projects / openwrt / openwrt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
cns3xxx: update to linux 4.4
[openwrt/openwrt.git] / config / Config-build.in
diff --git a/config/Config-build.in b/config/Config-build.in
index 78582ab415f2b1dde22e050e3229a511999723e0..636e4b311b2fd055176e0bfc0c8d3c3ce4d8d17e 100644 (file)
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -16,6 +16,7 @@ menu "Global build settings"
 
        config SIGNED_PACKAGES
                bool "Cryptographically signed package lists"
+               default y
 
        comment "General build options"
 
@@ -82,7 +83,7 @@ menu "Global build settings"
                prompt "Enable IPv6 support in packages"
                default y
                help
-                 Enable IPv6 support in packages (passes --enable-ipv6 to configure scripts).
+                 Enables IPv6 support in kernel (builtin) and packages.
 
        config PKG_BUILD_PARALLEL
                bool
@@ -142,7 +143,7 @@ menu "Global build settings"
        choice
                prompt "Binary stripping method"
                default USE_STRIP   if EXTERNAL_TOOLCHAIN
-               default USE_STRIP   if USE_GLIBC || USE_MUSL
+               default USE_STRIP   if USE_GLIBC
                default USE_SSTRIP
                help
                  Select the binary stripping method you wish to use.
@@ -210,7 +211,7 @@ menu "Global build settings"
        config PKG_CHECK_FORMAT_SECURITY
                bool
                prompt "Enable gcc format-security"
-               default n
+               default y
                help
                  Add -Wformat -Werror=format-security to the CFLAGS.  You can disable
                  this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
@@ -218,25 +219,27 @@ menu "Global build settings"
 
        choice
                prompt "User space Stack-Smashing Protection"
-               default PKG_CC_STACKPROTECTOR_NONE
+               depends on USE_MUSL
+               default PKG_CC_STACKPROTECTOR_REGULAR
                help
                  Enable GCC Stack Smashing Protection (SSP) for userspace applications
                config PKG_CC_STACKPROTECTOR_NONE
                        bool "None"
                config PKG_CC_STACKPROTECTOR_REGULAR
                        bool "Regular"
-                       select SSP_SUPPORT
+                       select SSP_SUPPORT if !USE_MUSL
                        depends on KERNEL_CC_STACKPROTECTOR_REGULAR
                config PKG_CC_STACKPROTECTOR_STRONG
                        bool "Strong"
-                       select SSP_SUPPORT
-                       depends on GCC_VERSION_4_9_LINARO
+                       select SSP_SUPPORT if !USE_MUSL
+                       depends on GCC_VERSION_5
                        depends on KERNEL_CC_STACKPROTECTOR_STRONG
        endchoice
 
        choice
                prompt "Kernel space Stack-Smashing Protection"
-               default KERNEL_CC_STACKPROTECTOR_NONE
+               default KERNEL_CC_STACKPROTECTOR_REGULAR
+               depends on USE_MUSL || !(x86_64 || i386)
                help
                  Enable GCC Stack-Smashing Protection (SSP) for the kernel
                config KERNEL_CC_STACKPROTECTOR_NONE
@@ -244,12 +247,13 @@ menu "Global build settings"
                config KERNEL_CC_STACKPROTECTOR_REGULAR
                        bool "Regular"
                config KERNEL_CC_STACKPROTECTOR_STRONG
-                       depends on GCC_VERSION_4_9_LINARO
+                       depends on GCC_VERSION_5
                        bool "Strong"
        endchoice
 
        choice
                prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
+               default PKG_FORTIFY_SOURCE_1
                help
                  Enable the _FORTIFY_SOURCE macro which introduces additional
                  checks to detect buffer-overflows in the following standard library
@@ -269,6 +273,7 @@ menu "Global build settings"
 
        choice
                prompt "Enable RELRO protection"
+               default PKG_RELRO_FULL
                help
                  Enable a link-time protection known as RELRO (Relocation Read Only)
                  which helps to protect from certain type of exploitation techniques
OpenWrt Source Repository