From patchwork Sun Oct 27 17:44:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 1185093 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="e2t3NwPr"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 471QJ50DbPz9sP3 for ; Mon, 28 Oct 2019 04:46:13 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=S1rsC9nFgGbWFeNujrm0FDwjpltliSvhCnxQe08GnVo=; b=e2t3NwPrmIRHrm a7FO5zRipJkbTH54VpHE4ezTD9QkJ9/LIV8CX+84x/yjsg6+xSQopv/hOOFUTiLfkvH9dDSVyyo/E hxPDoh9dPjUwMeZdm0wOpGL6bGSg2zmdZSQ4345v+5ib3BCql8vYKinNJq7j2vtgSxGfLotUMD1dh Qm7XTo1ihSIwJl/xwKYmHIMn0huxXRwu6Rs3GO4IXsFoB3Z5/nMvZooTON1jfFU1r7bCWDPkNntDI E3mGqlCLVczPQh+gXPjBvTzn6+W3Ey+n5k4Ln6K0hP4it6WQLlhyaH9yckSH2q8V/RHqeUeDqge3g K5yo6E2Zdx8RXuXKjwKQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iOmc2-0004nl-Cv; Sun, 27 Oct 2019 17:45:58 +0000 Received: from mx2a.mailbox.org ([80.241.60.219]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iOmbM-00041K-Fa for openwrt-devel@lists.openwrt.org; Sun, 27 Oct 2019 17:45:21 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx2a.mailbox.org (Postfix) with ESMTPS id F33F2A3A1A; Sun, 27 Oct 2019 18:45:08 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter01.heinlein-hosting.de (spamfilter01.heinlein-hosting.de [80.241.56.115]) (amavisd-new, port 10030) with ESMTP id SEWQtBI2Lwir; Sun, 27 Oct 2019 18:45:03 +0100 (CET) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Sun, 27 Oct 2019 18:44:33 +0100 Message-Id: <20191027174438.25795-2-hauke@hauke-m.de> In-Reply-To: <20191027174438.25795-1-hauke@hauke-m.de> References: <20191027174438.25795-1-hauke@hauke-m.de> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191027_104516_881054_5444CE95 X-CRM114-Status: GOOD ( 15.63 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.60.219 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH 1/6] buildsystem: Make PIE ASLR option tristate X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens , daniel.engberg.lists@pyret.net, lynxis@fe80.eu, dave@taht.net, nbd@nbd.name Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org This tristate choose allows to select to build only some applications with PIE enabled. On MIPS binaries are getting about 30% bigger when PIE is activated for the, which is a huge increase. Network exposed applications like dnsmasq should then be build with PIE enabled, but some applications which are normally not parsing data from the network do not have it activated. The regular option should give a good trade off between extra flash and RAM memory usage and security. This changes the default from building no applications with PIE to build some specifically marked applications with PIE enabled. This option is only activated for targets with bigger flash and RAM to not consume extra memory on the very small targets. On SDK builds the Regular option should always be selected, because some tiny targets share the applications with big targets and only the images for the tiny targets should contain the none PIE applications, but the images for the normal targets should use PIE. The shared packages should always use PIE when it should be normally activated. Signed-off-by: Hauke Mehrtens --- I hope this !SDK option works. I haven't fully tested this. I want to make sure this is activated on the targets which are not small, but not activate it in the tiny images. For extra installed packages it should be activated. config/Config-build.in | 22 ++++++++++++++++++---- include/hardening.mk | 9 ++++++++- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/config/Config-build.in b/config/Config-build.in index 872e5c12ab..aa05e34f56 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -212,11 +212,10 @@ menu "Global build settings" this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package Makefile. - config