1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
# SPDX-License-Identifier: GPL-2.0-only
#
# Copyright (C) 2015-2020 OpenWrt.org
PKG_CHECK_FORMAT_SECURITY ?= 1
PKG_ASLR_PIE ?= 1
PKG_ASLR_PIE_REGULAR ?= 0
PKG_SSP ?= 1
PKG_FORTIFY_SOURCE ?= 1
PKG_RELRO ?= 1
ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
TARGET_CFLAGS += -Wformat -Werror=format-security
endif
endif
ifdef CONFIG_PKG_ASLR_PIE_ALL
ifeq ($(strip $(PKG_ASLR_PIE)),1)
TARGET_CFLAGS += $(FPIC)
TARGET_LDFLAGS += $(FPIC) -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs
endif
endif
ifdef CONFIG_PKG_ASLR_PIE_REGULAR
ifeq ($(strip $(PKG_ASLR_PIE_REGULAR)),1)
TARGET_CFLAGS += $(FPIC)
TARGET_LDFLAGS += $(FPIC) -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs
endif
endif
ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
ifeq ($(strip $(PKG_SSP)),1)
TARGET_CFLAGS += -fstack-protector
endif
endif
ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
ifeq ($(strip $(PKG_SSP)),1)
TARGET_CFLAGS += -fstack-protector-strong
endif
endif
ifdef CONFIG_PKG_CC_STACKPROTECTOR_ALL
ifeq ($(strip $(PKG_SSP)),1)
TARGET_CFLAGS += -fstack-protector-all
endif
endif
ifdef CONFIG_PKG_FORTIFY_SOURCE_1
ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
endif
endif
ifdef CONFIG_PKG_FORTIFY_SOURCE_2
ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
endif
endif
ifdef CONFIG_PKG_RELRO_PARTIAL
ifeq ($(strip $(PKG_RELRO)),1)
TARGET_CFLAGS += -Wl,-z,relro
TARGET_LDFLAGS += -zrelro
endif
endif
ifdef CONFIG_PKG_RELRO_FULL
ifeq ($(strip $(PKG_RELRO)),1)
TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro
TARGET_LDFLAGS += -znow -zrelro
endif
endif
|
