Re: Compiler with Spectre mitigation retpoline/-mindirect-branch=thunk
- Date: Wed, 31 Jan 2018 11:56:56 +0100
- From: Moritz Mühlenhoff <jmm@xxxxxxxxxx>
- Subject: Re: Compiler with Spectre mitigation retpoline/-mindirect-branch=thunk
Robin Geuze <robing@xxxxxxxxxx> schrieb:
> I was wondering, are the debian maintainers planning on backporting the
> -mindirect-branch=thunk support introduced in GCC 7.3 and 8.1 to the
> compilers available on Jessie and Stretch? While this is not necessarily
> a security fix for the compiler it does provide that fix to at least
> kernels compiled using it.
Yes, updated GCC builds will be released via security.debian.org (and
provide the basis for a linux update), but those are still WIP.
The GCC 6 branch is still open and stretch updates will be based on that
once HJ Lu's patches have been merged there.
He also maintains a 4.9 branch of his patches on Github, but those
are still in flux. When they are finalised they'll provide the basis
for a jessie update.