projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a8b0a3f)
toolchain/buildroot: properly handle SSP
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Thu, 4 Jul 2013 18:30:26 +0000 (15:30 -0300)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Sat, 27 Jul 2013 11:16:50 +0000 (13:16 +0200)
The current SSP handling is incomplete.

First we need to build uClibc with SSP support for a complete
"experience".

Second, it doesn't hurt to add -fstack-protector-all to the
CFLAGS/CXXFLAGS since most users would expect buildroot to do this
rather than adding the flags themselves.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/Makefile.in patch | blob | history
package/uclibc/uclibc.mk patch | blob | history
toolchain/toolchain-buildroot/Config.in.2 patch | blob | history

diff --git a/package/Makefile.in b/package/Makefile.in
index a597290c23f172a8f865d4422be0fa431877db8a..95eec52dcc584de27fc63b57ea8adeaa7873975d 100644 (file)
--- a/package/Makefile.in
+++ b/package/Makefile.in
@@ -124,6 +124,11 @@ TARGET_CFLAGS += -msep-data
 TARGET_CXXFLAGS += -msep-data
 endif
 
+ifeq ($(BR2_TOOLCHAIN_BUILDROOT_USE_SSP),y)
+TARGET_CFLAGS += -fstack-protector-all
+TARGET_CXXFLAGS += -fstack-protector-all
+endif
+
 ifeq ($(BR2_TOOLCHAIN_BUILDROOT)$(BR2_TOOLCHAIN_CTNG),y)
 TARGET_CROSS=$(HOST_DIR)/usr/bin/$(GNU_TARGET_NAME)-
 else
diff --git a/package/uclibc/uclibc.mk b/package/uclibc/uclibc.mk
index 044de21d96709593f2df9061b0018c147f51e27b..cf53280c9b83a89aa3e62fda8acb4023777bc942 100644 (file)
--- a/package/uclibc/uclibc.mk
+++ b/package/uclibc/uclibc.mk
@@ -251,9 +251,15 @@ endif
 # SSP
 #
 ifeq ($(BR2_TOOLCHAIN_BUILDROOT_USE_SSP),y)
-UCLIBC_SSP_CONFIG = $(call UCLIBC_OPT_SET,UCLIBC_HAS_SSP,y,$(@D))
+define UCLIBC_SSP_CONFIG
+       $(call UCLIBC_OPT_SET,UCLIBC_HAS_SSP,y,$(@D))
+       $(call UCLIBC_OPT_SET,UCLIBC_BUILD_SSP,y,$(@D))
+endef
 else
-UCLIBC_SSP_CONFIG = $(call UCLIBC_OPT_UNSET,UCLIBC_HAS_SSP,$(@D))
+define UCLIBC_SSP_CONFIG
+       $(call UCLIBC_OPT_UNSET,UCLIBC_HAS_SSP,$(@D))
+       $(call UCLIBC_OPT_UNSET,UCLIBC_BUILD_SSP,$(@D))
+endef
 endif
 
 #
diff --git a/toolchain/toolchain-buildroot/Config.in.2 b/toolchain/toolchain-buildroot/Config.in.2
index a9c102f7f8f7af0e1825e4346092583af7fce622..bf27e6b73da45306509984a826086df59b18c8b0 100644 (file)
--- a/toolchain/toolchain-buildroot/Config.in.2
+++ b/toolchain/toolchain-buildroot/Config.in.2
@@ -21,7 +21,7 @@ config BR2_TOOLCHAIN_BUILDROOT_USE_SSP
        bool "Enable stack protection support"
        help
          Enable stack smashing protection support using GCCs
-         -fstack-protector[-all] option.
+         -fstack-protector-all option.
 
          See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
          for details.