doesn't provide anything that's not compatible. Following an online article _FORTIFY_SOURCE=3 may add more overhead, so we only go up to level 2 for now and let build servers or user provide the higher level via the CFLAGS. https://developers.redhat.com/blog/2021/04/16/broadening-compiler-checks-for-buffer-overflows-in-_fortify_source#what_s_next_for__fortify_source Resolves: https://github.com/stefanberger/swtpm/issues/688 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>