I see  -fstack-check is dropped and -fstack-protector-strong kept while being redundant. Anyone know what happened?  https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/pacm...
On 2017-06-30 23:44, Allan McRae wrote:
On 30/06/17 19:07, Bartłomiej Piotrowski wrote:
On 2016-10-24 05:56, Allan McRae wrote:
1) building gcc to enable PIE by default
I am in the middle of rebuilding gcc with --enable-default-pie. When it
finishes, I will start a todo for rebuilding packages with static libraries.
I also enabled --enable-default-ssp, which means that
-fstack-protector-strong will be dropped from our CFLAGS (as it will be
enforced by gcc) on the next opportunity.
Are you adding full RELRO + no-plt at the same time?
Yes, and -fstack-check=specific too, although I might drop no-plt if it will cause too many builders.