PKG_ASLR_PIE - bool + choice prompt "User space ASLR PIE compilation" - select BUSYBOX_DEFAULT_PIE - default n + default PKG_ASLR_PIE_NONE if ((SMALL_FLASH || LOW_MEMORY_FOOTPRINT) && !SDK) + default PKG_ASLR_PIE_REGULAR help Add -fPIC to CFLAGS and -specs=hardened-build-ld to LDFLAGS. This enables package build as Position Independent Executables (PIE) @@ -227,6 +226,21 @@ menu "Global build settings" to predict when an attacker is attempting a memory-corruption exploit. You can disable this per package by adding PKG_ASLR_PIE:=0 in the package Makefile. + Be ware that ASLR increases the binary size. + config PKG_ASLR_PIE_NONE + bool "None" + help + PIE is deactivated for all applications + config PKG_ASLR_PIE_REGULAR + bool "Regular" + help + PIE is activated for some binaries, mostly network exposed applications + config PKG_ASLR_PIE_ALL + bool "All" + select BUSYBOX_DEFAULT_PIE + help + PIE is activated for all applications + endchoice choice prompt "User space Stack-Smashing Protection" diff --git a/include/hardening.mk b/include/hardening.mk index 60f39428e8..4e49e6b1b9 100644 --- a/include/hardening.mk +++ b/include/hardening.mk @@ -7,6 +7,7 @@ PKG_CHECK_FORMAT_SECURITY ?= 1 PKG_ASLR_PIE ?= 1 +PKG_ASLR_PIE_REGULAR ?= 0 PKG_SSP ?= 1 PKG_FORTIFY_SOURCE ?= 1 PKG_RELRO ?= 1 @@ -16,12 +17,18 @@ ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY TARGET_CFLAGS += -Wformat -Werror=format-security endif endif -ifdef CONFIG_PKG_ASLR_PIE +ifdef CONFIG_PKG_ASLR_PIE_ALL ifeq ($(strip $(PKG_ASLR_PIE)),1) TARGET_CFLAGS += $(FPIC) TARGET_LDFLAGS += $(FPIC) -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs endif endif +ifdef CONFIG_PKG_ASLR_PIE_REGULAR + ifeq ($(strip $(PKG_ASLR_PIE_REGULAR)),1) + TARGET_CFLAGS += $(FPIC) + TARGET_LDFLAGS += $(FPIC) -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs + endif +endif ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR ifeq ($(strip $(PKG_SSP)),1) TARGET_CFLAGS += -fstack-protector From patchwork Sun Oct 27 17:44:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 1185091 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="X4PY8t90"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 471QHY5dyzz9sP3 for ; Mon, 28 Oct 2019 04:45:44 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=2akEkCqBt78a+fAXqhWmth7lkJtLl7li2UsoNdtJ2rE=; b=X4PY8t903qBiLc PbhiR/JcHFmoilNVJsCfN+MfVQBXIg+HeulW7h47XF/Xso9zBo9kmD5LBAnGhSo6mPNzuVnm3GDPb WMJm4Btp4EjO+mZKpSDAovxEdvo4uzgW5FhaBlSykGkDDSgPC8xpbBqPJLkISO9litFprECN3KszO F7LMwzLQsMol8Cjxq6M+m17jb0qclBqmeqDfuBDzUhfsCTlXuzhZUw34X8Wx82G2CIhvXdHA3BcPD ecr80JxxRWorSmPWamETl3rQjOVpGL0sz+15hibCQXuTWmWd1wdtJPvAk4KKxM9SzzzeFqIs402L/ AK8H367uu3he/Lq3PApQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iOmbZ-0004IO-EC; Sun, 27 Oct 2019 17:45:29 +0000 Received: from mx2a.mailbox.org ([2001:67c:2050:104:0:2:25:2]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iOmbM-000418-GG for openwrt-devel@lists.openwrt.org; Sun, 27 Oct 2019 17:45:18 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx2a.mailbox.org (Postfix) with ESMTPS id 004F8A39F0; Sun, 27 Oct 2019 18:45:07 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter01.heinlein-hosting.de (spamfilter01.heinlein-hosting.de [80.241.56.115]) (amavisd-new, port 10030) with ESMTP id U_Z_rmKAjfXo; Sun, 27 Oct 2019 18:45:04 +0100 (CET) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Sun, 27 Oct 2019 18:44:34 +0100 Message-Id: <20191027174438.25795-3-hauke@hauke-m.de> In-Reply-To: <20191027174438.25795-1-hauke@hauke-m.de> References: <20191027174438.25795-1-hauke@hauke-m.de> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191027_104516_707170_93B4BA6E X-CRM114-Status: GOOD ( 10.58 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [2001:67c:2050:104:0:2:25:2 