Introduce configuration options to build an "hardened" OpenWRT.
Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.
uClibc makefile now automatically detects if SSP support is necessary.
hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.
Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.
Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.
Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44005 3c298f89-4303-0410-b956-a3cf2f4a3e73
Without this patch, selecting "Compile with full language support"
results in the following question during build:
...
Locale Support (UCLIBC_HAS_LOCALE) [Y/n/?] y
Locale data
> 1. All locales (UCLIBC_BUILD_ALL_LOCALE) (NEW)
2. Only selected locales (UCLIBC_BUILD_MINIMAL_LOCALE) (NEW)
3. Use Pre-generated Locale Data (UCLIBC_PREGENERATED_LOCALE_DATA) (NEW)
choice[1-3]:
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43445 3c298f89-4303-0410-b956-a3cf2f4a3e73
Add the flags from package.mk instead, and leave libc and gcc
unaffected.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37770 3c298f89-4303-0410-b956-a3cf2f4a3e73
For now, build uclibc without -mips16. There's no mips16 syscall
support AFAIK and uclibc uses inline assembly syscalls a lot.
In addition, touching errno means touching a TLS model symbol, and
that's not supported in gcc 4.6.
The __set_errno macro can be put back to calling
errno_location(). This allows much of the library to be built in
mips16 mode. I don't understand the implications to the thread library
of doing this.
A list of "build as -mno-mips16" C source files can be placed in the
mips architecture-dependent build files. Maintaining the list would be
no fun.
Signed-off-by: Jay Carlson <nop@nop.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36199 3c298f89-4303-0410-b956-a3cf2f4a3e73
Felix Fietkau
John Crispin
Florian Fainelli