1 files changed, 48 insertions, 1 deletions
diff --git a/README.md b/README.md
index 90e3f7fcc..d3f5db872 100644
--- a/README.md
+++ b/README.md
@@ -98,6 +98,52 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir
 `````
 # Current development version: 0.9.53
+## Spectre mitigation
+If your gcc compiler version supports it, -mindirect-branch=thunk is inserted into EXTRA_CFLAGS during software configuration.
+The patch was introduced in gcc version 8, and it was backported to gcc 7. You'll also find it
+on older versions, for example on Debian stable running on gcc 6.3.0.  This is how you check it:
+`````
+$ ./configure --prefix=/usr
+checking for gcc... gcc
+checking whether the C compiler works... yes
+checking for C compiler default output file name... a.out
+checking for suffix of executables...
+checking whether we are cross compiling... no
+checking for suffix of object files... o
+checking whether we are using the GNU C compiler... yes
+checking whether gcc accepts -g... yes
+checking for gcc option to accept ISO C89... none needed
+checking for a BSD-compatible install... /usr/bin/install -c
+checking for ranlib... ranlib
+checking for Spectre mitigation support in gcc compiler... yes
+[...]
+Configuration options:
+   prefix: /usr
+   sysconfdir: /etc
+   seccomp: -DHAVE_SECCOMP
+   <linux/seccomp.h>: -DHAVE_SECCOMP_H
+   apparmor:
+   global config: -DHAVE_GLOBALCFG
+   chroot: -DHAVE_CHROOT
+   bind: -DHAVE_BIND
+   network: -DHAVE_NETWORK
+   user namespace: -DHAVE_USERNS
+   X11 sandboxing support: -DHAVE_X11
+   whitelisting: -DHAVE_WHITELIST
+   private home support: -DHAVE_PRIVATE_HOME
+   file transfer support: -DHAVE_FILE_TRANSFER
+   overlayfs support: -DHAVE_OVERLAYFS
+   git install support:
+   busybox workaround: no
+   Spectre compiler patch: yes
+   EXTRA_LDFLAGS:
+   EXTRA_CFLAGS:  -mindirect-branch=thunk
+   fatal warnings:
+   Gcov instrumentation:
+   Install contrib scripts: yes
+`````
 ## AppImage development
 Support for private-bin, private-lib and shell none has been disabled while running AppImage archives.
@@ -246,4 +292,5 @@ firefox-common-addons.inc in firefox-common.profile.
 Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,
 pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain,
-tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder
+tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder,
+gnome-recipes, akonadi_control

diff --git a/README.md b/README.md index 90e3f7fcc..d3f5db872 100644 --- a/README.md +++ b/README.md
@@ -98,6 +98,52 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir
98	`````	98	`````
99	# Current development version: 0.9.53	99	# Current development version: 0.9.53
100		100
		101	## Spectre mitigation
		102
		103	If your gcc compiler version supports it, -mindirect-branch=thunk is inserted into EXTRA_CFLAGS during software configuration.
		104	The patch was introduced in gcc version 8, and it was backported to gcc 7. You'll also find it
		105	on older versions, for example on Debian stable running on gcc 6.3.0. This is how you check it:
		106	`````
		107	$ ./configure --prefix=/usr
		108	checking for gcc... gcc
		109	checking whether the C compiler works... yes
		110	checking for C compiler default output file name... a.out
		111	checking for suffix of executables...
		112	checking whether we are cross compiling... no
		113	checking for suffix of object files... o
		114	checking whether we are using the GNU C compiler... yes
		115	checking whether gcc accepts -g... yes
		116	checking for gcc option to accept ISO C89... none needed
		117	checking for a BSD-compatible install... /usr/bin/install -c
		118	checking for ranlib... ranlib
		119	checking for Spectre mitigation support in gcc compiler... yes
		120	[...]
		121	Configuration options:
		122	prefix: /usr
		123	sysconfdir: /etc
		124	seccomp: -DHAVE_SECCOMP
		125	<linux/seccomp.h>: -DHAVE_SECCOMP_H
		126	apparmor:
		127	global config: -DHAVE_GLOBALCFG
		128	chroot: -DHAVE_CHROOT
		129	bind: -DHAVE_BIND
		130	network: -DHAVE_NETWORK
		131	user namespace: -DHAVE_USERNS
		132	X11 sandboxing support: -DHAVE_X11
		133	whitelisting: -DHAVE_WHITELIST
		134	private home support: -DHAVE_PRIVATE_HOME
		135	file transfer support: -DHAVE_FILE_TRANSFER
		136	overlayfs support: -DHAVE_OVERLAYFS
		137	git install support:
		138	busybox workaround: no
		139	Spectre compiler patch: yes
		140	EXTRA_LDFLAGS:
		141	EXTRA_CFLAGS: -mindirect-branch=thunk
		142	fatal warnings:
		143	Gcov instrumentation:
		144	Install contrib scripts: yes
		145	`````
		146
101	## AppImage development	147	## AppImage development
102		148
103	Support for private-bin, private-lib and shell none has been disabled while running AppImage archives.	149	Support for private-bin, private-lib and shell none has been disabled while running AppImage archives.
@@ -246,4 +292,5 @@ firefox-common-addons.inc in firefox-common.profile.
246		292
247	Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,	293	Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,
248	pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain,	294	pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain,
249	tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder	295	tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder,
		296	gnome-recipes, akonadi_control