[openssh-commits] [openssh] 01/01: Add checks for Spectre v2 mitigation (retpoline)

git+noreply at mindrot.org git+noreply at mindrot.org
Sun Feb 11 09:36:19 AEDT 2018

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 3377df00ea3fece5293db85fe63baef33bf5152e
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Sun Feb 11 09:32:37 2018 +1100

    Add checks for Spectre v2 mitigation (retpoline)
    This adds checks for gcc and clang flags for mitigations for Spectre
    variant 2, ie "retpoline".  It'll automatically enabled if the compiler
    supports it as part of toolchain hardening flag.  ok djm@
 configure.ac | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/configure.ac b/configure.ac
index 0476398a..71174571 100644
--- a/configure.ac
+++ b/configure.ac
@@ -163,6 +163,10 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
 	OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
     if test "x$use_toolchain_hardening" = "x1"; then
+	OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc
+	OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc
+	OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
+	OSSH_CHECK_CFLAG_LINK([-z retpolineplt])

To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list