| #
3e83d15b |
| 10-Jan-2023 |
deraadt <deraadt@openbsd.org> |
create infrastructure so that jump tables on/off can be tweaked by an
architecture by changing JUMP_TABLES_DEFAULT
ok kettenis
|
| #
f451200a |
| 10-Jul-2014 |
matthew <matthew@openbsd.org> |
Backport support for -Wframe-larger-than=N to base GCC
This is the flag name that modern GCC and Clang have de facto
standardized on for the functionality that we locally named
-Wstack-larger-than-N
Backport support for -Wframe-larger-than=N to base GCC
This is the flag name that modern GCC and Clang have de facto
standardized on for the functionality that we locally named
-Wstack-larger-than-N.
ok brad, miod
show more ...
|
| #
121b8252 |
| 06-May-2014 |
martynas <martynas@openbsd.org> |
Introduce -fstack-shuffle, which randomizes local stack variables.
This will make the environment more hostile and help detect bugs
that depend on overrunning one variable into another, with almost
n
Introduce -fstack-shuffle, which randomizes local stack variables.
This will make the environment more hostile and help detect bugs
that depend on overrunning one variable into another, with almost
no performance cost.
Discussed with Theo at m2k14 hackathon. "oh god yes" tedu@, "oh nice" djm@
show more ...
|
| #
c7057713 |
| 30-Mar-2014 |
martynas <martynas@openbsd.org> |
Change the heuristics of -fstack-protector to select to protect
additional functions --- those that have local array definitions,
or have references to local frame addresses.
Note that upstream uses
Change the heuristics of -fstack-protector to select to protect
additional functions --- those that have local array definitions,
or have references to local frame addresses.
Note that upstream uses -fstack-protector-strong and misleads people:
-fstack-protector, -fstack-protector-all, -fstack-protector-strong
can you tell which one is safe?
Luckily, OpenBSD has its own compiler and is able to do the right
thing for security: this is enabled by default, and called
-fstack-protector.
OK deraadt@, miod@. Tested for 3 months.
show more ...
|
| #
1bd5ac70 |
| 14-Jan-2014 |
martynas <martynas@openbsd.org> |
Add a new option "-fstack-protector-strong" for GCC4. This includes
additional functions to be protected --- those that have local array
definitions, or have references to local frame addresses.
No
Add a new option "-fstack-protector-strong" for GCC4. This includes
additional functions to be protected --- those that have local array
definitions, or have references to local frame addresses.
Note 1: Han explicitly licensed this under GPLv2 for us.
Note 2: Do *not* use this anywhere in "src" Makefiles, as the other
GCC doesn't have this option yet (but I'm working on it).
show more ...
|
| #
9622a78f |
| 28-Aug-2012 |
pascal <pascal@openbsd.org> |
Add support for PIE-by-default in both ld and gcc. This is a completely
different approach than the one taken in kurt@'s original diff, but deemed
better after discussion and diff exchange with kett
Add support for PIE-by-default in both ld and gcc. This is a completely
different approach than the one taken in kurt@'s original diff, but deemed
better after discussion and diff exchange with kettenis@ and matthew@.
Lots of feedback by kettenis@ and matthew@, prodding and encouragement by
deraadt@.
ok kettenis@ matthew@
show more ...
|
| #
9d06096b |
| 02-Apr-2012 |
pascal <pascal@openbsd.org> |
In r1.2, instead of making -fno-ident the default, its semantics have been
totally fucked up, effectively leading to inverted behaviour of the -fident and
-fno-ident flags (while keeping the .ident s
In r1.2, instead of making -fno-ident the default, its semantics have been
totally fucked up, effectively leading to inverted behaviour of the -fident and
-fno-ident flags (while keeping the .ident string in by default). Revert it
back to normal and default to -fno-ident.
ok millert@
show more ...
|
| #
763c929c |
| 26-Jul-2010 |
guenther <guenther@openbsd.org> |
Turn on -Wsystem-headers by default, so that glitches in our headers
aren't silently ignored but rather get warned about and fixed. Purely
stylistic warnings like -Wredundant-decls are your own prob
Turn on -Wsystem-headers by default, so that glitches in our headers
aren't silently ignored but rather get warned about and fixed. Purely
stylistic warnings like -Wredundant-decls are your own problem however.
testing help from landry@, header fixes from kettenis@
ok deraadt@
show more ...
|
| #
02ddaac8 |
| 30-May-2010 |
kettenis <kettenis@openbsd.org> |
Only enable -fstack-protector by default on targets that support it.
ok marco@
|
| #
100a546d |
| 25-May-2010 |
robert <robert@openbsd.org> |
Enable -fstack-protector by default.
|
| #
f3219db0 |
| 20-May-2010 |
drahn <drahn@openbsd.org> |
turn off strict overflow for all optimizations on OpenBSD, also disable wrapv.
ok kettenis@ robert@, tested by marco@, kevlo@ myself
|
| #
18000515 |
| 29-Apr-2010 |
kettenis <kettenis@openbsd.org> |
Implement -Wvariable-decl.
ok robert@
|
| #
d456bc6e |
| 28-Apr-2010 |
kettenis <kettenis@openbsd.org> |
Enable -fwrapv by default. It's what many programmers expect and according
to miod@ "has a history of being required to build security concerned
software".
ok guenther@, jsg@, robert@
|
| #
490b27d6 |
| 24-Feb-2010 |
robert <robert@openbsd.org> |
merge more local changes:
- disable unsafe builtins
- create a stub for -Wbounded
- move strict aliasing to -O3
|
| #
17c8d4a9 |
| 15-Oct-2009 |
robert <robert@openbsd.org> |
merge some gcc-local(1) changes:
- disable -fident by default
- disable -fstrict-aliasing with -O2
- add support for -Wstack-larger-than-N (only for i386 and amd64 for now)
|
| #
404b540a |
| 15-Oct-2009 |
robert <robert@openbsd.org> |
import of gcc-4.2.1, the last gcc release under GPLv2
|