Hello

To prevent any leakage (Spectre v2) from a compromised VM on same physical
host, this patch would mitigate the impact.

--- configure.ac.orig    2018-03-04 01:46:55.877067173 +0400
+++ configure.ac    2018-03-04 01:49:26.422625147 +0400
@@ -101,6 +101,11 @@ if test "$GCC" = yes; then
 fi
 AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2])

+# Spectre v2 mitigations
+AX_APPEND_COMPILE_FLAGS([-mfunction-return=thunk])
+AX_APPEND_COMPILE_FLAGS([-mindirect-branch=thunk])
+
 AC_MSG_NOTICE([**************************************** libtool])
 LT_INIT([disable-static])
 AC_SUBST([LIBTOOL_DEPS])

Kind regards,

Nitin J Mutkawoa
https://tunnelix.com
https://hackers.mu
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

Reply via email to