Bug 2158232 - Add _FORTIFY_SOURCE=3 to distribution build flags
Summary: Add _FORTIFY_SOURCE=3 to distribution build flags
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Changes Tracking
Version: 38
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Siddhesh Poyarekar
QA Contact:
URL:
Whiteboard:
Depends On: 2160077 2161300 2161303 2161311 2161318 2161319 2161322 2161329 2161330 2161343 2161371 2161385 2164068 2173623 2181282
Blocks: F38Changes
TreeView+ depends on / blocked
 
Reported: 2023-01-04 18:08 UTC by Ben Cotton
Modified: 2023-04-18 14:06 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-04-18 14:06:36 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Ben Cotton 2023-01-04 18:08:15 UTC
This is a tracking bug for Change: Add _FORTIFY_SOURCE=3 to distribution build flags
For more details, see: https://fedoraproject.org/wiki/Changes/Add_FORTIFY_SOURCE%3D3_to_distribution_build_flags

Replace the current _FORTIFY_SOURCE=2 with _FORTIFY_SOURCE=3 to improve mitigation of security issues arising from buffer overflows in packages in Fedora.

If you encounter a bug related to this Change, please do not comment here. Instead create a new bug and set it to block this bug.

Comment 1 Siddhesh Poyarekar 2023-01-04 18:45:23 UTC
redhat-rpm-config change is in:

https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-request/228

Now to wait for the mass rebuild to confirm that everything works.  Broken packages (failed builds or runtime failures) should block this bug until it is determined that the breakage exposes a bug in that package.

Comment 2 Ben Cotton 2023-02-07 14:27:33 UTC
Today we reached the Code Complete (Testable) milestone on the F38 schedule: https://fedorapeople.org/groups/schedule/f-38/f-38-key-tasks.html

At this time, all F38 Changes should be complete enough to be testable. You can indicate this by setting this tracker to the MODIFIED status. If the Change is 100% code complete, you can set the tracker to ON_QA. If you need to defer this Change to F39, please NEEDINFO me.

Changes that have not reached at least the MODIFIED status will be given to FESCo for evaluation of contingency plans.


Note You need to log in before you can comment on or make changes to this bug.