Use -march=i686 for x86 builds if -fcf-protection is detected (needs CMOV)
This commit is contained in:
Andrew John Hughes
parent
31af2fd707
commit
b6e8960be7
|
|
@ -270,7 +270,7 @@
|
|||
%global top_level_dir_name %{origin}
|
||||
%global minorver 0
|
||||
%global buildver 9
|
||||
%global rpmrelease 9
|
||||
%global rpmrelease 10
|
||||
# priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||
%if %is_system_jdk
|
||||
%global priority %( printf '%02d%02d%02d%02d' %{majorver} %{minorver} %{securityver} %{buildver} )
|
||||
|
|
@ -1116,7 +1116,8 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1
|
|||
Patch4: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
|
||||
# Depend on pcs-lite-libs instead of pcs-lite-devel as this is only in optional repo
|
||||
Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
|
||||
|
||||
# JDK-8259949: Use i686 instead of i586 on x86 when -fcf-protection is passed to the compiler, as CMOV is needed
|
||||
Patch8: jdk8259949-allow_cf-protection_on_x86.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
|
|
@ -1466,6 +1467,7 @@ pushd %{top_level_dir_name}
|
|||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch6 -p1
|
||||
%patch8 -p1
|
||||
popd # openjdk
|
||||
|
||||
%patch1000
|
||||
|
|
@ -2095,6 +2097,9 @@ require "copy_jdk_configs.lua"
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jan 19 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:15.0.1.9-10.rolling
|
||||
- Use -march=i686 for x86 builds if -fcf-protection is detected (needs CMOV)
|
||||
|
||||
* Tue Dec 22 2020 Jiri Vanek <jvanek@redhat.com> - 1:15.0.1.9-9.rolling
|
||||
- fixed missing condition for fastdebug packages being counted as debug ones
|
||||
|
||||
|
|
@ -2117,7 +2122,7 @@ require "copy_jdk_configs.lua"
|
|||
- patch600 rh1750419-redhat_alt_java.patch amended to die, if it is used wrongly
|
||||
- introduced ssbd_arches with currently only valid arch of x86_64 to separate real alt-java architectures
|
||||
|
||||
* Wed Dec 7 2020 Jiri Vanek <jvanek@redhat.com> - 1:15.0.1.9-4.rolling
|
||||
* Wed Dec 9 2020 Jiri Vanek <jvanek@redhat.com> - 1:15.0.1.9-4.rolling
|
||||
- moved wrongly placed licenses to accompany other ones
|
||||
- this bad placement was killng parallel-installability and thus having bad impact to leapp if used
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,27 @@
|
|||
diff --git openjdk.orig/make/autoconf/flags-cflags.m4 openjdk/make/autoconf/flags-cflags.m4
|
||||
--- openjdk.orig/make/autoconf/flags-cflags.m4
|
||||
+++ openjdk/make/autoconf/flags-cflags.m4
|
||||
@@ -715,9 +715,21 @@
|
||||
# CFLAGS PER CPU
|
||||
if test "x$TOOLCHAIN_TYPE" = xgcc || test "x$TOOLCHAIN_TYPE" = xclang; then
|
||||
# COMMON to gcc and clang
|
||||
+ AC_MSG_CHECKING([if $1 is x86])
|
||||
if test "x$FLAGS_CPU" = xx86; then
|
||||
- # Force compatibility with i586 on 32 bit intel platforms.
|
||||
- $1_CFLAGS_CPU="-march=i586"
|
||||
+ AC_MSG_RESULT([yes])
|
||||
+ AC_MSG_CHECKING([if control flow protection is enabled by additional compiler flags])
|
||||
+ if echo "${EXTRA_CFLAGS}${EXTRA_CXXFLAGS}${EXTRA_ASFLAGS}" | ${GREP} -q 'fcf-protection' ; then
|
||||
+ # cf-protection requires CMOV and thus i686
|
||||
+ $1_CFLAGS_CPU="-march=i686"
|
||||
+ AC_MSG_RESULT([yes, forcing ${$1_CFLAGS_CPU}])
|
||||
+ else
|
||||
+ # Force compatibility with i586 on 32 bit intel platforms.
|
||||
+ $1_CFLAGS_CPU="-march=i586"
|
||||
+ AC_MSG_RESULT([no, forcing ${$1_CFLAGS_CPU}])
|
||||
+ fi
|
||||
+ else
|
||||
+ AC_MSG_RESULT([no])
|
||||
fi
|
||||
fi
|
||||
|
||||
Loading…
Reference in New Issue