diff options
| author | Jani Välimaa <wally@mageia.org> | 2023-12-05 21:15:06 +0200 |
|---|---|---|
| committer | Jani Välimaa <wally@mageia.org> | 2023-12-05 21:15:06 +0200 |
| commit | d0a550a50f4691967960099d278f1203e666081d (patch) | |
| tree | bcced56e86dfa34e3e4d5591a3b8dfe2d1a223d3 | |
| parent | a22410d179913eada175bc578927db34f6bc88c7 (diff) | |
| download | rpm-setup-d0a550a50f4691967960099d278f1203e666081d.tar rpm-setup-d0a550a50f4691967960099d278f1203e666081d.tar.gz rpm-setup-d0a550a50f4691967960099d278f1203e666081d.tar.bz2 rpm-setup-d0a550a50f4691967960099d278f1203e666081d.tar.xz rpm-setup-d0a550a50f4691967960099d278f1203e666081d.zip | |
rpmrc: add -fstack-clash-protection to default flags for all supported arches
Recommended in https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | rpmrc.in | 22 |
2 files changed, 12 insertions, 11 deletions
@@ -1,3 +1,4 @@ +- rpmrc: add -fstack-clash-protection to default flags for all supported arches - rpmrc: add -mbranch-protection=standard to aarch64 default flags - rpmrc: drop arches we don't really support - rpmrc: drop arch_compat also available in /usr/lib/rpm/rpmrc @@ -4,21 +4,21 @@ ############################################################# # Values for RPM_OPT_FLAGS for various platforms -optflags: i386 %{__common_cflags_with_ssp} -fomit-frame-pointer -march=i386 -fasynchronous-unwind-tables -optflags: i486 %{__common_cflags_with_ssp} -fomit-frame-pointer -march=i486 -fasynchronous-unwind-tables -optflags: i586 %{__common_cflags_with_ssp} -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -optflags: i686 %{__common_cflags_with_ssp} -fomit-frame-pointer -march=i686 -fasynchronous-unwind-tables -optflags: athlon %{__common_cflags_with_ssp} -fomit-frame-pointer -march=athlon -fasynchronous-unwind-tables -optflags: x86_64 %{__common_cflags_with_ssp} -fasynchronous-unwind-tables +optflags: i386 %{__common_cflags_with_ssp} -fomit-frame-pointer -march=i386 -fasynchronous-unwind-tables -fstack-clash-protection +optflags: i486 %{__common_cflags_with_ssp} -fomit-frame-pointer -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection +optflags: i586 %{__common_cflags_with_ssp} -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection +optflags: i686 %{__common_cflags_with_ssp} -fomit-frame-pointer -march=i686 -fasynchronous-unwind-tables -fstack-clash-protection +optflags: athlon %{__common_cflags_with_ssp} -fomit-frame-pointer -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection +optflags: x86_64 %{__common_cflags_with_ssp} -fasynchronous-unwind-tables -fstack-clash-protection # Cortex A8 -optflags: armv7 %{__common_cflags_with_ssp} -march=armv7-a -mtune=cortex-a8 -mfpu=neon -mfloat-abi=softfp -optflags: armv7l %{__common_cflags_with_ssp} -march=armv7-a -mtune=cortex-a8 -mfpu=neon -mfloat-abi=softfp +optflags: armv7 %{__common_cflags_with_ssp} -march=armv7-a -mtune=cortex-a8 -mfpu=neon -mfloat-abi=softfp -fstack-clash-protection +optflags: armv7l %{__common_cflags_with_ssp} -march=armv7-a -mtune=cortex-a8 -mfpu=neon -mfloat-abi=softfp -fstack-clash-protection -optflags: armv7hl %{__common_cflags_with_ssp} -march=armv7-a -mfloat-abi=hard -mfpu=vfpv3-d16 -optflags: armv7hnl %{__common_cflags_with_ssp} -march=armv7-a -mfloat-abi=hard -mfpu=neon +optflags: armv7hl %{__common_cflags_with_ssp} -march=armv7-a -mfloat-abi=hard -mfpu=vfpv3-d16 -fstack-clash-protection +optflags: armv7hnl %{__common_cflags_with_ssp} -march=armv7-a -mfloat-abi=hard -mfpu=neon -fstack-clash-protection -optflags: aarch64 %{__common_cflags_with_ssp} -mbranch-protection=standard -fasynchronous-unwind-tables +optflags: aarch64 %{__common_cflags_with_ssp} -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection ############################################################# # Canonical arch names and numbers |