diff options
| author | jvoisin | 2024-01-21 13:44:18 +0100 |
|---|---|---|
| committer | jvoisin | 2024-01-21 13:44:18 +0100 |
| commit | 9b0f04d79ea18c0b452cdba091315945411d8417 (patch) | |
| tree | b8a0b1d6ff34c4485250fd7cd05d6b6ab6d24971 | |
| parent | fee3ae284d46ed40260cf6f81a10fb7429a8d3d8 (diff) | |
Yet another libcpp hardening macro shitshow
| -rw-r--r-- | README.md | 5 |
1 files changed, 3 insertions, 2 deletions
| @@ -5,7 +5,8 @@ | |||
| 5 | |`-D_FORTIFY_SOURCE=2` |[yes](https://gitlab.alpinelinux.org/alpine/tsc/-/issues/64)|[2011](https://github.com/guillemj/dpkg/commit/f3bb7d4939ae95cf44c89e8f599e7ed5da431e57)|[2007](https://listman.redhat.com/archives/fedora-devel-announce/2007-September/msg00015.html)|yes|superseded|[2008](https://wiki.ubuntu.com/ToolChain/CompilerFlags#A-D_FORTIFY_SOURCE.3D2)|[2005](https://en.opensuse.org/openSUSE:Security_Features)|[2021](https://gitlab.archlinux.org/archlinux/packaging/packages/pacman/-/commit/f409a72342bf37017f190021970efaaeac1bb619)|?|[yes](https://github.com/chimera-linux/cports/commit/9b78e55067f024b8dbf9fbceb472e8705f84ed5d)|[2017](https://android-developers.googleblog.com/2019/10/introducing-ndk-r21-our-first-long-term.html)|yes| | 5 | |`-D_FORTIFY_SOURCE=2` |[yes](https://gitlab.alpinelinux.org/alpine/tsc/-/issues/64)|[2011](https://github.com/guillemj/dpkg/commit/f3bb7d4939ae95cf44c89e8f599e7ed5da431e57)|[2007](https://listman.redhat.com/archives/fedora-devel-announce/2007-September/msg00015.html)|yes|superseded|[2008](https://wiki.ubuntu.com/ToolChain/CompilerFlags#A-D_FORTIFY_SOURCE.3D2)|[2005](https://en.opensuse.org/openSUSE:Security_Features)|[2021](https://gitlab.archlinux.org/archlinux/packaging/packages/pacman/-/commit/f409a72342bf37017f190021970efaaeac1bb619)|?|[yes](https://github.com/chimera-linux/cports/commit/9b78e55067f024b8dbf9fbceb472e8705f84ed5d)|[2017](https://android-developers.googleblog.com/2019/10/introducing-ndk-r21-our-first-long-term.html)|yes| |
| 6 | |`-D_FORTIFY_SOURCE=3` |no |[no](https://wiki.debian.org/Hardening)|[2023](https://fedoraproject.org/wiki/Changes/Add_FORTIFY_SOURCE%3D3_to_distribution_build_flags)|no|[2022](https://bugs.gentoo.org/876893)|[2024](https://bugs.launchpad.net/ubuntu/+source/gcc-13/+bug/2012440)|[2023](https://en.opensuse.org/openSUSE:Security_Features)|[not](https://gitlab.archlinux.org/archlinux/rfcs/-/merge_requests/17) [yet](https://gitlab.archlinux.org/archlinux/devtools/-/merge_requests/191)|?|[2024](https://github.com/chimera-linux/cports/commit/a26be649d8a13c1012d5e165055d354a6bab1af8)|[no](https://android.googlesource.com/platform/bionic.git/+/HEAD/docs/status.md#fortify)|yes| | 6 | |`-D_FORTIFY_SOURCE=3` |no |[no](https://wiki.debian.org/Hardening)|[2023](https://fedoraproject.org/wiki/Changes/Add_FORTIFY_SOURCE%3D3_to_distribution_build_flags)|no|[2022](https://bugs.gentoo.org/876893)|[2024](https://bugs.launchpad.net/ubuntu/+source/gcc-13/+bug/2012440)|[2023](https://en.opensuse.org/openSUSE:Security_Features)|[not](https://gitlab.archlinux.org/archlinux/rfcs/-/merge_requests/17) [yet](https://gitlab.archlinux.org/archlinux/devtools/-/merge_requests/191)|?|[2024](https://github.com/chimera-linux/cports/commit/a26be649d8a13c1012d5e165055d354a6bab1af8)|[no](https://android.googlesource.com/platform/bionic.git/+/HEAD/docs/status.md#fortify)|yes| |
| 7 | |`-D_GLIBCXX_ASSERTIONS` |[2023](https://gitlab.alpinelinux.org/alpine/abuild/-/commit/44c933da5d8e364d6cd755071f629c05444191df)|no|[2018](https://fedoraproject.org/wiki/Changes/HardeningFlags28)|no|[2022](https://bugs.gentoo.org/876895)|[no](https://bugs.launchpad.net/ubuntu/+source/gcc-12/+bug/2016042)|yes|[2021](https://gitlab.archlinux.org/archlinux/packaging/packages/pacman/-/commit/f409a72342bf37017f190021970efaaeac1bb619)|no|no|no|?| | 7 | |`-D_GLIBCXX_ASSERTIONS` |[2023](https://gitlab.alpinelinux.org/alpine/abuild/-/commit/44c933da5d8e364d6cd755071f629c05444191df)|no|[2018](https://fedoraproject.org/wiki/Changes/HardeningFlags28)|no|[2022](https://bugs.gentoo.org/876895)|[no](https://bugs.launchpad.net/ubuntu/+source/gcc-12/+bug/2016042)|yes|[2021](https://gitlab.archlinux.org/archlinux/packaging/packages/pacman/-/commit/f409a72342bf37017f190021970efaaeac1bb619)|no|no|no|?| |
