Exiv2
Add compiler flags which could be interesting in terms of software security
Take ideas from here:
https://git.libssh.org/projects/libssh.git/tree/CompilerChecks.cmake
We essentially want to add this:
$ rpm --eval %{optflags}
-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
wherever supported (the annobin stuff is afaik only supported on RHEL/CentOS & Fedora)
Peter Kovář [email protected] writes:
Also, for better performance LTO use would be nice to have.
Shared libraries don't support LTO.
You can build the library with LTO, but I wouldn't get my hopes up without using profile guided optimization.
-- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/Exiv2/exiv2/issues/956#issuecomment-510910503
This sounds important, although I don't understand it. I'll mark this for attention in v1.00.