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH 2/6] dnsmasq: Activate PIE by default X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens , daniel.engberg.lists@pyret.net, lynxis@fe80.eu, dave@taht.net, nbd@nbd.name Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 37% uncompressed and 18% compressed on MIPS BE. old: 146,933 /usr/sbin/dnsmasq 101,837 dnsmasq_2.80-14_mips_24kc.ipk new: 202,020 /usr/sbin/dnsmasq 120,577 dnsmasq_2.80-14_mips_24kc.ipk Signed-off-by: Hauke Mehrtens --- package/network/services/dnsmasq/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index dc20ada292..5c114eb1c6 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -24,6 +24,7 @@ PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_UPSTR PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 +PKG_ASLR_PIE_REGULAR:=1 PKG_CONFIG_DEPENDS:= CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcp \ CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6 \ CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec \ From patchwork Sun Oct 27 17:44:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 1185094 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="f0/RbQYx"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 471QJ82VP4z9sPT for ; Mon, 28 Oct 2019 04:46:16 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=eKRGWtR9F4oXVuLqQWwLKaWbESq3EXUrl+jJY882oDM=; b=f0/RbQYxjurcAD MkTJ5EQaHXCN7+j/XL7XX0w9pmdAnv0TOpL25Uwao4StpumqdlbjOZv42RzqRS5Ln/hnxzwKeubHB WUpdtSJjk30Dc/f+L7YpsAK041XmrN3WSMVaFBYVDYHPfSTbnW/deL8kiOwSHRTA6wsPxcPd90axI S/9RzsOWPtfP0WOeKBzqxJQwIUpsKf7Iz3W2b7rBSnLunspa00ZYI2HoKrHOAaV5We0bh63HnfXOW ZuY3Iuj+7dgubdUf7Lm8DhsRX3hZ81utmgTKIdm1B6fl/u0Rg0ZKmRg/OuX/xdDxbmhfJUycESLkV cDp2//KVHDmnBO1SKbFA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iOmcG-00053q-BM; Sun, 27 Oct 2019 17:46:12 +0000 Received: from mx2a.mailbox.org ([2001:67c:2050:104:0:2:25:2]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iOmbM-00042p-GK for openwrt-devel@lists.openwrt.org; Sun, 27 Oct 2019 17:45:21 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx2a.mailbox.org (Postfix) with ESMTPS id 69F97A3788; Sun, 27 Oct 2019 18:45:09 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by hefe.heinlein-support.de (hefe.heinlein-support.de [91.198.250.172]) (amavisd-new, port 10030) with ESMTP id 2SQBpB59KTp6; Sun, 27 Oct 2019 18:45:06 +0100 (CET) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Sun, 27 Oct 2019 18:44:35 +0100 Message-Id: <20191027174438.25795-4-hauke@hauke-m.de> In-Reply-To: <20191027174438.25795-1-hauke@hauke-m.de> References: <20191027174438.25795-1-hauke@hauke-m.de> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191027_104516_772071_AFB44801 X-CRM114-Status: UNSURE ( 9.47 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [2001:67c:2050:104:0:2:25:2 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH 3/6] dropbear: Activate PIE by default X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens , daniel.engberg.lists@pyret.net, lynxis@fe80.eu, dave@taht.net, nbd@nbd.name Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 18% uncompressed and 17% compressed on MIPS BE. old: 164,261 /usr/sbin/dropbear 85,648 dropbear_2019.78-2_mips_24kc.ipk new: 194,492 /usr/sbin/dropbear 100,309 dropbear_2019.78-2_mips_24kc.ipk Signed-off-by: Hauke Mehrtens --- package/network/services/dropbear/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 63204042f7..fae1c9587d 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -22,6 +22,7 @@ PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE PKG_CPE_ID:=cpe:/a:matt_johnston:dropbear_ssh_server PKG_BUILD_PARALLEL:=1 +PKG_ASLR_PIE_REGULAR:=1 PKG_USE_MIPS16:=0 PKG_FIXUP:=autoreconf From patchwork Sun Oct 27 17:44:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 1185092 