From 26f02f62c32679313733dddefc52a21fe5b2b21d Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Tue, 1 Aug 2023 09:45:07 +0200 Subject: [PATCH] Fix CET support While the current implementation works on Fedora, on c9s/rhel the CFLAGS haven't been set at this point yet, so we are missing the -fcfprotection flag in ASMFLAGS. Using build_cflags avoids this ordering problem. Additionally, add -Wl,-z,cet-report=error to the libLLVM.so linker flags, so we can detect such issues earlier in the future. Resolves: rhbz#2222040 --- llvm.spec | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/llvm.spec b/llvm.spec index 9f4a573..abc8fa7 100644 --- a/llvm.spec +++ b/llvm.spec @@ -81,7 +81,7 @@ ver:rc%{rc_ver}}.src Name: %{pkg_name} Version: %{maj_ver}.%{min_ver}.%{patch_ver}%{?rc_ver:~rc%{rc_ver}} -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Low Level Virtual Machine License: Apache-2.0 WITH LLVM-exception OR NCSA @@ -279,7 +279,7 @@ mv %{third_party_srcdir} third-party %endif # Copy CFLAGS into ASMFLAGS, so -fcf-protection is used when compiling assembly files. -export ASMFLAGS=$CFLAGS +export ASMFLAGS="%{build_cflags}" # force off shared libs as cmake macros turns it on. %cmake -G Ninja \ @@ -355,7 +355,8 @@ export ASMFLAGS=$CFLAGS -DCMAKE_INSTALL_PREFIX=%{install_prefix} \ -DLLVM_INSTALL_SPHINX_HTML_DIR=%{_pkgdocdir}/html \ -DSPHINX_EXECUTABLE=%{_bindir}/sphinx-build-3 \ - -DLLVM_INCLUDE_BENCHMARKS=OFF + -DLLVM_INCLUDE_BENCHMARKS=OFF \ + -DCMAKE_SHARED_LINKER_FLAGS="-Wl,-z,cet-report=error" # Build libLLVM.so first. This ensures that when libLLVM.so is linking, there # are no other compile jobs running. This will help reduce OOM errors on the @@ -647,6 +648,9 @@ fi %endif %changelog +* Tue Aug 01 2023 Nikita Popov - 16.0.6-2 +- Fix CET support + * Tue Jul 04 2023 Nikita Popov - 16.0.6-1 - Update to LLVM 16.0.6