Merge #224822: hardening flags: enable fortify3 by default

...into staging
author: Vladimír Čunát <v@cunat.cz> 2023-07-06 10:33:24 +0200
committer: Vladimír Čunát <v@cunat.cz> 2023-07-06 10:33:24 +0200
commit: 58392652f0f1706c666289a8520324c44cebaa40 (patch)
tree: d2f2fde35d5562bbbe373f6dbcb42613c748c712 /pkgs/build-support/cc-wrapper
parent: 124f53d41856ddf0e73f48ba7ab96e83157957ab (diff)
parent: 903f19e08e9105552f3d971c7874d23c1371749c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/pkgs/build-support/cc-wrapper/setup-hook.sh b/pkgs/build-support/cc-wrapper/setup-hook.sh
index be01c51a71ffd..9326d76e2a8ff 100644
--- a/pkgs/build-support/cc-wrapper/setup-hook.sh
+++ b/pkgs/build-support/cc-wrapper/setup-hook.sh
@@ -111,7 +111,7 @@ export CC${role_post}=@named_cc@
 export CXX${role_post}=@named_cxx@
 
 # If unset, assume the default hardening flags.
-: ${NIX_HARDENING_ENABLE="fortify stackprotector pic strictoverflow format relro bindnow"}
+: ${NIX_HARDENING_ENABLE="fortify fortify3 stackprotector pic strictoverflow format relro bindnow"}
 export NIX_HARDENING_ENABLE
 
 # No local scope in sourced file
author	Vladimír Čunát <v@cunat.cz>	2023-07-06 10:33:24 +0200
committer	Vladimír Čunát <v@cunat.cz>	2023-07-06 10:33:24 +0200
commit	58392652f0f1706c666289a8520324c44cebaa40 (patch)
tree	d2f2fde35d5562bbbe373f6dbcb42613c748c712 /pkgs/build-support/cc-wrapper
parent	124f53d41856ddf0e73f48ba7ab96e83157957ab (diff)
parent	903f19e08e9105552f3d971c7874d23c1371749c (diff)