search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 95a73bd) | patch
Turn on -D_FORTIFY_SOURCE=2 by default plus other security enhancements
commit86ab04a28039a697c950e6db77f0685549fca9a0
authorMatías Fonzo <selk@dragora.org>
Mon, 8 Feb 2021 13:33:47 +0000 (8 10:33 -0300)
committerMatías Fonzo <selk@dragora.org>
Mon, 8 Feb 2021 13:33:47 +0000 (8 10:33 -0300)
tree88a36c70b6bf81af5db8ca43e392be99eb31546ctree | snapshot (tar.gz zip)
parent95a73bd4ce719be922226c53c96e72a8d5744a5ccommit | diff
Turn on -D_FORTIFY_SOURCE=2 by default plus other security enhancements

Currently QICPPFLAGS is used to pass -D_FORTIFY_SOURCE=2 to the
CPPFLAGS that are used in recipes; unfortunately, there are sources
that do not even respect or include the CPPFLAGS, others use another
name for this flag.  Anyway, we make sure to always use this measure
through the compiler.

Also, in this opportunity we have applied patches for the compiler
(Thanks to "Alpine Linux") to improve security in Dragora by default.

Signed-off-by: Matías Fonzo <selk@dragora.org>
27 files changed:
patches/gcc/0004-Turn-on-D_FORTIFY_SOURCE-2-by-default-for-C-C-ObjC-O.patch [new file with mode: 0644] blob
patches/gcc/0005-On-linux-targets-pass-as-needed-by-default-to-the-li.patch [new file with mode: 0644] blob
patches/gcc/0006-Enable-Wformat-and-Wformat-security-by-default.patch [new file with mode: 0644] blob
patches/gcc/0007-Enable-Wtrampolines-by-default.patch [new file with mode: 0644] blob
patches/gcc/0008-Disable-ssp-on-nostdlib-nodefaultlibs-and-ffreestand.patch [new file with mode: 0644] blob
patches/gcc/0020-add-fortify-headers-paths.patch [new file with mode: 0644] blob
patches/gcc/0022-DP-Use-push-state-pop-state-for-gold-as-well-when-li.patch [new file with mode: 0644] blob
patches/mlocate/01-fortify-source-compat.patch [new file with mode: 0644] blob
recipes/00-core.order diff | blob | blame | history
recipes/03-xorg.order diff | blob | blame | history
recipes/compressors/clzip/recipe diff | blob | blame | history
recipes/devel/gcc/recipe diff | blob | blame | history
recipes/kernel/fortify-headers/recipe [new file with mode: 0644] blob
recipes/kernel/headers/recipe diff | blob | blame | history
recipes/libs/lzlib/recipe diff | blob | blame | history
recipes/lua/lua5/recipe diff | blob | blame | history
recipes/ruby/ruby3/recipe diff | blob | blame | history
recipes/shells/mksh/recipe diff | blob | blame | history
recipes/tools/mlocate/recipe diff | blob | blame | history
recipes/tools/tarlz/recipe diff | blob | blame | history
recipes/xorg/app/sessreg/recipe diff | blob | blame | history
recipes/xorg/app/xload/recipe diff | blob | blame | history
recipes/xorg/mesa/recipe diff | blob | blame | history
sources/SOURCELIST.txt diff | blob | blame | history
sources/fortify-headers-1.1.tar.gz.sha256 [new file with mode: 0644] blob
stages/1/03-fortify-headers [new file with mode: 0755] blob
stages/1/05-gcc diff | blob | blame | history
Dragora - an independent GNU/Linux-Libre distribution based on concepts of simplicity