| 8 | |`-D_LIBCPP_ENABLE_HARDENED_MODE` (llvm17) |[not yet](https://gitlab.alpinelinux.org/alpine/abuild/-/commit/65b5d578b2d9e3f170bc9d31dcd23f0014cfc36e)[^1]|no|no|no|[2023](https://bugs.gentoo.org/851111)|no|no|no|?|?|no|[yes](https://bugs.chromium.org/p/chromium/issues/detail?id=1335422)| | 8 | |`-D_LIBCPP_HARDENING_MODE_HARDENED`/`-flibc++-hardening` |no|no|no|no|?|no|no|no|?|?|no|?| |
| 9 | |`-D_LIBCPP_ENABLE_HARDENED_MODE` (deprecated) |[not yet](https://gitlab.alpinelinux.org/alpine/abuild/-/commit/65b5d578b2d9e3f170bc9d31dcd23f0014cfc36e)[^1]|no|no|no|[2023](https://bugs.gentoo.org/851111)|no|no|no|?|?|no|[yes](https://bugs.chromium.org/p/chromium/issues/detail?id=1335422)| | ||
| 9 | |`-D_LIBCXX_ENABLE_ASSERTIONS` (llvm16) |no|no|no|no|superseded|no|no|no|?|[yes](https://github.com/search?q=repo%3Achimera-linux%2Fcports+DLIBCXX_ENABLE_ASSERTIONS&type=code)|?|[yes](https://bugs.chromium.org/p/chromium/issues/detail?id=1335422) | 10 | |`-D_LIBCXX_ENABLE_ASSERTIONS` (llvm16) |no|no|no|no|superseded|no|no|no|?|[yes](https://github.com/search?q=repo%3Achimera-linux%2Fcports+DLIBCXX_ENABLE_ASSERTIONS&type=code)|?|[yes](https://bugs.chromium.org/p/chromium/issues/detail?id=1335422) |
| 10 | |`-Wformat -Wformat-security`/`-Wformat=2` |[2023](https://gitlab.alpinelinux.org/alpine/abuild/-/commit/ca8375f0e9d1715e38c14c918c675d6774f1eabc)|[2011](https://salsa.debian.org/toolchain-team/gcc/-/blob/master/debian/patches/gcc-distro-specs.diff)|[2013](https://fedoraproject.org/wiki/Changes/FormatSecurity)|[2009](https://bugs.gentoo.org/259417)|[2009](https://bugs.gentoo.org/259417)|[2008](https://wiki.ubuntu.com/ToolChain/CompilerFlags)|yes|[2021](https://gitlab.archlinux.org/archlinux/packaging/packages/pacman/-/commit/f409a72342bf37017f190021970efaaeac1bb619)|?|[2023](https://github.com/chimera-linux/cports/commit/ad898a6b645b11dee989f4504e89577f5395ba24)|[2010](https://source.android.com/docs/security/enhancements/enhancements41)|yes| | 11 | |`-Wformat -Wformat-security`/`-Wformat=2` |[2023](https://gitlab.alpinelinux.org/alpine/abuild/-/commit/ca8375f0e9d1715e38c14c918c675d6774f1eabc)|[2011](https://salsa.debian.org/toolchain-team/gcc/-/blob/master/debian/patches/gcc-distro-specs.diff)|[2013](https://fedoraproject.org/wiki/Changes/FormatSecurity)|[2009](https://bugs.gentoo.org/259417)|[2009](https://bugs.gentoo.org/259417)|[2008](https://wiki.ubuntu.com/ToolChain/CompilerFlags)|yes|[2021](https://gitlab.archlinux.org/archlinux/packaging/packages/pacman/-/commit/f409a72342bf37017f190021970efaaeac1bb619)|?|[2023](https://github.com/chimera-linux/cports/commit/ad898a6b645b11dee989f4504e89577f5395ba24)|[2010](https://source.android.com/docs/security/enhancements/enhancements41)|yes| |
| 11 | |`-Wl,-z,noexecstack` |yes|yes|yes|yes|yes|yes|yes|yes|yes|yes|yes| | 12 | |`-Wl,-z,noexecstack` |yes|yes|yes|yes|yes|yes|yes|yes|yes|yes|yes| |
| @@ -49,5 +50,5 @@ Sources and resources: | |||
| 49 | - https://fedoraproject.org/wiki/Security_Features_Matrix | 50 | - https://fedoraproject.org/wiki/Security_Features_Matrix |
| 50 | - https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html | 51 | - https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html |
| 51 | 52 | ||
| 52 | [^1]: As `-D_LIBCPP_ENABLE_HARDENED_MODE` only works for llvm17, which isn't in Alpine yet. It replaces `-D_LIBCPP_ASSERT` and `-D_LIBCPP_ENABLE_ASSERTIONS`. | 53 | [^1]: As `-D_LIBCPP_ENABLE_HARDENED_MODE` only works for llvm18, which isn't in Alpine yet. It replaces `-D_LIBCPP_ASSERT` and `-D_LIBCPP_ENABLE_ASSERTIONS`. |
| 53 | [^2]: Not supported by [musl libc](https://musl.libc.org) | 54 | [^2]: Not supported by [musl libc](https://musl.libc.org) |