[arch-general] Changing compilation flags
Alexander Harrigan
alexanderharrigan at techmail.info
Sat Jul 1 10:49:16 UTC 2017
On On Sat, Jul 1, 2017 at 09:54 AM, arch-general <arch-
general at archlinux.org> wrote:
> >On 2016-10-24 05:56, Allan McRae wrote:
> >*> 1) building gcc to enable PIE by default
> *>
> >I am in the middle of rebuilding gcc with --enable-default-pie. When
it
> >finishes, I will start a todo for rebuilding packages with static
libraries.
> >
> >I also enabled --enable-default-ssp, which means that
> >-fstack-protector-strong will be dropped from our CFLAGS (as it will
be
> >enforced by gcc) on the next opportunity.
> >
> >Bartłomiej
>
> Does the -enable-default-ssp enforce also -fstack-check=specific to
protect
> from stack clash [1], gentoo do it (except on vlc and tcl which not build
> but those are upstream bugs) [2]
>
> [1] https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash
> [2] https://wiki.gentoo.org/wiki/Hardened/Gentoo_Hardened_and_Stack_Clash
>
> *Pablo Lezaeta*
>
No it doesn't but original plan [1] was to enable -fstack-check, -fno-plt and
-z,now to default flags in makepkg.conf. I hope Pacman maintainer will add
those before mass rebuild started so everythig will be done at once.
[1] https://lists.archlinux.org/pipermail/arch-dev-
public/2016-October/028405.html
\-- Sent using MsgSafe.io's Free Plan Private, encrypted, online communication
For everyone. https://www.msgsafe.io
More information about the arch-general
mailing list