Web lists-archives.com

Re: Compiler with Spectre mitigation retpoline/-mindirect-branch=thunk




Robin Geuze <robing@xxxxxxxxxx> schrieb:
> I was wondering, are the debian maintainers planning on backporting the 
> -mindirect-branch=thunk support introduced in GCC 7.3 and 8.1 to the 
> compilers available on Jessie and Stretch? While this is not necessarily 
> a security fix for the compiler it does provide that fix to at least 
> kernels compiled using it.

Yes, updated GCC builds will be released via security.debian.org (and
provide the basis for a linux update), but those are still WIP.

The GCC 6 branch is still open and stretch updates will be based on that
once HJ Lu's patches have been merged there.

He also maintains a 4.9 branch of his patches on Github, but those
are still in flux. When they are finalised they'll provide the basis
for a jessie update.

Cheers,
        Moritz