X-Git-Url: https://git.archive.openwrt.org/?a=blobdiff_plain;f=config%2FConfig-build.in;h=2523a18bd0be70ef69d9f55e8490c14129da7c4e;hb=57bb95359c612a61b9739181bb0752a6c03edb69;hp=213609b8b2bf277659cd2e4eb1bf6d5046d6ead6;hpb=60e0b4c321836f6523c25a1de1a6a79085a1bdc6;p=openwrt.git

diff --git a/config/Config-build.in b/config/Config-build.in
index 213609b8b2..2523a18bd0 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -6,10 +6,18 @@
 
 menu "Global build settings"
 
+	config ALL_KMODS
+		bool "Select all kernel module packages by default"
+		default ALL
+
 	config ALL
-		bool "Select all packages by default"
+		bool "Select all userspace packages by default"
 		default n
 
+	config SIGNED_PACKAGES
+		bool "Cryptographically signed package lists"
+		default y
+
 	comment "General build options"
 
 	config DISPLAY_SUPPORT
@@ -75,7 +83,7 @@ menu "Global build settings"
 		prompt "Enable IPv6 support in packages"
 		default y
 		help
-		  Enable IPv6 support in packages (passes --enable-ipv6 to configure scripts).
+		  Enables IPv6 support in kernel (builtin) and packages.
 
 	config PKG_BUILD_PARALLEL
 		bool
@@ -203,7 +211,7 @@ menu "Global build settings"
 	config PKG_CHECK_FORMAT_SECURITY
 		bool
 		prompt "Enable gcc format-security"
-		default n
+		default y
 		help
 		  Add -Wformat -Werror=format-security to the CFLAGS.  You can disable
 		  this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
@@ -211,25 +219,27 @@ menu "Global build settings"
 
 	choice
 		prompt "User space Stack-Smashing Protection"
-		default PKG_CC_STACKPROTECTOR_NONE
+		depends on USE_MUSL
+		default PKG_CC_STACKPROTECTOR_REGULAR
 		help
 		  Enable GCC Stack Smashing Protection (SSP) for userspace applications
 		config PKG_CC_STACKPROTECTOR_NONE
 			bool "None"
 		config PKG_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
-			select SSP_SUPPORT
+			select SSP_SUPPORT if !USE_MUSL
 			depends on KERNEL_CC_STACKPROTECTOR_REGULAR
 		config PKG_CC_STACKPROTECTOR_STRONG
 			bool "Strong"
-			select SSP_SUPPORT
-			depends on GCC_VERSION_4_9_LINARO
+			select SSP_SUPPORT if !USE_MUSL
+			depends on GCC_VERSION_5
 			depends on KERNEL_CC_STACKPROTECTOR_STRONG
 	endchoice
 
 	choice
 		prompt "Kernel space Stack-Smashing Protection"
-		default KERNEL_CC_STACKPROTECTOR_NONE
+		default KERNEL_CC_STACKPROTECTOR_REGULAR
+		depends on USE_MUSL || !(x86_64 || i386)
 		help
 		  Enable GCC Stack-Smashing Protection (SSP) for the kernel
 		config KERNEL_CC_STACKPROTECTOR_NONE
@@ -237,12 +247,13 @@ menu "Global build settings"
 		config KERNEL_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
 		config KERNEL_CC_STACKPROTECTOR_STRONG
-			depends on GCC_VERSION_4_9_LINARO
+			depends on GCC_VERSION_5
 			bool "Strong"
 	endchoice
 
 	choice
 		prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
+		default PKG_FORTIFY_SOURCE_1
 		help
 		  Enable the _FORTIFY_SOURCE macro which introduces additional
 		  checks to detect buffer-overflows in the following standard library
@@ -262,6 +273,7 @@ menu "Global build settings"
 
 	choice
 		prompt "Enable RELRO protection"
+		default PKG_RELRO_FULL
 		help
 		  Enable a link-time protection known as RELRO (Relocation Read Only)
 		  which helps to protect from certain type of exploitation techniques