Alex Vong transcribed 1.7K bytes: > Mark H Weaver writes: > > > Mark H Weaver writes: > > > >> I just followed this up with a Spectre mitigation for WebKitGTK+ > >> backported from upstream WebKit: > >> > >> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=56804398a94bea941183ae4ed29d2a9f82069a6f > > > > FYI, adding a patch to 'webkitgtk' seems to have greatly exacerbated an > > existing race condition in webkitgtk's build system, presumably due to > > the zeroing of time stamps in the repacked tarball. I believe that > > *any* patch would have had this effect. I filed the following bug to > > track this issue: > > > > https://bugs.gnu.org/30015 > > > > Mark > > Thanks for all the help and quick fixes. > > I have an idea. Should we add a news entry to Guix blog[0] summarizing > all the above? For example, we can advice users to install noscript and > turn off javascript by default and only enable it on trusted site when > necessary. Yes. If you ask yourself the question, it's already possible that someone out there (realistic: multiple someones) doesn't follow the mailinglist all the time and they miss it out. a summary on the website will be good imho. > About the "Retpoline" mitigation technique[1]. Right now only GCC 7.2.0 > is patched, but our default gcc version is 5.4.0 in master and 5.5.0 in > core-updates. So I tried to apply the patches apply the patches to > 5.5.0. There are totally 17 commits/patches. The first 3 patch can be > modified to work while the 4th patch cannot be easily modified to work > because the function ``ix86_nopic_noplt_attribute_p'' is not present on > 5.5.0. Perhaps discarding the hunk would be fine, but we need to be > careful about it (maybe running tests make sure the fix really works). > > Do you think we should modify the patch to make it work on GCC 5 or > update core-updates to GCC 7 instead? > > [0]: https://www.gnu.org/software/guix/blog/ > [1]: http://git.infradead.org/users/dwmw2/gcc-retpoline.git/shortlog/refs/heads/retpoline > > -- GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys WWW: https://n0.is/a/ :: https://ea.n0.is