Hello, As discussed in <http://bugs.debian.org/657853/> we are adding various hardening build flags to the perl build in Debian, as part of a Debian release goal[1].
The version currently in Debian experimental has the following additional flags defined: ccflags: add -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security (note: -fstack-protector is added by perl's config already, but is also in the standard set of flags defined by the Debian dpkg-buildflags utility; -g -O2 is also not new, at least for the non-debugging build). ldflags: -Wl,-z,relro Notes on what the flags do are availble at [2]. These flags will also be enabled on XS modules built on Debian once this goes into unstable. I've just kicked off a test rebuild of all CPAN modules in Debian with the perl from experimental, to try and catch any severe breakage introduced by this. My question: does anyone know of any problems with using these flags with perl? Thanks, Dominic. [1] <http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags> [2] <http://wiki.debian.org/Hardening> -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
