Message ID | 20200816102953.3881-56-michael.tremer@ipfire.org |
---|---|
State | Accepted |
Commit | 5eec0f21a6515e787ea8af0653c1048171d5d635 |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4BTtmL0bS6z3x0m for <patchwork@web04.haj.ipfire.org>; Sun, 16 Aug 2020 10:32:50 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4BTtk1630rz10B; Sun, 16 Aug 2020 10:30:49 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4BTtk15JQBz2yDf; Sun, 16 Aug 2020 10:30:49 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4BTtk01B8kz2xnn for <development@lists.ipfire.org>; Sun, 16 Aug 2020 10:30:48 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 4BTtjv6DNzzx8; Sun, 16 Aug 2020 10:30:43 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1597573844; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XKyFwUUYN6lHRIJMtypQs0umYH06L/9nXjFFIHrvglY=; b=6AUvUTebRMZt1zjdWiGGZM9XIe5C0Y2O+ggGjICgXqcjE7fvu7Az9jDIbVRgT49vJGXiI7 2U7n7eaFJMhRUWAg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1597573844; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XKyFwUUYN6lHRIJMtypQs0umYH06L/9nXjFFIHrvglY=; b=vumuCzO+oJmHm+VIVV/eirx4dtn+MfeVgryns1+5rTCKRU0Xp88WLDqtwujhEMinruKi+8 qVSn+5mRQDET0FwfOkq0cQx6U8cnMFucmu9anSIJwfaQUDZ1DCEM5hgmnriSEA/SqbOGKk blLSqhe7h5VIpA5VLK6H11p3AC7LqCHrpOW7Mke7qvW+Myr2ey/tMxG6HX7JkDmAfJQnWf +eJUd9fSAP78YGXwtc04qskKmWVQwPdXuYgMPdS4aQaqnfqa6dyI+k/N8JDuqj29rggtzx FrXWAZUp5ZtGpQas9T4pStUKub9Z5HJOtTS/OUiV97vFuP1a6+/rxFJdfciM8w== From: Michael Tremer <michael.tremer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH 56/62] make.sh: Add -fcf-protection for x86_64/i586 Date: Sun, 16 Aug 2020 10:29:47 +0000 Message-Id: <20200816102953.3881-56-michael.tremer@ipfire.org> In-Reply-To: <20200816102953.3881-1-michael.tremer@ipfire.org> References: <20200816102953.3881-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Cc: Michael Tremer <michael.tremer@ipfire.org> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
[01/62] bison: Update to 3.7.1
|
|
Commit Message
Michael Tremer
Aug. 16, 2020, 10:29 a.m. UTC
Instrument binaries to guard against ROP/JOP attacks.
This flag in only available on x86_64 and i586.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
make.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/make.sh b/make.sh index fae75fdc9..99ac1bc85 100755 --- a/make.sh +++ b/make.sh @@ -146,14 +146,14 @@ configure_build() { BUILDTARGET="${build_arch}-unknown-linux-gnu" CROSSTARGET="${build_arch}-cross-linux-gnu" BUILD_PLATFORM="x86" - CFLAGS_ARCH="-m64 -mtune=generic -fstack-clash-protection" + CFLAGS_ARCH="-m64 -mtune=generic -fstack-clash-protection -fcf-protection" ;; i586) BUILDTARGET="${build_arch}-pc-linux-gnu" CROSSTARGET="${build_arch}-cross-linux-gnu" BUILD_PLATFORM="x86" - CFLAGS_ARCH="-march=i586 -mtune=generic -fomit-frame-pointer" + CFLAGS_ARCH="-march=i586 -mtune=generic -fomit-frame-pointer -fcf-protection" ;; aarch64)