[openssh-commits] [openssh] 01/01: Add checks for Spectre v2 mitigation (retpoline)
git+noreply at mindrot.org
git+noreply at mindrot.org
Sun Feb 11 09:36:19 AEDT 2018
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit 3377df00ea3fece5293db85fe63baef33bf5152e
Author: Darren Tucker <dtucker at dtucker.net>
Date: Sun Feb 11 09:32:37 2018 +1100
Add checks for Spectre v2 mitigation (retpoline)
This adds checks for gcc and clang flags for mitigations for Spectre
variant 2, ie "retpoline". It'll automatically enabled if the compiler
supports it as part of toolchain hardening flag. ok djm@
---
configure.ac | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/configure.ac b/configure.ac
index 0476398a..71174571 100644
--- a/configure.ac
+++ b/configure.ac
@@ -163,6 +163,10 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
if test "x$use_toolchain_hardening" = "x1"; then
+ OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc
+ OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc
+ OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
+ OSSH_CHECK_CFLAG_LINK([-z retpolineplt])
OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list