StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am edc3371a: am f3a6b07b: Merge "host compiler: enable compiler hardening flags"

Browse Source 
* commit 'edc3371aeaf0f963d95b4d8bfb0e35b8b17ee648':
  host compiler: enable compiler hardening flags
This commit is contained in:
Nick Kralevich
2015-04-25 04:54:12 +00:00
committed by Android Git Automerger
parent aac1b9d9bf edc3371aea
commit 6612d4a088
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/combo/HOST_linux-x86.mk
View File

@@ -29,7 +29,7 @@ $(combo_2nd_arch_prefix)HOST_TOOLCHAIN_FOR_CLANG := prebuilts/gcc/linux-x86/host
# We expect SSE3 floating point math. # We expect SSE3 floating point math.
$(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -msse3 -mfpmath=sse -m32 -Wa,--noexecstack -march=prescott $(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -msse3 -mfpmath=sse -m32 -Wa,--noexecstack -march=prescott
$(combo_2nd_arch_prefix)HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack $(combo_2nd_arch_prefix)HOST_GLOBAL_LDFLAGS += -m32 -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now
ifneq ($(strip $(BUILD_HOST_static)),) ifneq ($(strip $(BUILD_HOST_static)),)
# Statically-linked binaries are desirable for sandboxed environment # Statically-linked binaries are desirable for sandboxed environment
@@ -40,8 +40,8 @@ $(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -fPIC \
-no-canonical-prefixes \ -no-canonical-prefixes \
-include $(call select-android-config-h,linux-x86) -include $(call select-android-config-h,linux-x86)
# Disable new longjmp in glibc 2.11 and later. See bug 2967937. Same for 2.15? # TODO: Set _FORTIFY_SOURCE=2. Bug 20558757.
$(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 $(combo_2nd_arch_prefix)HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -fstack-protector
# Workaround differences in inttypes.h between host and target. # Workaround differences in inttypes.h between host and target.
# See bug 12708004. # See bug 12708004.

6
core/combo/HOST_linux-x86_64.mk
View File

@@ -28,7 +28,7 @@ HOST_AR := $(HOST_TOOLCHAIN_PREFIX)ar
HOST_TOOLCHAIN_FOR_CLANG := prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.15-4.8/ HOST_TOOLCHAIN_FOR_CLANG := prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.15-4.8/
HOST_GLOBAL_CFLAGS += -m64 -Wa,--noexecstack HOST_GLOBAL_CFLAGS += -m64 -Wa,--noexecstack
HOST_GLOBAL_LDFLAGS += -m64 -Wl,-z,noexecstack HOST_GLOBAL_LDFLAGS += -m64 -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now
ifneq ($(strip $(BUILD_HOST_static)),) ifneq ($(strip $(BUILD_HOST_static)),)
# Statically-linked binaries are desirable for sandboxed environment # Statically-linked binaries are desirable for sandboxed environment
@@ -40,8 +40,8 @@ HOST_GLOBAL_CFLAGS += -fPIC \
-no-canonical-prefixes \ -no-canonical-prefixes \
-include $(call select-android-config-h,linux-x86) -include $(call select-android-config-h,linux-x86)
# Disable new longjmp in glibc 2.11 and later. See bug 2967937. Same for 2.15? # TODO: Set _FORTIFY_SOURCE=2. Bug 20558757.
HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -fstack-protector
# Workaround differences in inttypes.h between host and target. # Workaround differences in inttypes.h between host and target.
# See bug 12708004. # See bug 12708004.