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="s3t4YpBQ"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 471QHf4B9tz9sP3 for ; Mon, 28 Oct 2019 04:45:50 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=8nFMzqMNtyV+eCUWIsH/FNUYEczUPXTRWBi3sBEEkOM=; b=s3t4YpBQfW4l8u 8eLAF5Hp9dmZw4nUKNrRjHOz06zQll+EIj0gXD9uwHwVMVOEicZt2bYltdUAeRbYOb0GCRxFJg4rk roQLhoALiAxkALB6VNqc2UC9kI4oL4Lj8YzNf575PJq3G/tJpihLx83SdinzwMDEBuErlOb3Ss9ub mkITcxboP9VrqRO4O+1w3xRo0ovAhVrgkbnBpIdS3uokuRGGG33g8Hfv7BuxMT0gWkdih/+X1JRej +JgslCG8jwOXmo85F8IyLhXL5Y7tOWXXMGvTtVAdVsahi3WhgkOTr262rdg0YbJOmosX8Z6ouG5uM yoDT3F/MUmItZfB65mog==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iOmbp-0004X7-8y; Sun, 27 Oct 2019 17:45:45 +0000 Received: from mx2a.mailbox.org ([80.241.60.219]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iOmbM-00041y-Fb for openwrt-devel@lists.openwrt.org; Sun, 27 Oct 2019 17:45:18 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx2a.mailbox.org (Postfix) with ESMTPS id 3133CA3A3B; Sun, 27 Oct 2019 18:45:10 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter06.heinlein-hosting.de (spamfilter06.heinlein-hosting.de [80.241.56.125]) (amavisd-new, port 10030) with ESMTP id gkZ2575fpQuw; Sun, 27 Oct 2019 18:45:07 +0100 (CET) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Sun, 27 Oct 2019 18:44:36 +0100 Message-Id: <20191027174438.25795-5-hauke@hauke-m.de> In-Reply-To: <20191027174438.25795-1-hauke@hauke-m.de> References: <20191027174438.25795-1-hauke@hauke-m.de> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191027_104516_692470_428F46E7 X-CRM114-Status: UNSURE ( 9.38 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.60.219 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH 4/6] hostapd: Activate PIE by default X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens , daniel.engberg.lists@pyret.net, lynxis@fe80.eu, dave@taht.net, nbd@nbd.name Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 26% uncompressed and 16% compressed on MIPS BE. old: 460,933 /usr/sbin/wpad 283,891 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk new: 584,508 /usr/sbin/wpad 330,281 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens --- package/network/services/hostapd/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 4f6420f503..2d383ac629 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -20,6 +20,7 @@ PKG_LICENSE:=BSD-3-Clause PKG_CPE_ID:=cpe:/a:w1.fi:hostapd PKG_BUILD_PARALLEL:=1 +PKG_ASLR_PIE_REGULAR:=1 PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_kmod-ath9k \ From patchwork Sun Oct 27 17:44:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 1185096 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="gZzpW75N"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 471QJz32JGz9sP3 for ; Mon, 28 Oct 2019 04:46:59 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=kvTs9uWrUbTDYEC4A/BxaDaYjhWbh3cIq8I+0VZZW5E=; b=gZzpW75N3f8/St fDPQUKIoltmOktNDmDXIJ+m/wLP5USgYLXRMLuBjteiSDSPIxPRTfRsRYzvGvbaU6Wjo6Cgoe0+aa p2XpUkZkorIA0diQOulomP4ii0rwJxjQSQla80UC/eNI3Ax1VeoD/EYT8vI/AtuCfFwn5kscO1FCX /Zyxu3LIpz+G2g+Kw0ZoSYbU/ZwOK3xpzNFNsywFeqgWHu0wSra4A68Lf8PT3xGdCCNsqij1RGUh4 5cZmYSzBX7dIXFwannJQwvFj995nQvQWk3cOfehD0aPXyfqrBTN3o/T4n79EyjKIO/+eXMKa88rzp JVrhGa4aNMXt27PYGg2A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iOmcm-0005iJ-SH; Sun, 27 Oct 2019 17:46:44 +0000 Received: from mx2a.mailbox.org ([80.241.60.219]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iOmbQ-00048F-Nd for openwrt-devel@lists.openwrt.org; Sun, 27 Oct 2019 17:45:23 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx2a.mailbox.org (Postfix) with ESMTPS id 20CCAA1F19; Sun, 27 Oct 2019 18:45:11 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter05.heinlein-hosting.de (spamfilter05.heinlein-hosting.de [80.241.56.123]) (amavisd-new, port 10030) with ESMTP id MftIDGqpMe4e; Sun, 27 Oct 2019 18:45:07 +0100 (CET) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Sun, 27 Oct 2019 18:44:37 +0100 Message-Id: <20191027174438.25795-6-hauke@hauke-m.de> In-Reply-To: <20191027174438.25795-1-hauke@hauke-m.de> References: <20191027174438.25795-1-hauke@hauke-m.de> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191027_104522_314119_92F78D0D X-CRM114-Status: UNSURE ( 9.26 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.60.219 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH 5/6] uhttpd: Activate PIE by default X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens , daniel.engberg.lists@pyret.net, lynxis@fe80.eu, dave@taht.net, nbd@nbd.name Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 39% uncompressed and 21% compressed on MIPS BE. old: 33,189 /usr/sbin/uhttpd 23,016 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk new: 46,212 /usr/sbin/uhttpd 27,979 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk Signed-off-by: Hauke Mehrtens --- package/network/services/uhttpd/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/package/network/services/uhttpd/Makefile b/package/network/services/uhttpd/Makefile index 85b7be7607..a9a7ae769f 100644 --- a/package/network/services/uhttpd/Makefile +++ b/package/network/services/uhttpd/Makefile @@ -18,6 +18,7 @@ PKG_MIRROR_HASH:=4df96054a4fce659e6c849feae7850d542b37ad5caffc1485b7a63c7c2764cb PKG_MAINTAINER:=Felix Fietkau PKG_LICENSE:=ISC +PKG_ASLR_PIE_REGULAR:=1 PKG_BUILD_DEPENDS = ustream-ssl PKG_CONFIG_DEPENDS:= CONFIG_uhttpd_lua From patchwork Sun Oct 27 17:44:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 1185097 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="BsWqMlE6"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 471QK84zkwz9sP3 for ; Mon, 28 Oct 2019 04:47:08 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=GQdpOiDG3H10oUiVSBwDy041xuC2GDb+3yxjK1suJ30=; b=BsWqMlE6JBUQsk yfMfItbe0dqinCXlFWWodv16JtokV1wwA3oCdFXU6wKoGU+2zMR1CkLTh1nxFjgti95w2PkaSBqoB omr/UXYjYpRLG7wnVq3Da9uuMC3xlp5+lE9UsiKhaPDyHIoxT8KFtt5UYPMDHTKjsIWnYefAEkhqh mrh2Ljfrjmhyyut21hbgMQejMWaMFAwuzGXPoNS9Cfq26Y/n83haj+QdI21YzyquW5oIyhUYVF77j ah6MYL9QO/rVwDHtYW0XQGhNJsWPm9buxhZ8UF4zTzg3W9CeHB4hSEad9lIrFF0i1sVZ3klutXnJ0 u3qa+WCzKCLl6i8YZbkA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iOmd5-000663-4V; Sun, 27 Oct 2019 17:47:03 +0000 Received: from mx2a.mailbox.org ([2001:67c:2050:104:0:2:25:2]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iOmbQ-00048E-K7 for openwrt-devel@lists.openwrt.org; Sun, 27 Oct 2019 17:45:25 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx2a.mailbox.org (Postfix) with ESMTPS id 6CBD1A249A; Sun, 27 Oct 2019 18:45:12 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter01.heinlein-hosting.de (spamfilter01.heinlein-hosting.de [80.241.56.115]) (amavisd-new, port 10030) with ESMTP id a70kED-UMTsW; Sun, 27 Oct 2019 18:45:08 +0100 (CET) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Sun, 27 Oct 2019 18:44:38 +0100 Message-Id: <20191027174438.25795-7-hauke@hauke-m.de> In-Reply-To: <20191027174438.25795-1-hauke@hauke-m.de> References: <20191027174438.25795-1-hauke@hauke-m.de> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191027_104522_303940_FC697796 X-CRM114-Status: GOOD ( 12.55 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [2001:67c:2050:104:0:2:25:2 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record Subject: [OpenWrt-Devel] [PATCH 6/6] lantiq: Allow PKG_ASLR_PIE for DSL and voice drivers X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens , daniel.engberg.lists@pyret.net, lynxis@fe80.eu, dave@taht.net, nbd@nbd.name Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org When ASLR_PIE was activated globally these