diff options
| author |   Alexey Neyman <stilor@att.net> | 2018-12-05 00:15:37 (GMT) |
|---|---|---|
| committer | Alexey Neyman <stilor@att.net> | 2018-12-05 00:15:37 (GMT) |
| commit | f5b57504d28d0bdcda26a06ec21d80906bfbf11e (patch) | |
| tree | 6423e6e670f1c3df38b546e1fe306fe634cd968a | |
| parent | 893932e90f967169fcf494e36ac9001f2f1b90a5 (diff) | |
Add configuration options for enabling SSP
... in uClibc and glibc.
Fixes #681.
While here, relocate additional "sources" for uClibc/binutils into packages/
directory.
Signed-off-by: Alexey Neyman <stilor@att.net>
| -rw-r--r-- | config/libc/glibc.in | 39 | ||||
| -rw-r--r-- | config/libc/uClibc.in | 17 | ||||
| -rw-r--r-- | packages/binutils/binutils-ld.in (renamed from scripts/build/binutils/binutils-ld.in) | 0 | ||||
| -rw-r--r-- | packages/uClibc-ng/config (renamed from contrib/uClibc-defconfigs/uClibc-ng.config) | 0 | ||||
| -rw-r--r-- | packages/uClibc/config (renamed from contrib/uClibc-defconfigs/uClibc.config) | 0 | ||||
| -rw-r--r-- | scripts/build/binutils/binutils.sh | 2 | ||||
| -rw-r--r-- | scripts/build/libc/glibc.sh | 4 | ||||
| -rw-r--r-- | scripts/build/libc/uClibc.sh | 9 |
8 files changed, 67 insertions, 4 deletions
diff --git a/config/libc/glibc.in b/config/libc/glibc.in index 5916a83..527063f 100644 --- a/config/libc/glibc.in +++ b/config/libc/glibc.in @@ -320,6 +320,45 @@ config GLIBC_MIN_KERNEL default LINUX_VERSION if GLIBC_KERNEL_VERSION_AS_HEADERS default GLIBC_MIN_KERNEL_VERSION if GLIBC_KERNEL_VERSION_CHOSEN + +choice + bool "Stack-smashing protection (SSP) in glibc" + default GLIBC_SSP_DEFAULT + +config GLIBC_SSP_DEFAULT + bool "default" + help + Glibc's configure script determines the stack protection level. + +config GLIBC_SSP_NO + bool "no" + help + Glibc functions are not protected against stack-smashing. + +config GLIBC_SSP_YES + bool "yes" + help + Glibc is compiled with -fstack-protector option. + +config GLIBC_SSP_ALL + bool "all" + help + Glibc is compiled with -fstack-protector-all option. + +config GLIBC_SSP_STRONG + bool "strong" + help + Glibc is compiled with -fstack-protector-strong option. + +endchoice + +config GLIBC_SSP + string + default "no" if GLIBC_SSP_NO + default "yes" if GLIBC_SSP_YES + default "all" if GLIBC_SSP_ALL + default "strong" if GLIBC_SSP_STRONG + # All supported versions of glibc build cleanly with GCC7 and earlier. # GCC8-related fixes were only available in glibc 2.27. config GLIBC_ENABLE_WERROR diff --git a/config/libc/uClibc.in b/config/libc/uClibc.in index 7bdd03f..2b11e0c 100644 --- a/config/libc/uClibc.in +++ b/config/libc/uClibc.in @@ -207,6 +207,23 @@ config LIBC_UCLIBC_RPC help Enable support for remote procedure calls (RPC) in uClibc. +config LIBC_UCLIBC_HAS_SSP + bool + prompt "Support stack smashing protection (SSP)" + default y + help + Enable support for building programs with -fstack-protector family + of options. If this option is disabled, one can also use a standalone + libssp library from GCC. + +config LIBC_UCLIBC_BUILD_SSP + bool + prompt "Build uClibc with SSP" + depends on LIBC_UCLIBC_HAS_SSP + help + Build uClibc with -fstack-protector. This adds runtime overhead + to many function calls and is disabled by default. + if ARCH_ARM config LIBC_UCLIBC_USE_GNU_SUFFIX bool diff --git a/scripts/build/binutils/binutils-ld.in b/packages/binutils/binutils-ld.in index 30f4591..30f4591 100644 --- a/scripts/build/binutils/binutils-ld.in +++ b/packages/binutils/binutils-ld.in diff --git a/contrib/uClibc-defconfigs/uClibc-ng.config b/packages/uClibc-ng/config index 1f0a8c1..1f0a8c1 100644 --- a/contrib/uClibc-defconfigs/uClibc-ng.config +++ b/packages/uClibc-ng/config diff --git a/contrib/uClibc-defconfigs/uClibc.config b/packages/uClibc/config index 104eb5c..104eb5c 100644 --- a/contrib/uClibc-defconfigs/uClibc.config +++ b/packages/uClibc/config diff --git a/scripts/build/binutils/binutils.sh b/scripts/build/binutils/binutils.sh index 7335743..d1745a3 100644 --- a/scripts/build/binutils/binutils.sh +++ b/scripts/build/binutils/binutils.sh @@ -226,7 +226,7 @@ do_binutils_backend() { rm -f "${prefix}/bin/${CT_TARGET}-ld" rm -f "${prefix}/${CT_TARGET}/bin/ld" sed -r -e "s/@@DEFAULT_LD@@/${CT_BINUTILS_LINKER_DEFAULT}/" \ - "${CT_LIB_DIR}/scripts/build/binutils/binutils-ld.in" \ + "${CT_LIB_DIR}/packages/binutils/binutils-ld.in" \ >"${prefix}/bin/${CT_TARGET}-ld" chmod a+x "${prefix}/bin/${CT_TARGET}-ld" cp -a "${prefix}/bin/${CT_TARGET}-ld" \ diff --git a/scripts/build/libc/glibc.sh b/scripts/build/libc/glibc.sh index a9adbbb..4d44fea 100644 --- a/scripts/build/libc/glibc.sh +++ b/scripts/build/libc/glibc.sh @@ -176,6 +176,10 @@ glibc_backend_once() [ -n "${CT_PKGVERSION}" ] && extra_config+=("--with-pkgversion=${CT_PKGVERSION}") [ -n "${CT_TOOLCHAIN_BUGURL}" ] && extra_config+=("--with-bugurl=${CT_TOOLCHAIN_BUGURL}") + if [ -n "${CT_GLIBC_SSP}" ]; then + extra_config+=("--enable-stack-protector=${CT_GLIBC_SSP}") + fi + touch config.cache # Hide host C++ binary from configure diff --git a/scripts/build/libc/uClibc.sh b/scripts/build/libc/uClibc.sh index 7b66204..ccadfeb 100644 --- a/scripts/build/libc/uClibc.sh +++ b/scripts/build/libc/uClibc.sh @@ -94,7 +94,7 @@ uClibc_backend_once() # Use the default config if the user did not provide one. if [ -z "${CT_LIBC_UCLIBC_CONFIG_FILE}" ]; then - CT_LIBC_UCLIBC_CONFIG_FILE="${CT_LIB_DIR}/contrib/uClibc-defconfigs/${uClibc_name}.config" + CT_LIBC_UCLIBC_CONFIG_FILE="${CT_LIB_DIR}/packages/${uClibc_name}/config" fi manage_uClibc_config "${CT_LIBC_UCLIBC_CONFIG_FILE}" .config "${multi_flags}" @@ -324,11 +324,14 @@ manage_uClibc_config() fi # Stack Smash Protection (SSP) - if [ "${CT_CC_GCC_LIBSSP}" = "y" ]; then + if [ "${CT_LIBC_UCLIBC_HAS_SSP}" = "y" ]; then CT_KconfigEnableOption "UCLIBC_HAS_SSP" "${dst}" - CT_KconfigEnableOption "UCLIBC_BUILD_SSP" "${dst}" else CT_KconfigDisableOption "UCLIBC_HAS_SSP" "${dst}" + fi + if [ "${CT_LIBC_UCLIBC_BUILD_SSP}" = "y" ]; then + CT_KconfigEnableOption "UCLIBC_BUILD_SSP" "${dst}" + else CT_KconfigDisableOption "UCLIBC_BUILD_SSP" "${dst}" fi |