Introduce configuration options to build an "hardened" OpenWRT.
Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.
uClibc makefile now automatically detects if SSP support is necessary.
hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.
Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.
Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.
Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>
SVN-Revision: 44005
When building with CONFIG_BUILD_NLS=y, uClibc fails to compile with following
message (or similar, according to https://dev.openwrt.org/ticket/13095):
-snip-
...
Warning: adding UNDEFINED entry for ar_AE
Warning: adding UNDEFINED entry for am_ET
Warning: adding UNDEFINED entry for af_ZA
grep "^#define" extra/locale/locale_tables.h > extra/locale/lt_defines.h
grep "^#define __lc" extra/locale/locale_collate.h >> extra/locale/lt_defines.h
gcc extra/locale/gen_wctype.c -o extra/locale/gen_wctype -Os -Wall -D__UCLIBC_GEN_LOCALE -I./
extra/locale/gen_wctype.c: In function 'main':
extra/locale/gen_wctype.c:684:2: warning: #warning fix the upper bound on the upper/lower tables... save 200 bytes or so [-Wcpp]
for locale in en_US en_GB; do \
extra/locale/gen_wctype $locale > extra/locale/wctables.h || \
extra/locale/gen_wctype $locale.UTF-8 > extra/locale/wctables.h || \
extra/locale/gen_wctype $locale.iso8859-1 > extra/locale/wctables.h && break; \
done
make[4]: *** [extra/locale/wctables.h] Error 1
-snap-
This seems to also depend on the host system used, e.g. running a fresh
checkout on a Debian 7.6 system triggered this error, while running the
very same stuff on an Ubuntu 12.10 Quantal Quetzal does not trigger it.
This is the configuration I used:
-snip-
buildbot@buildbot:~/openwrt-nls.git$ scripts/diffconfig.sh
CONFIG_TARGET_ar71xx=y
CONFIG_TARGET_ar71xx_generic=y
CONFIG_TARGET_ar71xx_generic_Default=y
CONFIG_DEVEL=y
CONFIG_BUILD_NLS=y
CONFIG_DOWNLOAD_FOLDER="/srv/downloads/downloads"
-snap-
In the ticket mentioned above, a patch is referenced which solves this issue.
Note, that this issue is also present on 14.07.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43446
Without this patch, selecting "Compile with full language support"
results in the following question during build:
...
Locale Support (UCLIBC_HAS_LOCALE) [Y/n/?] y
Locale data
> 1. All locales (UCLIBC_BUILD_ALL_LOCALE) (NEW)
2. Only selected locales (UCLIBC_BUILD_MINIMAL_LOCALE) (NEW)
3. Use Pre-generated Locale Data (UCLIBC_PREGENERATED_LOCALE_DATA) (NEW)
choice[1-3]:
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43445
This patch adds missing architecture-specific headers for use with
eventfd(2). Fixes#16679.
Signed-off-by: Luis Dallos <ld@nkvd.ignorelist.com>
SVN-Revision: 42916
A small system like the common home router doesn't have 40 MiB per process for
a dirty stack cache. This can easily lead to an overbooking OOM problem and
caused a lot of hangs+reboots on 32 MiB systems running nodogsplash.
Not using a stack cache can increase the time to spawn new threads. This is
hopefully no problem for system not running a lot of parallel computations.
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
SVN-Revision: 38851
For now, build uclibc without -mips16. There's no mips16 syscall
support AFAIK and uclibc uses inline assembly syscalls a lot.
In addition, touching errno means touching a TLS model symbol, and
that's not supported in gcc 4.6.
The __set_errno macro can be put back to calling
errno_location(). This allows much of the library to be built in
mips16 mode. I don't understand the implications to the thread library
of doing this.
A list of "build as -mno-mips16" C source files can be placed in the
mips architecture-dependent build files. Maintaining the list would be
no fun.
Signed-off-by: Jay Carlson <nop@nop.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 36199
uClibc declares eventfd() as taking two arguments but doesn't properly
pass the second argument to the kernel.
The problem is discussed at:
http://lists.uclibc.org/pipermail/uclibc/2012-May/046873.html
This patch is taken from uclibc 0.9.33 git, so will presumably
be integrated in any future releases.
Signed-off-by: Andy Leiserson <andy@leiserson.org>
SVN-Revision: 33478
testing uclibc changes is tricky because the final gcc tends to miscompile
uclibc code or barf up internal compiler errors.
install binutils into $(TOOLCHAIN_DIR)/initial (without changing the configure
prefix) and copy it from there to $(TOOLCHAIN_DIR)/ so that the initial gcc
can be put into $(PATH) for the uclibc build, even if the final gcc
is already installed.
SVN-Revision: 32553
