[arch-general] Changing compilation flags

Eli Schwartz eschwartz93 at gmail.com
Sun Jul 2 02:10:32 UTC 2017


On 07/01/2017 06:49 AM, Alexander Harrigan wrote:
> On On Sat, Jul 1, 2017 at 09:54 AM, arch-general <arch-
> general at archlinux.org> wrote:
> 
> > >On 2016-10-24 05:56, Allan McRae wrote:
> 
> > >*> 1) building gcc to enable PIE by default
> 
> > *>
> 
> > >I am in the middle of rebuilding gcc with --enable-default-pie. When
> it
> 
> > >finishes, I will start a todo for rebuilding packages with static
> libraries.
> 
> > >
> 
> > >I also enabled --enable-default-ssp, which means that
> 
> > >-fstack-protector-strong will be dropped from our CFLAGS (as it will
> be
> 
> > >enforced by gcc) on the next opportunity.
> 
> > >
> 
> > >Bartłomiej
> 
> >
> 
> > Does the -enable-default-ssp enforce also -fstack-check=specific to
> protect
> 
> > from stack clash [1], gentoo do it (except on vlc and tcl which not build
> 
> > but those are upstream bugs) [2]
> 
> >
> 
> > [1] https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash
> 
> > [2] https://wiki.gentoo.org/wiki/Hardened/Gentoo_Hardened_and_Stack_Clash
> 
> >
> 
> > *Pablo Lezaeta*
> 
> >
> 
> No it doesn't but original plan [1] was to enable -fstack-check, -fno-plt and
> -z,now to default flags in makepkg.conf. I hope Pacman maintainer will add
> those before mass rebuild started so everythig will be done at once.
> 
> [1] https://lists.archlinux.org/pipermail/arch-dev-
> public/2016-October/028405.html
> 
> \-- Sent using MsgSafe.io's Free Plan Private, encrypted, online communication
> For everyone. https://www.msgsafe.io

It is extremely hard to keep track of what you wrote here, and what you
are quoting from elsewhere (and who and where those quotes come from).
Can you please use an email client that actually works?

Thanks.

-- 
Eli Schwartz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20170701/5ec0977a/attachment.asc>


More information about the arch-general mailing list