El 23-01-2018 a las 5:01, Dave Plater escribió:
Hi I've had build failures specifically on 42.3 packages that need gcc5 and up to build. The failures are due to -fstack-clash-protection, which only works with gcc7, having been added to %optflags. Strangely 42.2 builds with gcc5 don't have this flag. Is there any way to bypass this besides rewriting %optflags? Why is this flag in 42.3 builds but not 42.2? Why does this flag pass on gcc48? Thanks Dave P
Well.. answering subject,this is the needed fix for a full class of vulnerabilities described here https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash
Now, this is not the only flag you will need to handle .. you will soon need to handle -mindirect-branch= to prevent Spectre ..