Drop -fcf-protection for i686 because there won't be kernel support
This commit is contained in:
parent
c0295c50b3
commit
13bd1aaf1a
@ -581,9 +581,9 @@ These compiler flags are enabled for all builds (hardened/annotated or
|
|||||||
not), but their selection depends on the architecture:
|
not), but their selection depends on the architecture:
|
||||||
|
|
||||||
* `-fcf-protection`: Instrument binaries to guard against
|
* `-fcf-protection`: Instrument binaries to guard against
|
||||||
ROP/JOP attacks. Used on i686 and x86_64.
|
ROP/JOP exploitation techniques. Used on x86_64.
|
||||||
* `-mbranch-protection=standard`: Instrument binaries to guard against
|
* `-mbranch-protection=standard`: Instrument binaries to guard against
|
||||||
ROP/JOP attacks. Used on aarch64.
|
ROP/JOP exploitation techniques. Used on aarch64.
|
||||||
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
|
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
|
||||||
the same compilation. For such architectures, the RPM build process
|
the same compilation. For such architectures, the RPM build process
|
||||||
explicitly selects the architecture variant by passing this compiler
|
explicitly selects the architecture variant by passing this compiler
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
# 2) When making changes, increment the version (in baserelease) by 1.
|
# 2) When making changes, increment the version (in baserelease) by 1.
|
||||||
# rpmdev-bumpspec and other tools update the macro below, which is used
|
# rpmdev-bumpspec and other tools update the macro below, which is used
|
||||||
# in Version: to get the desired effect.
|
# in Version: to get the desired effect.
|
||||||
%global baserelease 279
|
%global baserelease 280
|
||||||
|
|
||||||
Summary: Red Hat specific rpm configuration files
|
Summary: Red Hat specific rpm configuration files
|
||||||
Name: redhat-rpm-config
|
Name: redhat-rpm-config
|
||||||
@ -262,6 +262,9 @@ install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora common.lua
|
|||||||
%doc buildflags.md
|
%doc buildflags.md
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jan 16 2024 Florian Weimer <fweimer@redhat.com> - 280-1
|
||||||
|
- Drop -fcf-protection for i686 because there won't be kernel support
|
||||||
|
|
||||||
* Tue Jan 16 2024 Nils Philippsen <nils@redhat.com> - 279-1
|
* Tue Jan 16 2024 Nils Philippsen <nils@redhat.com> - 279-1
|
||||||
- Obsolete rpmautospec-rpm-macros without version
|
- Obsolete rpmautospec-rpm-macros without version
|
||||||
|
|
||||||
|
2
rpmrc
2
rpmrc
@ -3,7 +3,7 @@ include: /usr/lib/rpm/rpmrc
|
|||||||
optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection
|
optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
optflags: i686 %{__global_compiler_flags} -m32 -march=i686 -mtune=generic -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
|
optflags: i686 %{__global_compiler_flags} -m32 -march=i686 -mtune=generic -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection
|
optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection
|
||||||
optflags: x86_64 %{__global_compiler_flags} -m64 %{__cflags_arch_x86_64} %__cflags_arch_x86_64_common
|
optflags: x86_64 %{__global_compiler_flags} -m64 %{__cflags_arch_x86_64} %__cflags_arch_x86_64_common
|
||||||
optflags: x86_64_v2 %{__global_compiler_flags} -m64 -march=x86-64-v2 %__cflags_arch_x86_64_common
|
optflags: x86_64_v2 %{__global_compiler_flags} -m64 -march=x86-64-v2 %__cflags_arch_x86_64_common
|
||||||
|
Loading…
Reference in New Issue
Block a user