Hello, Ubuntu defaulted to FORTIFY_SOURCE=3 in amd64/ppc64el on amd64 it defaulted now for devel, so the future 25.04 while on ppc64el some months ago.
https://wiki.ubuntu.com/ToolChain/CompilerFlags Usually Debian follows in one or two releases the Ubuntu decisions (unless they have proven to be wrong decisions of course, but since the maintainer is the same... :)) I don't know what is the best way to solve this, theoretically one should add the flag is not already defined, or strip it if it is... Let me know if you want me to upload it or not, but there is no real rush! HNY! G. Il lunedì 30 dicembre 2024 alle ore 07:04:12 CET, Joost van Baal-Ilić <joostvb-deb...@mdcc.cx> ha scritto: Hi again Gianfranco, On Sun, Dec 29, 2024 at 03:28:03PM +0100, Joost van Baal-Ilić wrote: > On Sun, Dec 29, 2024 at 03:12:34PM +0100, Gianfranco Costamagna wrote: > > > > Hello, looks like the code is setting FORTIFY_SOURCE=2 directly from > > makefile, not allowing to override it from outside. This is a build issue > > when people defaults e.g. to 3, something already done by some distros, > > e.g. Ubuntu. In your commit 0821bfa49bc5655f5c998bcd407329d223f2d662 @ salsa.d.o you wrote "we default to 3 in some architectures". Do you maybe have a citation or url about the usage in Debian of such a new default? I'd like to add that to debian/patches/no-fortify-source.patch's Description. ( I just learned this FORTIFY_SOURCE=3 default is being/has been introduced in Fedora, Ubuntu, OpenSUSE and Gentoo ( https://fedoraproject.org/wiki/Changes/Add_FORTIFY_SOURCE%3D3_to_distribution_build_flags " All packages in OpenSUSE ALP are built with _FORTIFY_SOURCE=3 by default. Gentoo is considering making _FORTIFY_SOURCE=3 the default level for their hardened profile "; https://wiki.ubuntu.com/ToolChain/CompilerFlags#A-D_FORTIFY_SOURCE.3D3 ). However, I didn't find any discussion or pointer about a move from 2 to 3 in Debian. I did find https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_FORTIFY_.28gcc.2Fg.2B-.2B-_-D_FORTIFY_SOURCE.3D2.29 though. ) > > I took the liberty to patch the code and commit the patch on git <snip> > Stefan: what do you think about it? Would you like to apply it upstream? > Or would you prefer to keep the default on FORTIFY_SOURCE=2? > > Gianfranco: I'll wait on Stefan's reply and then decide on how to tackle this > in the Debian packaging. Thanks again for the beautiful commit! Gianfranco: would you like to also take care of uploading your work to ftp.d.o? I'd appreciate that (and would be happy to do it myself too, of course). But, as said, let's first wait a few days more on Stef's comments. Bye, Joost
