Bug 978763 - switch from "-fstack-protector" to "-fstack-protector-strong" in rawhide (in time for Fedora 20)
Summary: switch from "-fstack-protector" to "-fstack-protector-strong" in rawhide (in ...
Alias: None
Product: Fedora
Classification: Fedora
Component: redhat-rpm-config
Version: rawhide
Hardware: Unspecified
OS: Linux
Target Milestone: ---
Assignee: Panu Matilainen
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: F20AlphaBlocker
TreeView+ depends on / blocked
Reported: 2013-06-27 06:42 UTC by Dhiru Kholia
Modified: 2014-03-25 03:44 UTC (History)
6 users (show)

Clone Of:
Last Closed: 2013-07-04 07:37:00 UTC

Attachments (Terms of Use)
Fix #978763 (3.42 KB, patch)
2013-06-27 08:46 UTC, Dhiru Kholia
no flags Details | Diff

Description Dhiru Kholia 2013-06-27 06:42:31 UTC
FESCo Ticket: https://fedorahosted.org/fesco/ticket/1128



The new compiler flag "-fstack-protector-strong" in Fedora 19's gcc achieves a better balance between security and performance (when compared against the default -fstack-protector and available -fstack-protector-all options).

I am proposing to switch from using the "-fstack-protector" flag to "-fstack-protector-strong" in Fedora 20. The switch involves changing a single line in /usr/lib/rpm/redhat/macros file.

Comment 1 Dhiru Kholia 2013-06-27 08:46:09 UTC
Created attachment 766017 [details]
Fix #978763

Comment 2 Dhiru Kholia 2013-06-27 08:47:18 UTC
Patch for fixing this bug is attached.

In case of problems, please see https://bitbucket.org/dhiru/redhat-rpm-config/commits/all

Comment 3 Dhiru Kholia 2013-06-28 12:15:58 UTC
Hi Panu,

Does the attached patch works for you?

Can we fix this bug ASAP (in order to catch potential problems early on) ?

Comment 4 Stephen Gallagher 2013-07-03 19:27:14 UTC
Panu, please review and incorporate (or help correct it if it needs work).

At the FESCo meeting on 2013-07-03 we decided that this change needs to be made before the F20 mass-rebuilds take place. Thus nominating it for an F20Alpha blocker.

Comment 5 Panu Matilainen 2013-07-04 07:06:51 UTC
I was on vacation for a couple of days and this ends all the way up to FESCo?

I dont see how a s/fno-stack-protector/fno-stack-protector-strong/ operation would need a whole lot of "review" from me, especially considering the whole hardening stuff was added by someone else to begin with (but thats beside the point here)

So yeah yeah, I'll drop it in soonish.

Comment 6 Panu Matilainen 2013-07-04 07:20:25 UTC
Oh, this wasn't linked to the hardening stuff at all, my mistake.

And apparently it does need a bit of review afterall: there's no such option as "-fno-stack-protector-strong" which the patch introduces for aarch64.

Comment 7 Panu Matilainen 2013-07-04 07:37:00 UTC
Changed in redhat-rpm-config-9.1.0-47.fc20

Comment 8 Dhiru Kholia 2013-07-04 08:19:21 UTC
Thanks Panu!

It would be great if we could get rid of those "whitespace errors" (from the SPEC file) in a future update.

Comment 9 Panu Matilainen 2013-07-04 08:25:10 UTC
Um, what whitespace errors?

Comment 10 Dhiru Kholia 2013-07-04 09:24:39 UTC
whitespace errors ==> some empty lines have stray spaces / tabs in them.

Turn on colours in the git configuration and see the output of "git log -p".

Note You need to log in before you can comment on or make changes to this bug.