Deploy maximum "fortified source" and stack protection.

author Jason S. Ninneman <jsn@mbar.us>

Sat, 15 Jul 2017 02:52:20 +0000 (19:52 -0700)

committer Eric S. Raymond <esr@thyrsus.com>

Mon, 17 Jul 2017 17:56:52 +0000 (13:56 -0400)
author Jason S. Ninneman <jsn@mbar.us>
Sat, 15 Jul 2017 02:52:20 +0000 (19:52 -0700)
committer Eric S. Raymond <esr@thyrsus.com>
Mon, 17 Jul 2017 17:56:52 +0000 (13:56 -0400)
diff --git a/Makefile b/Makefile

index 8819291dc203913d57b96b0dad892ba4e7bedceb..a3535321be7aa31d4f0bdd3a630c007c44ea1058 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -8,7 +8,7 @@ VERS=$(shell sed -n <NEWS '/^[0-9]/s/:.*//p' | head -1)
  .PHONY: check coverage
  
  CC?=gcc
  .PHONY: check coverage
  
  CC?=gcc
-CCFLAGS+=-std=c99 -D_DEFAULT_SOURCE -DVERSION=\"$(VERS)\" -O2
+CCFLAGS+=-std=c99 -D_DEFAULT_SOURCE -DVERSION=\"$(VERS)\" -O2 -D_FORTIFY_SOURCE=2 -fstack-protector-all
  LIBS=$(shell pkg-config --libs libedit)
  INC+=$(shell pkg-config --cflags libedit)
  
  LIBS=$(shell pkg-config --libs libedit)
  INC+=$(shell pkg-config --cflags libedit)
  
@@ -117,7 +117,7 @@ linty: CCFLAGS += -Winit-self
  linty: CCFLAGS += -Wpointer-arith
  linty: advent cheat
  
  linty: CCFLAGS += -Wpointer-arith
  linty: advent cheat
  
-debug: CCFLAGS += -O0 --coverage -ggdb
+debug: CCFLAGS += -O0 --coverage -ggdb -U_FORTIFY_SOURCE
  debug: linty
  
  CSUPPRESSIONS = --suppress=missingIncludeSystem --suppress=invalidscanf
  debug: linty
  
  CSUPPRESSIONS = --suppress=missingIncludeSystem --suppress=invalidscanf
author	Jason S. Ninneman <jsn@mbar.us>
	Sat, 15 Jul 2017 02:52:20 +0000 (19:52 -0700)
committer	Eric S. Raymond <esr@thyrsus.com>
	Mon, 17 Jul 2017 17:56:52 +0000 (13:56 -0400)