On Fri, 2020-05-22 at 22:25 +0200, Sandro Mani wrote:
> While looking through the mingw rpm macros, I noticed that we currently have
>
> mingw{32,64}_cflags = -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
> -fexceptions --param=ssp-buffer-size=4
>
> whereas for native packages we have
>
> optflags = -O2 -g -pipe -Wall -Werror=format-security
> -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions
> -fstack-protector-strong -grecord-gcc-switches
> -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
> -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
> -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
>
> As I read the gcc docs and [1] (by no means an expert in the matter),
> I'd say the following might also make sense for the mingw cflags:
>
> - -Werror=format-security
Probably a safe addition.
> - -Wp,-D_GLIBCXX_ASSERTIONS
Not sure about this one.
> - -fstack-protector-strong
Careful with this one, as it then requires linking with -lssp
-lssp_nonshared. gcc is supposed to handle that automatically, but
anything that tries to be too smart might miss this.
> - -fasynchronous-unwind-tables
> - -fstack-clash-protection
Have binaries resulting from these been tried?
> I've got a mass tool chain update scheduled before the F33 mass rebuild,
> I could in the same go also update the flags. Opinions?
--
Yaakov Selkowitz
Senior Software Engineer - Platform Enablement
Red Hat, Inc.
_______________________________________________
mingw mailing list -- mingw@lists.fedoraproject.org
To unsubscribe send an email to mingw-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/mingw@lists.fedoraproject.org
