diff options
author | Alexey Neyman <stilor@att.net> | 2018-12-05 03:12:59 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-05 03:12:59 (GMT) |
commit | f8874f447e40852d33d65c1f443a90b0760901df (patch) | |
tree | f506cfa723b6e3baa28ac30e2be4a314516f5950 /config | |
parent | dc9fa6ad64f81e3314a469fc434f1dd4abcff0cc (diff) | |
parent | 1e5c48f190f5f0da9177a1137113b8d4a836ab9e (diff) |
Merge pull request #1108 from stilor/config-fixes
Config fixes
Diffstat (limited to 'config')
-rw-r--r-- | config/binutils/binutils.in | 12 | ||||
-rw-r--r-- | config/libc/glibc.in | 39 | ||||
-rw-r--r-- | config/libc/mingw-w64.in | 1 | ||||
-rw-r--r-- | config/libc/uClibc.in | 17 |
4 files changed, 68 insertions, 1 deletions
diff --git a/config/binutils/binutils.in b/config/binutils/binutils.in index bd32bd6..928659a 100644 --- a/config/binutils/binutils.in +++ b/config/binutils/binutils.in @@ -79,7 +79,7 @@ config BINUTILS_LINKER_LD_GOLD config BINUTILS_LINKER_GOLD_LD bool prompt "gold, ld" - depends on !BINUTILS_FORCE_LD_BFD_ONLY + depends on !BINUTILS_FORCE_LD_BFD_DEFAULT && !BINUTILS_FORCE_LD_BFD_ONLY depends on BINUTILS_GOLD_SUPPORT select BINUTILS_GOLD_INSTALLED select BINUTILS_LINKER_BOTH @@ -146,6 +146,16 @@ config BINUTILS_PLUGINS Especially, gold can use the lto-plugin, as installed by gcc, to handle LTO. +config BINUTILS_RELRO + tristate + prompt "Enable -z relro in ELF linker by default" if BINUTILS_2_27_or_later + default m + help + Setting this option forces "-z relro" by default in the ELF linker. + Clearing this option forces "-z norelro" by default in the ELF linker. + Setting this option to 'M' configures binutils with their internal + default for the selected architecture. + config BINUTILS_EXTRA_CONFIG_ARRAY string prompt "binutils extra config" diff --git a/config/libc/glibc.in b/config/libc/glibc.in index 5916a83..527063f 100644 --- a/config/libc/glibc.in +++ b/config/libc/glibc.in @@ -320,6 +320,45 @@ config GLIBC_MIN_KERNEL default LINUX_VERSION if GLIBC_KERNEL_VERSION_AS_HEADERS default GLIBC_MIN_KERNEL_VERSION if GLIBC_KERNEL_VERSION_CHOSEN + +choice + bool "Stack-smashing protection (SSP) in glibc" + default GLIBC_SSP_DEFAULT + +config GLIBC_SSP_DEFAULT + bool "default" + help + Glibc's configure script determines the stack protection level. + +config GLIBC_SSP_NO + bool "no" + help + Glibc functions are not protected against stack-smashing. + +config GLIBC_SSP_YES + bool "yes" + help + Glibc is compiled with -fstack-protector option. + +config GLIBC_SSP_ALL + bool "all" + help + Glibc is compiled with -fstack-protector-all option. + +config GLIBC_SSP_STRONG + bool "strong" + help + Glibc is compiled with -fstack-protector-strong option. + +endchoice + +config GLIBC_SSP + string + default "no" if GLIBC_SSP_NO + default "yes" if GLIBC_SSP_YES + default "all" if GLIBC_SSP_ALL + default "strong" if GLIBC_SSP_STRONG + # All supported versions of glibc build cleanly with GCC7 and earlier. # GCC8-related fixes were only available in glibc 2.27. config GLIBC_ENABLE_WERROR diff --git a/config/libc/mingw-w64.in b/config/libc/mingw-w64.in index 02b18a2..d176e47 100644 --- a/config/libc/mingw-w64.in +++ b/config/libc/mingw-w64.in @@ -5,6 +5,7 @@ ## select LIBC_SUPPORT_THREADS_NATIVE ## select LIBC_SUPPORT_THREADS_POSIX ## select CC_CORE_PASS_2_NEEDED +## select BINUTILS_FORCE_LD_BFD_DEFAULT ## ## help The de-facto standard for Mingw distributions. diff --git a/config/libc/uClibc.in b/config/libc/uClibc.in index 7bdd03f..2b11e0c 100644 --- a/config/libc/uClibc.in +++ b/config/libc/uClibc.in @@ -207,6 +207,23 @@ config LIBC_UCLIBC_RPC help Enable support for remote procedure calls (RPC) in uClibc. +config LIBC_UCLIBC_HAS_SSP + bool + prompt "Support stack smashing protection (SSP)" + default y + help + Enable support for building programs with -fstack-protector family + of options. If this option is disabled, one can also use a standalone + libssp library from GCC. + +config LIBC_UCLIBC_BUILD_SSP + bool + prompt "Build uClibc with SSP" + depends on LIBC_UCLIBC_HAS_SSP + help + Build uClibc with -fstack-protector. This adds runtime overhead + to many function calls and is disabled by default. + if ARCH_ARM config LIBC_UCLIBC_USE_GNU_SUFFIX bool |