From 5eec0f21a6515e787ea8af0653c1048171d5d635 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 14 Aug 2020 16:25:26 +0000
Subject: [PATCH] make.sh: Add -fcf-protection for x86_64/i586

Instrument binaries to guard against ROP/JOP attacks.

This flag in only available on x86_64 and i586.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 make.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/make.sh b/make.sh
index fae75fdc99..99ac1bc852 100755
--- a/make.sh
+++ b/make.sh
@@ -146,14 +146,14 @@ configure_build() {
 			BUILDTARGET="${build_arch}-unknown-linux-gnu"
 			CROSSTARGET="${build_arch}-cross-linux-gnu"
 			BUILD_PLATFORM="x86"
-			CFLAGS_ARCH="-m64 -mtune=generic -fstack-clash-protection"
+			CFLAGS_ARCH="-m64 -mtune=generic -fstack-clash-protection -fcf-protection"
 			;;
 
 		i586)
 			BUILDTARGET="${build_arch}-pc-linux-gnu"
 			CROSSTARGET="${build_arch}-cross-linux-gnu"
 			BUILD_PLATFORM="x86"
-			CFLAGS_ARCH="-march=i586 -mtune=generic -fomit-frame-pointer"
+			CFLAGS_ARCH="-march=i586 -mtune=generic -fomit-frame-pointer -fcf-protection"
 			;;
 
 		aarch64)
-- 
2.39.5