| |
@@ -13,3 +13,15 @@
|
| |
== Binutils rebased to 2.29.1
|
| |
|
| |
The *binutils* collection of tools has been rebased from version 2.29 to 2.29.1. This minor release does not introduce any new features, but it includes a number of important bug fixes. In addition, the default build flags have been changed to include `-z defs`, so that undefined symbols result in errors. The benefit is that this prevents shipping dynamic shared objects (DSO) that are not correctly linked because they refer to versioned symbols as plain undefined symbols without specifying a symbol version.
|
| |
+
|
| |
+ [[sect-development-tools-]]
|
| |
+ == Hardening Flags Updates
|
| |
+
|
| |
+ Fedora 28 has been built with updated hardening flags, as provided by the GNU toolchain.
|
| |
+ Compared to previous releases, the following changes have been made to the way programs are built:
|
| |
+
|
| |
+ * Stack clash protection is enabled.
|
| |
+ * Lightweight assertions have been switched on in the C++ standard run-time library.
|
| |
+ * On x86-64, binaries have been built in such a way that they will support Control Flow Enforcement Technology (CET) in the future.
|
| |
+ * On systems which support memory protection keys, lazy binding now uses a read-only GOT.
|
| |
+ * By default the toolchain generates PIE executables to further harden Fedora executables from attacks.
|
| |
sclark
commented 7 years ago
This PR contains the draft release note for Issue #92 'Hardening Flags Updates for Fedora 28'. @fweimer, I have taken the text from the Release Notes section on the Fedora 28 Change Page, thank you. Please would you review this PR and let me know if there is anything else you would like to see added?