Hi,
GCC 4.9 supports a new stack protector implementation, enabled via the
-fstack-protector-strong flag, which provides a better balance between
security and performance than the default implementation that we're
currently using. This new flag is already used by Fedora 20 and
ChromeOS. See the fo
Hi!
On Tue, 2014-06-24 at 11:29:31 +0200, Romain Francoise wrote:
> GCC 4.9 supports a new stack protector implementation, enabled via the
> -fstack-protector-strong flag, which provides a better balance between
> security and performance than the default implementation that we're
> currently usin
On Tue, Jun 24, 2014 at 11:29:31AM +0200, Romain Francoise wrote:
> Hi,
>
> GCC 4.9 supports a new stack protector implementation, enabled via the
> -fstack-protector-strong flag, which provides a better balance between
> security and performance than the default implementation that we're
> curren
On Tue, Jun 24, 2014 at 12:21:56PM +0200, Guillem Jover wrote:
>> * false positives:
>> - gcc-4.7 4.7.4-1 (checks that dpkg-dev is 'ii')
>
> For what purpose?
By way of getting dpkg-dev's installed version. The changelog suggests
that the dependency cannot be expressed using Build-Depends for re
On Tue, Jun 24, 2014 at 07:11:58AM -0700, Kees Cook wrote:
> I wonder if there is any sensible way for dpkg-buildflags to detect (or
> maybe just be told) which compile will be used for a build? Perhaps it
> could take a new argument that would allow it to select flags based on the
> compiler name
On Tue, Jun 24, 2014 at 06:33:33PM +0200, Romain Francoise wrote:
> On Tue, Jun 24, 2014 at 07:11:58AM -0700, Kees Cook wrote:
> > I wonder if there is any sensible way for dpkg-buildflags to detect (or
> > maybe just be told) which compile will be used for a build? Perhaps it
> > could take a new
On Tue, Jun 24, 2014 at 07:11:58AM -0700, Kees Cook wrote:
> Though really hardening-wrapper should be
> deprecated for Jessie.
I looked into it, but the number of packages using -wrapper or
-includes is too large to do this realistically. Rather for
jessie+1.
I think we need a lintian check to g
Moritz Muehlenhoff writes:
> On Tue, Jun 24, 2014 at 07:11:58AM -0700, Kees Cook wrote:
>> Though really hardening-wrapper should be deprecated for Jessie.
> I looked into it, but the number of packages using -wrapper or
> -includes is too large to do this realistically. Rather for
> jessie+1.
On 2014-06-24 18:37, Moritz Muehlenhoff wrote:
> On Tue, Jun 24, 2014 at 07:11:58AM -0700, Kees Cook wrote:
>> Though really hardening-wrapper should be
>> deprecated for Jessie.
>
> I looked into it, but the number of packages using -wrapper or
> -includes is too large to do this realistically. R
On Tue, Jun 24, 2014 at 11:46:32AM -0700, Russ Allbery wrote:
> Speaking as one of the people maintaining a package that still uses
> hardening-wrapper, some packages have build systems that are quite
> difficult to patch to use packaging-provided compiler flags. It's
> definitely an upstream bug,
10 matches
Mail list logo
