rpms
/
redhat-rpm-config
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Drop -fcf-protection for i686 because there won't be kernel support

This commit is contained in:
Florian Weimer 2024-01-16 11:34:37 +01:00
parent c0295c50b3
commit 13bd1aaf1a
3 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
buildflags.md
View File

@ -581,9 +581,9 @@ These compiler flags are enabled for all builds (hardened/annotated or
not), but their selection depends on the architecture: not), but their selection depends on the architecture:
* `-fcf-protection`: Instrument binaries to guard against * `-fcf-protection`: Instrument binaries to guard against
ROP/JOP attacks. Used on i686 and x86_64. ROP/JOP exploitation techniques. Used on x86_64.
* `-mbranch-protection=standard`: Instrument binaries to guard against * `-mbranch-protection=standard`: Instrument binaries to guard against
ROP/JOP attacks. Used on aarch64. ROP/JOP exploitation techniques. Used on aarch64.
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in * `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
the same compilation. For such architectures, the RPM build process the same compilation. For such architectures, the RPM build process
explicitly selects the architecture variant by passing this compiler explicitly selects the architecture variant by passing this compiler

5
redhat-rpm-config.spec
View File

@ -4,7 +4,7 @@
# 2) When making changes, increment the version (in baserelease) by 1. # 2) When making changes, increment the version (in baserelease) by 1.
# rpmdev-bumpspec and other tools update the macro below, which is used # rpmdev-bumpspec and other tools update the macro below, which is used
# in Version: to get the desired effect. # in Version: to get the desired effect.
%global baserelease 279 %global baserelease 280
Summary: Red Hat specific rpm configuration files Summary: Red Hat specific rpm configuration files
Name: redhat-rpm-config Name: redhat-rpm-config
@ -262,6 +262,9 @@ install -p -m 644 -t %{buildroot}%{_rpmluadir}/fedora common.lua
%doc buildflags.md %doc buildflags.md
%changelog %changelog
* Tue Jan 16 2024 Florian Weimer <fweimer@redhat.com> - 280-1
- Drop -fcf-protection for i686 because there won't be kernel support
* Tue Jan 16 2024 Nils Philippsen <nils@redhat.com> - 279-1 * Tue Jan 16 2024 Nils Philippsen <nils@redhat.com> - 279-1
- Obsolete rpmautospec-rpm-macros without version - Obsolete rpmautospec-rpm-macros without version

2
rpmrc
View File

@ -3,7 +3,7 @@ include: /usr/lib/rpm/rpmrc
optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i686 %{__global_compiler_flags} -m32 -march=i686 -mtune=generic -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection optflags: i686 %{__global_compiler_flags} -m32 -march=i686 -mtune=generic -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection
optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection
optflags: x86_64 %{__global_compiler_flags} -m64 %{__cflags_arch_x86_64} %__cflags_arch_x86_64_common optflags: x86_64 %{__global_compiler_flags} -m64 %{__cflags_arch_x86_64} %__cflags_arch_x86_64_common
optflags: x86_64_v2 %{__global_compiler_flags} -m64 -march=x86-64-v2 %__cflags_arch_x86_64_common optflags: x86_64_v2 %{__global_compiler_flags} -m64 -march=x86-64-v2 %__cflags_arch_x86_64_common