[Olsr-dev] hardening 1by1: -Wformat -Wformat-security -Werror=format-security
Hans of Guardian
(spam-protected)
Mon Oct 15 16:49:25 CEST 2012
That seems backwards to me. I think "make" should give you a build with -O2. And "make DEBUG=1" would disable anything that gets in the way of debugging.
"make" should produce a production build with all the flags that olsrd devs think any production build should include. It could include -g i.e. debug symbols since "make install" should strip them.
.hc
On Oct 15, 2012, at 2:06 AM, Henning Rogge wrote:
> Hi Hans,
>
> would this patch okay from Debians point of view? I expect that the Debian package is compiled without Debug symbols anyways.
>
> The patch adds -O2 -D_FORTIFY_SOURCE=2 to any non-debug build, unless the OPTIMIZE variable is already set.
>
>
> diff --git a/Makefile.inc b/Makefile.inc
> index 4275ad2..0f8c993 100644
> --- a/Makefile.inc
> +++ b/Makefile.inc
> @@ -95,6 +95,7 @@ WARNINGS += -Wsequence-point
> WARNINGS += -Wcast-align
> WARNINGS += -Wformat-security
> WARNINGS += -Wformat-y2k
> +WARNINGS += -Werror=format-security
> WARNINGS += -Winit-self
> WARNINGS += -Wswitch-default
> WARNINGS += -Wsync-nand
> @@ -210,6 +211,9 @@ CPPFLAGS += -DDEBUG
> CFLAGS += -ggdb
> else
> CPPFLAGS += -DNDEBUG
> +ifeq ($(OPTIMIZE),)
> +OPTIMIZE += -O2 -D_FORTIFY_SOURCE=2
> +endif
> endif
> ifeq ($(NO_DEBUG_MESSAGES),1)
> CPPFLAGS += -DNODEBUG
>
> Henning Rogge
>
> --
> Diplom-Informatiker Henning Rogge , Fraunhofer-Institut für
> Kommunikation, Informationsverarbeitung und Ergonomie FKIE
> Kommunikationssysteme (KOM)
> Fraunhofer Straße 20, 53343 Wachtberg, Germany
> Telefon +49 228 9435-961, Fax +49 228 9435 685
> mailto:(spam-protected) http://www.fkie.fraunhofer.de
>
More information about the Olsr-dev
mailing list