I cannot find any evidence that this is helpful and no other distribution has this as default. Packages that are vulnerable to these attacks (i.e. the kernel) add these flags as appropriate automatically.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- make.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/make.sh b/make.sh index 799aeee66..1a1960674 100755 --- a/make.sh +++ b/make.sh @@ -146,14 +146,14 @@ configure_build() { BUILDTARGET="${build_arch}-unknown-linux-gnu" CROSSTARGET="${build_arch}-cross-linux-gnu" BUILD_PLATFORM="x86" - CFLAGS_ARCH="-m64 -mindirect-branch=thunk -mfunction-return=thunk -mtune=generic" + CFLAGS_ARCH="-m64 -mtune=generic" ;;
i586) BUILDTARGET="${build_arch}-pc-linux-gnu" CROSSTARGET="${build_arch}-cross-linux-gnu" BUILD_PLATFORM="x86" - CFLAGS_ARCH="-march=i586 -mindirect-branch=thunk -mfunction-return=thunk -mtune=generic -fomit-frame-pointer" + CFLAGS_ARCH="-march=i586 -mtune=generic -fomit-frame-pointer" ;;
aarch64)