Tag: Undo |
m (→Owner) |
||
Line 35: | Line 35: | ||
* Name: [[User:siddhesh| Siddhesh Poyarekar]] | * Name: [[User:siddhesh| Siddhesh Poyarekar]] | ||
<!-- Include you email address that you can be reached should people want to contact you about helping with your change, status is requested, or technical issues need to be resolved. If the change proposal is owned by a SIG, please also add a primary contact person. --> | <!-- Include you email address that you can be reached should people want to contact you about helping with your change, status is requested, or technical issues need to be resolved. If the change proposal is owned by a SIG, please also add a primary contact person. --> | ||
* Email: sipoyare@redhat.com | * Email: sipoyare@redhat.com, siddhesh@redhat.com | ||
* Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> --> | * Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> --> | ||
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo) | <!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo) |
Revision as of 15:12, 5 December 2022
Add _FORTIFY_SOURCE=3 to distribution build flags
Summary
Replace the current _FORTIFY_SOURCE=2 with _FORTIFY_SOURCE=3 to improve mitigation of security issues arising from buffer overflows in packages in Fedora.
Owner
- Name: Siddhesh Poyarekar
- Email: sipoyare@redhat.com, siddhesh@redhat.com
- Release notes owner:
Current status
- Targeted release: Fedora 38
- Last updated: 2022-12-05
- Tracker bug: <will be assigned by the Wrangler>
Detailed Description
Benefit to Fedora
Improved security.
Scope
- Proposal owners:
Build all packages and report failures.
- Other developers:
Fix bugs filed for build failures.
- Release engineering:
- List of deliverables: N/A (not a System Wide Change)
- Policies and guidelines: None
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
No ABI change, so there should be no impact on compatibility in a mixed environment.
How To Test
- fortify-metrics to get compiler level metrics of coverage improvement - Smoke testing of packages to ensure that they continue to work correctly. Some packages may have overflows exposed at runtime, which may need to be fixed.
User Experience
No noticeable change to users.
Dependencies
None.
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
- Blocks product? product
Documentation
TODO