diff options
| author | Jani Välimaa <wally@mageia.org> | 2023-12-05 21:52:16 +0200 |
|---|---|---|
| committer | Jani Välimaa <wally@mageia.org> | 2023-12-05 21:52:16 +0200 |
| commit | c26115627c856f451b58878e8dcca3d7e5d4589b (patch) | |
| tree | e5357ad0b6253805511602f29417441fb53e5dcc | |
| parent | 5b2047b05ead5353c1d3ca3e8112424eb1c7aae4 (diff) | |
| download | rpm-setup-c26115627c856f451b58878e8dcca3d7e5d4589b.tar rpm-setup-c26115627c856f451b58878e8dcca3d7e5d4589b.tar.gz rpm-setup-c26115627c856f451b58878e8dcca3d7e5d4589b.tar.bz2 rpm-setup-c26115627c856f451b58878e8dcca3d7e5d4589b.tar.xz rpm-setup-c26115627c856f451b58878e8dcca3d7e5d4589b.zip | |
rpmrc: add -fcf-protection=full to x86 default flags
Recommended in https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | rpmrc.in | 6 |
2 files changed, 4 insertions, 3 deletions
@@ -1,4 +1,5 @@ - rpmrc: add -fstack-clash-protection to default flags for all supported arches +- rpmrc: add -fcf-protection=full to x86 default flags - rpmrc: add -mbranch-protection=standard to aarch64 default flags - rpmrc: drop arches we don't really support - rpmrc: drop arch_compat also available in /usr/lib/rpm/rpmrc @@ -6,10 +6,10 @@ optflags: i386 %{__common_cflags_with_ssp} -fomit-frame-pointer -march=i386 -fasynchronous-unwind-tables -fstack-clash-protection optflags: i486 %{__common_cflags_with_ssp} -fomit-frame-pointer -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection -optflags: i586 %{__common_cflags_with_ssp} -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -optflags: i686 %{__common_cflags_with_ssp} -fomit-frame-pointer -march=i686 -fasynchronous-unwind-tables -fstack-clash-protection +optflags: i586 %{__common_cflags_with_ssp} -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full +optflags: i686 %{__common_cflags_with_ssp} -fomit-frame-pointer -march=i686 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full optflags: athlon %{__common_cflags_with_ssp} -fomit-frame-pointer -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection -optflags: x86_64 %{__common_cflags_with_ssp} -fasynchronous-unwind-tables -fstack-clash-protection +optflags: x86_64 %{__common_cflags_with_ssp} -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full # Cortex A8 optflags: armv7 %{__common_cflags_with_ssp} -march=armv7-a -mtune=cortex-a8 -mfpu=neon -mfloat-abi=softfp -fstack-clash-protection |