[arch-dev-public] CFLAGS changes with gcc-4.9
Hi all, gcc-4.9 is due to be released on the 22nd. This brings a new stack protection flag, -fstack-protector-strong. See this blog post for some details [1]. I would like to do two things with the release of gcc-4.9: 1) Add -fstack-protector-strong to our CFLAGS 2) Rebuild all [core] packages The rebuild would not only add the extra stack protection, but also ensure all [core] packages have .MTREE files (which become more useful with the next pacman release, although still do not test checksums). Any opinions on both of these points? Cheers, Allan [1] http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong/
Am 12.04.2014 09:22, schrieb Allan McRae:
Hi all,
gcc-4.9 is due to be released on the 22nd. This brings a new stack protection flag, -fstack-protector-strong. See this blog post for some details [1].
I would like to do two things with the release of gcc-4.9: 1) Add -fstack-protector-strong to our CFLAGS 2) Rebuild all [core] packages
The rebuild would not only add the extra stack protection, but also ensure all [core] packages have .MTREE files (which become more useful with the next pacman release, although still do not test checksums).
Don't they already have them?
Any opinions on both of these points?
The kernel also has a new option CONFIG_CC_STACKPROTECTOR_STRONG in 3.14. Obviously, this is currently disabled in our build.
On 12/04/14 17:52, Thomas Bächler wrote:
Am 12.04.2014 09:22, schrieb Allan McRae:
Hi all,
gcc-4.9 is due to be released on the 22nd. This brings a new stack protection flag, -fstack-protector-strong. See this blog post for some details [1].
I would like to do two things with the release of gcc-4.9: 1) Add -fstack-protector-strong to our CFLAGS 2) Rebuild all [core] packages
The rebuild would not only add the extra stack protection, but also ensure all [core] packages have .MTREE files (which become more useful with the next pacman release, although still do not test checksums).
Don't they already have them?
.MTREE files were introduced with pacman-4.1 on 2013-04-01. There appears to be a few packages without them still: https://www.archlinux.org/packages/?repo=Core&sort=last_update
Any opinions on both of these points?
The kernel also has a new option CONFIG_CC_STACKPROTECTOR_STRONG in 3.14. Obviously, this is currently disabled in our build.
participants (2)
-
Allan McRae
-
Thomas Bächler