[stunnel-users] [PATCH] Spectre v2 Vulnerability Mitigations
Nitin Mutkawoa
jmutkawoa at hackers.mu
Wed Mar 7 21:25:55 CET 2018
Hello
To prevent any leakage (Spectre v2) from a compromised VM on same physical
host, this patch would mitigate the impact.
--- configure.ac.orig 2018-03-04 01:46:55.877067173 +0400
+++ configure.ac 2018-03-04 01:49:26.422625147 +0400
@@ -101,6 +101,11 @@ if test "$GCC" = yes; then
fi
AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2])
+# Spectre v2 mitigations
+AX_APPEND_COMPILE_FLAGS([-mfunction-return=thunk])
+AX_APPEND_COMPILE_FLAGS([-mindirect-branch=thunk])
+
AC_MSG_NOTICE([**************************************** libtool])
LT_INIT([disable-static])
AC_SUBST([LIBTOOL_DEPS])
Kind regards,
Nitin J Mutkawoa
https://tunnelix.com
https://hackers.mu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180308/e9004904/attachment.html>
More information about the stunnel-users
mailing list