Re: Really enable -fstack-clash-protection on armhf/armel?
Hi!
On Thu, 2023-11-23 at 10:45:33 +0100, Matthias Klose wrote:
> it looks like enabling this flag on armel/armhf is a little bit premature.
>
> Apparently it's not completely supported upstream, and might cause
> regressions, according to
> https://bugzilla.redhat.com/show_bug.cgi?id=1522678
I note that this bug was closed on 2018-01, so the information therein
might not be the most up-to-date?
> Is that a feature that the Debian ARM32 porters and the security team really
> want to support actively, despite the missing upstream support?
According to https://bugs.debian.org/918914#73 there were no pending
toolchain issues related to this. And I think the security team mostly
deferred to the ports teams.
> In Ubuntu, people tracked down segfaults due to this change in at least
> valgrind and gnutls, maybe more.
If there's some missing support somewhere that might make this a
common thing instead of just affecting a handful of packages that
could simply disable the flags, and the Arm porters consider that
fixing that is not feasible in the short term, I guess it makes
sense to stop emitting the flag for the arm32 arches. In the end
I'd still defer to what the porters prefer, and I can easily revert
that change for arm32 and queue it for a next upload if desired.
Thanks,
Guillem
Reply to: