Bug 978763 - switch from "-fstack-protector" to "-fstack-protector-strong" in rawhide (in time for Fedora 20)
switch from "-fstack-protector" to "-fstack-protector-strong" in rawhide (in ...
Product: Fedora
Classification: Fedora
Component: redhat-rpm-config (Show other bugs)
Unspecified Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Panu Matilainen
Fedora Extras Quality Assurance
Depends On:
Blocks: F20AlphaBlocker
  Show dependency treegraph
Reported: 2013-06-27 02:42 EDT by Dhiru Kholia
Modified: 2014-03-24 23:44 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-07-04 03:37:00 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Fix #978763 (3.42 KB, patch)
2013-06-27 04:46 EDT, Dhiru Kholia
no flags Details | Diff

  None (edit)
Description Dhiru Kholia 2013-06-27 02:42:31 EDT
FESCo Ticket: https://fedorahosted.org/fesco/ticket/1128



The new compiler flag "-fstack-protector-strong" in Fedora 19's gcc achieves a better balance between security and performance (when compared against the default -fstack-protector and available -fstack-protector-all options).

I am proposing to switch from using the "-fstack-protector" flag to "-fstack-protector-strong" in Fedora 20. The switch involves changing a single line in /usr/lib/rpm/redhat/macros file.
Comment 1 Dhiru Kholia 2013-06-27 04:46:09 EDT
Created attachment 766017 [details]
Fix #978763
Comment 2 Dhiru Kholia 2013-06-27 04:47:18 EDT
Patch for fixing this bug is attached.

In case of problems, please see https://bitbucket.org/dhiru/redhat-rpm-config/commits/all
Comment 3 Dhiru Kholia 2013-06-28 08:15:58 EDT
Hi Panu,

Does the attached patch works for you?

Can we fix this bug ASAP (in order to catch potential problems early on) ?
Comment 4 Stephen Gallagher 2013-07-03 15:27:14 EDT
Panu, please review and incorporate (or help correct it if it needs work).

At the FESCo meeting on 2013-07-03 we decided that this change needs to be made before the F20 mass-rebuilds take place. Thus nominating it for an F20Alpha blocker.
Comment 5 Panu Matilainen 2013-07-04 03:06:51 EDT
I was on vacation for a couple of days and this ends all the way up to FESCo?

I dont see how a s/fno-stack-protector/fno-stack-protector-strong/ operation would need a whole lot of "review" from me, especially considering the whole hardening stuff was added by someone else to begin with (but thats beside the point here)

So yeah yeah, I'll drop it in soonish.
Comment 6 Panu Matilainen 2013-07-04 03:20:25 EDT
Oh, this wasn't linked to the hardening stuff at all, my mistake.

And apparently it does need a bit of review afterall: there's no such option as "-fno-stack-protector-strong" which the patch introduces for aarch64.
Comment 7 Panu Matilainen 2013-07-04 03:37:00 EDT
Changed in redhat-rpm-config-9.1.0-47.fc20
Comment 8 Dhiru Kholia 2013-07-04 04:19:21 EDT
Thanks Panu!

It would be great if we could get rid of those "whitespace errors" (from the SPEC file) in a future update.
Comment 9 Panu Matilainen 2013-07-04 04:25:10 EDT
Um, what whitespace errors?
Comment 10 Dhiru Kholia 2013-07-04 05:24:39 EDT
whitespace errors ==> some empty lines have stray spaces / tabs in them.

Turn on colours in the git configuration and see the output of "git log -p".

Note You need to log in before you can comment on or make changes to this bug.