drivers failed to build because the user space LDFLAGS leaked into the kernel build process. This was fixed in upstream Linux kernel commit ce99d0bf312d ("kbuild: clear LDFLAGS in the top Makefile") which went into Linux 4.17. The lantiq target is now on Linux 4.19 only and these exceptions are not needed any more. Signed-off-by: Hauke Mehrtens --- package/kernel/lantiq/ltq-adsl/Makefile | 1 - package/kernel/lantiq/ltq-ifxos/Makefile | 1 - package/kernel/lantiq/ltq-tapi/Makefile | 1 - package/kernel/lantiq/ltq-vdsl-mei/Makefile | 2 -- package/kernel/lantiq/ltq-vdsl/Makefile | 1 - package/kernel/lantiq/ltq-vmmc/Makefile | 1 - package/network/config/ltq-vdsl-app/Makefile | 1 - 7 files changed, 8 deletions(-) diff --git a/package/kernel/lantiq/ltq-adsl/Makefile b/package/kernel/lantiq/ltq-adsl/Makefile index 0fbda34ff9..e6817efffc 100644 --- a/package/kernel/lantiq/ltq-adsl/Makefile +++ b/package/kernel/lantiq/ltq-adsl/Makefile @@ -18,7 +18,6 @@ PKG_HASH:=eb2ed59715d3bf4e8a1460bbbe2f1660039e0a9f9d72afb1b2b16590094eb33c PKG_MAINTAINER:=John Crispin PKG_CHECK_FORMAT_SECURITY:=0 -PKG_ASLR_PIE:=0 PKG_FIXUP:=autoreconf include $(INCLUDE_DIR)/package.mk diff --git a/package/kernel/lantiq/ltq-ifxos/Makefile b/package/kernel/lantiq/ltq-ifxos/Makefile index 4771fda20a..4a368309d3 100644 --- a/package/kernel/lantiq/ltq-ifxos/Makefile +++ b/package/kernel/lantiq/ltq-ifxos/Makefile @@ -17,7 +17,6 @@ PKG_MAINTAINER:=John Crispin PKG_LICENSE:=GPL-2.0 BSD-2-Clause PKG_LICENSE_FILES:=LICENSE -PKG_ASLR_PIE:=0 PKG_FIXUP:=autoreconf include $(INCLUDE_DIR)/package.mk diff --git a/package/kernel/lantiq/ltq-tapi/Makefile b/package/kernel/lantiq/ltq-tapi/Makefile index 171103350e..072041c589 100644 --- a/package/kernel/lantiq/ltq-tapi/Makefile +++ b/package/kernel/lantiq/ltq-tapi/Makefile @@ -17,7 +17,6 @@ PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources PKG_HASH:=109374d52872716570fca3fef3b93c9a93159a804dfd42484b19152b825af5c0 PKG_MAINTAINER:=John Crispin -PKG_ASLR_PIE:=0 PKG_CHECK_FORMAT_SECURITY:=0 PKG_FIXUP:=autoreconf diff --git a/package/kernel/lantiq/ltq-vdsl-mei/Makefile b/package/kernel/lantiq/ltq-vdsl-mei/Makefile index 9597de0072..b8d75a8b2b 100644 --- a/package/kernel/lantiq/ltq-vdsl-mei/Makefile +++ b/package/kernel/lantiq/ltq-vdsl-mei/Makefile @@ -22,8 +22,6 @@ PKG_MAINTAINER:=John Crispin PKG_LICENSE:=GPL-2.0 BSD-2-Clause PKG_LICENSE_FILES:=LICENSE -PKG_ASLR_PIE:=0 - include $(INCLUDE_DIR)/package.mk define KernelPackage/ltq-vdsl-vr9-mei diff --git a/package/kernel/lantiq/ltq-vdsl/Makefile b/package/kernel/lantiq/ltq-vdsl/Makefile index cf3711beb7..d518bd647d 100644 --- a/package/kernel/lantiq/ltq-vdsl/Makefile +++ b/package/kernel/lantiq/ltq-vdsl/Makefile @@ -19,7 +19,6 @@ PKG_HASH:=b4966a60653acc49254b168c6cc9c49eb36c54548e763617788aa4f252a29f21 PKG_LICENSE:=GPL-2.0 BSD-2-Clause PKG_LICENSE_FILES:=LICENSE -PKG_ASLR_PIE:=0 PKG_FIXUP:=autoreconf PKG_MAINTAINER:=John Crispin diff --git a/package/kernel/lantiq/ltq-vmmc/Makefile b/package/kernel/lantiq/ltq-vmmc/Makefile index e44b509b2e..99263cce43 100644 --- a/package/kernel/lantiq/ltq-vmmc/Makefile +++ b/package/kernel/lantiq/ltq-vmmc/Makefile @@ -17,7 +17,6 @@ PKG_HASH:=707f515eb727c032418c4da67d7e86884bb56cdc2a606e8f6ded6057d8767e57 PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources PKG_MAINTAINER:=John Crispin -PKG_ASLR_PIE:=0 PKG_CHECK_FORMAT_SECURITY:=0 PKG_FIXUP:=autoreconf diff --git a/package/network/config/ltq-vdsl-app/Makefile b/package/network/config/ltq-vdsl-app/Makefile index 198841977c..670f720e29 100644 --- a/package/network/config/ltq-vdsl-app/Makefile +++ b/package/network/config/ltq-vdsl-app/Makefile @@ -19,7 +19,6 @@ PKG_LICENSE:=BSD-2-Clause PKG_BUILD_DEPENDS:=ltq-vdsl -PKG_ASLR_PIE:=0 PKG_FLAGS:=nonshared include $(INCLUDE_DIR)/package.mk