From d89d75ea4a335f0d7f4187219f55ccdf3a954921 Mon Sep 17 00:00:00 2001 From: BtbN Date: Mon, 5 Dec 2022 18:57:54 +0100 Subject: [PATCH] Enable -fstack-clash-protection on all targets --- images/base-linux64/Dockerfile | 6 +++--- images/base-linuxarm64/Dockerfile | 6 +++--- images/base-win32/Dockerfile | 6 +++--- images/base-win64/Dockerfile | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/images/base-linux64/Dockerfile b/images/base-linux64/Dockerfile index c81a27f..d91dd19 100644 --- a/images/base-linux64/Dockerfile +++ b/images/base-linux64/Dockerfile @@ -54,8 +54,8 @@ ENV PATH="/opt/ct-ng/bin:${PATH}" \ AR="${FFBUILD_TOOLCHAIN}-gcc-ar" \ RANLIB="${FFBUILD_TOOLCHAIN}-gcc-ranlib" \ NM="${FFBUILD_TOOLCHAIN}-gcc-nm" \ - CFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -fPIC -DPIC -D_FORTIFY_SOURCE=2 -fstack-protector-strong -pthread" \ - CXXFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -fPIC -DPIC -D_FORTIFY_SOURCE=2 -fstack-protector-strong -pthread" \ - LDFLAGS="-static-libgcc -static-libstdc++ -L/opt/ffbuild/lib -O2 -pipe -fstack-protector-strong -Wl,-z,relro,-z,now -pthread -lm" \ + CFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -fPIC -DPIC -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection -pthread" \ + CXXFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -fPIC -DPIC -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection -pthread" \ + LDFLAGS="-static-libgcc -static-libstdc++ -L/opt/ffbuild/lib -O2 -pipe -fstack-protector-strong -fstack-clash-protection -Wl,-z,relro,-z,now -pthread -lm" \ STAGE_CFLAGS="-fvisibility=hidden -fno-semantic-interposition" \ STAGE_CXXFLAGS="-fvisibility=hidden -fno-semantic-interposition" diff --git a/images/base-linuxarm64/Dockerfile b/images/base-linuxarm64/Dockerfile index 8e786b1..89be1fd 100644 --- a/images/base-linuxarm64/Dockerfile +++ b/images/base-linuxarm64/Dockerfile @@ -56,8 +56,8 @@ ENV PATH="/opt/ct-ng/bin:${PATH}" \ AR="${FFBUILD_TOOLCHAIN}-gcc-ar" \ RANLIB="${FFBUILD_TOOLCHAIN}-gcc-ranlib" \ NM="${FFBUILD_TOOLCHAIN}-gcc-nm" \ - CFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -fPIC -DPIC -D_FORTIFY_SOURCE=2 -fstack-protector-strong -pthread" \ - CXXFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -fPIC -DPIC -D_FORTIFY_SOURCE=2 -fstack-protector-strong -pthread" \ - LDFLAGS="-static-libgcc -static-libstdc++ -L/opt/ffbuild/lib -O2 -pipe -fstack-protector-strong -Wl,-z,relro,-z,now -pthread -lm" \ + CFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -fPIC -DPIC -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection -pthread" \ + CXXFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -fPIC -DPIC -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection -pthread" \ + LDFLAGS="-static-libgcc -static-libstdc++ -L/opt/ffbuild/lib -O2 -pipe -fstack-protector-strong -fstack-clash-protection -Wl,-z,relro,-z,now -pthread -lm" \ STAGE_CFLAGS="-fvisibility=hidden -fno-semantic-interposition" \ STAGE_CXXFLAGS="-fvisibility=hidden -fno-semantic-interposition" diff --git a/images/base-win32/Dockerfile b/images/base-win32/Dockerfile index 01105ef..91802b4 100644 --- a/images/base-win32/Dockerfile +++ b/images/base-win32/Dockerfile @@ -40,8 +40,8 @@ ENV PATH="/opt/ct-ng/bin:${PATH}" \ RANLIB="${FFBUILD_TOOLCHAIN}-gcc-ranlib" \ NM="${FFBUILD_TOOLCHAIN}-gcc-nm" \ DLLTOOL="${FFBUILD_TOOLCHAIN}-dlltool" \ - CFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -D_FORTIFY_SOURCE=2 -fstack-protector-strong" \ - CXXFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -D_FORTIFY_SOURCE=2 -fstack-protector-strong" \ - LDFLAGS="-static-libgcc -static-libstdc++ -L/opt/ffbuild/lib -O2 -pipe -fstack-protector-strong" \ + CFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection" \ + CXXFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection" \ + LDFLAGS="-static-libgcc -static-libstdc++ -L/opt/ffbuild/lib -O2 -pipe -fstack-protector-strong -fstack-clash-protection" \ STAGE_CFLAGS="-fno-semantic-interposition" \ STAGE_CXXFLAGS="-fno-semantic-interposition" diff --git a/images/base-win64/Dockerfile b/images/base-win64/Dockerfile index 5966a0c..344c1f1 100644 --- a/images/base-win64/Dockerfile +++ b/images/base-win64/Dockerfile @@ -40,8 +40,8 @@ ENV PATH="/opt/ct-ng/bin:${PATH}" \ RANLIB="${FFBUILD_TOOLCHAIN}-gcc-ranlib" \ NM="${FFBUILD_TOOLCHAIN}-gcc-nm" \ DLLTOOL="${FFBUILD_TOOLCHAIN}-dlltool" \ - CFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -D_FORTIFY_SOURCE=2 -fstack-protector-strong" \ - CXXFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -D_FORTIFY_SOURCE=2 -fstack-protector-strong" \ - LDFLAGS="-static-libgcc -static-libstdc++ -L/opt/ffbuild/lib -O2 -pipe -fstack-protector-strong" \ + CFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection" \ + CXXFLAGS="-static-libgcc -static-libstdc++ -I/opt/ffbuild/include -O2 -pipe -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection" \ + LDFLAGS="-static-libgcc -static-libstdc++ -L/opt/ffbuild/lib -O2 -pipe -fstack-protector-strong -fstack-clash-protection" \ STAGE_CFLAGS="-fno-semantic-interposition" \ STAGE_CXXFLAGS="-fno-semantic-interposition"