diff options
Diffstat (limited to 'debian/patches/gcc-default-format-security.diff')
-rw-r--r-- | debian/patches/gcc-default-format-security.diff | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/debian/patches/gcc-default-format-security.diff b/debian/patches/gcc-default-format-security.diff new file mode 100644 index 0000000..f82ff5e --- /dev/null +++ b/debian/patches/gcc-default-format-security.diff @@ -0,0 +1,39 @@ +# DP: Turn on -Wformat -Wformat-security by default for C, C++, ObjC, ObjC++. + +Index: b/src/gcc/doc/invoke.texi +=================================================================== +--- a/src/gcc/doc/invoke.texi ++++ b/src/gcc/doc/invoke.texi +@@ -3799,6 +3799,11 @@ included in @option{-Wformat-nonliteral} + If @option{-Wformat} is specified, also warn if the format string + requires an unsigned argument and the argument is signed and vice versa. + ++NOTE: In Ubuntu 8.10 and later versions this option is enabled by default ++for C, C++, ObjC, ObjC++. To disable, use @option{-Wno-format-security}, ++or disable all format warnings with @option{-Wformat=0}. To make format ++security warnings fatal, specify @option{-Werror=format-security}. ++ + @item -Wformat-y2k + @opindex Wformat-y2k + @opindex Wno-format-y2k +Index: b/src/gcc/gcc.c +=================================================================== +--- a/src/gcc/gcc.c ++++ b/src/gcc/gcc.c +@@ -858,11 +858,14 @@ proper position among the other output f + #define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G" + #endif + ++/* no separate spec, just shove it into the ssp default spec */ ++#define FORMAT_SECURITY_SPEC "%{!Wformat:%{!Wformat=2:%{!Wformat=0:%{!Wall:-Wformat} %{!Wno-format-security:-Wformat-security}}}}" ++ + #ifndef SSP_DEFAULT_SPEC + #ifdef TARGET_LIBC_PROVIDES_SSP +-#define SSP_DEFAULT_SPEC "%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:-fstack-protector}}}}" ++#define SSP_DEFAULT_SPEC "%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:-fstack-protector}}}} " FORMAT_SECURITY_SPEC + #else +-#define SSP_DEFAULT_SPEC "" ++#define SSP_DEFAULT_SPEC FORMAT_SECURITY_SPEC + #endif + #endif + |