i386
kfreebsd-amd64
kfreebsd-i386
+ loong64
mips
mips64
mips64el
);
# Disable unsupported hardening options.
- if ($os !~ /^(?:linux|kfreebsd|knetbsd|hurd)$/ or $cpu eq 'hppa') {
+ if ($disable_harden_pie and exists $builtin_pie_arch{$arch}) {
+ $harden_pie = 0;
+ }
+ if ($os !~ /^(?:linux|kfreebsd|hurd)$/
+ or $cpu =~ /^(?:alpha|hppa|ia64)$/) {
$harden_pie = 0;
}
if ($cpu =~ /^(?:ia64|alpha|hppa|nios2)$/ or $arch eq 'arm') {
$harden_relro = 0;
$harden_bindnow = 0;
}
-
- if ($disable_harden_pie and exists $builtin_pie_arch{$arch}) {
- $harden_pie = 0;
- }
}
# Default values.
dpkg-buildpackage: source package test
dpkg-buildpackage: host architecture ia64
-# no stack protector and no relro,bindnow
+# no stack protector and no relro,bindnow and no pie
gcc -D_FORTIFY_SOURCE=2 -g -O2 -fPIE -Wformat -Wformat-security -Werror=format-security -Wall -c test.c
gcc -fPIE -pie -o test test.o
-
-# missing flags
gcc -D_FORTIFY_SOURCE=2 -g -O2 -Wformat -Wformat-security -Werror=format-security -Wall -c test.c
gcc -fPIE -o test test.o
Toolchain package versions: ... dpkg-dev_1.18.15 ...
dpkg-buildpackage: source package foo package
-dpkg-buildpackage: host architecture ia64
+dpkg-buildpackage: host architecture m68k
gcc -g -O2 -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now -fstack-protector-strong -Wformat -Werror=format-security -o test test.c
is_blhc 'arch-i386', '', 8,
$arch_i386;
-my $arch_ia64 =
- 'CFLAGS missing (-fPIE): gcc -D_FORTIFY_SOURCE=2 -g -O2 -Wformat -Wformat-security -Werror=format-security -Wall -c test.c
-LDFLAGS missing (-pie): gcc -fPIE -o test test.o
-';
-is_blhc 'arch-ia64', '', 8,
+my $arch_ia64 = '';
+is_blhc 'arch-ia64', '', 0,
$arch_ia64;
is_blhc 'arch-ia64', '--arch i386', 8,
ruderich.org/simon / blhc / blhc.git / commitdiff