On Tue, Dec 6, 2022 at 4:05 AM Richard W.M. Jones <rjones@xxxxxxxxxx> wrote: > > On Tue, Dec 06, 2022 at 01:35:04AM +0100, Jaroslav Prokop wrote: > > On 12/5/22 20:58, Ben Cotton wrote: > > > > The core change to bring in this mitigation is to change the default > > build flags in `redhat-rpm-config` so that packages build by default > > with `-Wp,-D_FORTIFY_SOURCE=3`. There are packages (e.g. `systemd`) > > that do not interact well with `_FORTIFY_SOURCE` and will also need a > > workaround to downgrade fortification to level 2. The change will also > > include this override. > > > > How come systemd gets an exception? If it is a security option, it should be > > enabled everywhere. > > I don't believe the proposal is that everyone *has* to use this (or at > least, I hope not). Even existing _FORTIFY_SOURCE=2 is optional. I'd > like to know what the problems are that affect systemd however. Yes, I intend it to be the same as _FORTIFY_SOURCE=2. In fact, I'm thinking of a %fortify_level macro override that allows packages to override this without fiddling directly with cflags. Thanks, Sid _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
