From patchwork Sun Aug 16 10:29:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 3348 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4BTtlK3ZP7z3x0m for ; Sun, 16 Aug 2020 10:31:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4BTtjs20f7z10Q; Sun, 16 Aug 2020 10:30:41 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4BTtjm1yYBz30X0; Sun, 16 Aug 2020 10:30:36 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4BTtjl2KHkz2yDq for ; Sun, 16 Aug 2020 10:30:35 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 4BTtjd4bhvzw0; Sun, 16 Aug 2020 10:30:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1597573830; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nvwhd39EjoOKWO6U/PxSj4BfD+suUW7P8lmbg/co/6o=; b=NqiJr8XDLxLGBafet0I/i9PMI19P+4Oq7lNOkQEXzH6F1zgarTeVWV3uSby+WJUYVbNiCL PkAbbVgi6lDOUZyFshXFEC2aFjCKGTiFJKi6ce8Cd6nvVmg52ptn2cXwoz9zttqmxtFp1E wA9nV78PRYhKkVOpv+wLR0mYw7F+nBu/XqA0m0wn2myu6xcjxoKfGzcwmVj66iA+lkamrJ ih1XULwPDgrxECpCIg4AftkbmY4Fc3QLxM0clHGerZNW2PX9ZJZKzh22n0sbUkjae5f2OQ 63MLI2pTgDUHPW6gjSdBEqC/yqpIV3nyybsRIFbhCg13euVuuBv2LeJ1LJEsgg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1597573830; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nvwhd39EjoOKWO6U/PxSj4BfD+suUW7P8lmbg/co/6o=; b=BBhx7RDRLm0PnDZ0qEav7CTbku8EJ+fo21DxhaN5FpvcfTATqSPkyWKPeVydOyT4pxuUzk 6QFMJHi17NEhABAA== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 42/62] make.sh: Remove -mindirect-branch=thunk and -mfunction-return=thunk as default Date: Sun, 16 Aug 2020 10:29:33 +0000 Message-Id: <20200816102953.3881-42-michael.tremer@ipfire.org> In-Reply-To: <20200816102953.3881-1-michael.tremer@ipfire.org> References: <20200816102953.3881-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" I cannot find any evidence that this is helpful and no other distribution has this as default. Packages that are vulnerable to these attacks (i.e. the kernel) add these flags as appropriate automatically. Signed-off-by: Michael Tremer --- make.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/make.sh b/make.sh index 799aeee66..1a1960674 100755 --- a/make.sh +++ b/make.sh @@ -146,14 +146,14 @@ configure_build() { BUILDTARGET="${build_arch}-unknown-linux-gnu" CROSSTARGET="${build_arch}-cross-linux-gnu" BUILD_PLATFORM="x86" - CFLAGS_ARCH="-m64 -mindirect-branch=thunk -mfunction-return=thunk -mtune=generic" + CFLAGS_ARCH="-m64 -mtune=generic" ;; i586) BUILDTARGET="${build_arch}-pc-linux-gnu" CROSSTARGET="${build_arch}-cross-linux-gnu" BUILD_PLATFORM="x86" - CFLAGS_ARCH="-march=i586 -mindirect-branch=thunk -mfunction-return=thunk -mtune=generic -fomit-frame-pointer" + CFLAGS_ARCH="-march=i586 -mtune=generic -fomit-frame-pointer" ;; aarch64)