@@ -58,7 +58,6 @@ CFLAGS-getpt.c = -fexceptions
ifeq (yesyes,$(have-fpie)$(build-shared))
pt_chown-cflags += $(pie-ccflag)
endif
-pt_chown-cflags += $(stack-protector)
ifeq (yes,$(have-libcap))
libcap = -lcap
endif
@@ -84,7 +84,6 @@ CPPFLAGS-nscd += -D_FORTIFY_SOURCE=2
ifeq (yesyes,$(have-fpie)$(build-shared))
CFLAGS-nscd += $(pie-ccflag)
endif
-CFLAGS-nscd += $(stack-protector)
ifeq (yesyes,$(have-fpie)$(build-shared))
LDFLAGS-nscd = -Wl,-z,now
@@ -90,7 +90,6 @@ CPPFLAGS += -Dgethostbyname=res_gethostbyname \
-Dgetnetbyname=res_getnetbyname \
-Dgetnetbyaddr=res_getnetbyaddr
-CFLAGS-libresolv += $(stack-protector)
CFLAGS-res_hconf.c = -fexceptions
# The BIND code elicits some harmless warnings.
From: Nick Alcock <nick.alcock@oracle.com> This is probably a bad idea: maybe we want to stack-protect some parts of the system even when ! --enable-stack-protector. I can easily adjust the patch to do that (though it'll mean introducing a new variable analogous to $(stack-protector) but not controlled by the configure flag.) But if we wanted to value consistency over security, and use the same stack-protection configure flag to control everything, this is how we'd do it! ("Always include at least one patch with something obviously wrong with it.") * login/Makefile (pt_chown-cflags): Remove. * nscd/Makefile (CFLAGS-nscd): Likewise. * resolv/Makefile (CFLAGS-libresolv): Likewise. --- login/Makefile | 1 - nscd/Makefile | 1 - resolv/Makefile | 1 - 3 files changed, 3 deletions(-)