ca07a2ad46
Two makefiles of ours pass `-D_FORTIFY_SOURCE=2` directly to the preprocessor. While this does not pose any problems when the value has not been previously set, it can break the build if it is part of the standard build flags. The issue can easily be fixed by instead defining `_FORTIFY_SOURCE` without specifying a concrete value. In this case, gcc will not error out and simply keep using the previously defined value. On the other hand, if no value has been defined, we will now compile with `_FORTIFY_SOURCE=1`. From feature_test_macros(7): If _FORTIFY_SOURCE is set to 1, with compiler optimization level 1 (gcc -O1) and above, checks that shouldn't change the behavior of conforming programs are performed. With _FORTIFY_SOURCE set to 2, some more checking is added, but some conforming programs might fail. While this leaves us with less checks for buffer overflows, it will only enable checks that should not change behaviour of conforming programs. With _FORTIFY_SOURCE=2, the compiler may even unintentionally change behaviour of conforming programs. So in fact, one could even argue that we should only be setting the value to 1 anyway to avoid surprising side effects. So this patch changes our CFLAGS to only pass `-D_FORTIFY_SOURCE` without any concrete value, fixing the build issue. Signed-off-by: Patrick Steinhardt <ps@pks.im> |
||
---|---|---|
.. | ||
.gitignore | ||
avcstat.c | ||
compute_av.c | ||
compute_create.c | ||
compute_member.c | ||
compute_relabel.c | ||
compute_user.c | ||
getconlist.c | ||
getdefaultcon.c | ||
getenforce.c | ||
getfilecon.c | ||
getpidcon.c | ||
getsebool.c | ||
getseuser.c | ||
Makefile | ||
matchpathcon.c | ||
policyvers.c | ||
sefcontext_compile.c | ||
selabel_digest.c | ||
selabel_lookup.c | ||
selabel_lookup_best_match.c | ||
selabel_partial_match.c | ||
selinux_check_access.c | ||
selinux_check_securetty_context.c | ||
selinuxenabled.c | ||
selinuxexeccon.c | ||
setenforce.c | ||
setfilecon.c | ||
togglesebool.c |