From: ericonr <ericonr@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: [PR PATCH] [Updated] [RFC] Add _FORTIFY_SOURCE impl for musl.
Date: Thu, 13 Aug 2020 04:03:24 +0200 [thread overview]
Message-ID: <20200813020324.HtDc5ZNNq-DftwJwzbwPBcl3MC-HGDl56WzcF8da2-Y@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-24254@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 663 bytes --]
There is an updated pull request by ericonr against master on the void-packages repository
https://github.com/ericonr/void-packages fortify
https://github.com/void-linux/void-packages/pull/24254
[RFC] Add _FORTIFY_SOURCE impl for musl.
Using the `fortify-headers` impl from https://git.2f30.org/fortify-headers/file/README.html , which was recommended in https://wiki.musl-libc.org/open-issues.html#Substitute-for-%3Ccode%3E_FORTIFY_SOURCE%3C/code%3E .
Would definitely require extensive testing, I mostly want to know whether going through this testing is worth it.
A patch file from https://github.com/void-linux/void-packages/pull/24254.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-fortify-24254.patch --]
[-- Type: text/x-diff, Size: 3164 bytes --]
From 0f4251ec56ac471886be6f34317f8ff7588dcc22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89rico=20Rolim?= <erico.erc@gmail.com>
Date: Wed, 12 Aug 2020 22:37:50 -0300
Subject: [PATCH 1/3] New package: fortify-headers-1.1.
---
| 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
create mode 100644 srcpkgs/fortify-headers/template
--git a/srcpkgs/fortify-headers/template b/srcpkgs/fortify-headers/template
new file mode 100644
index 00000000000..1a82dd1dd44
--- /dev/null
+++ b/srcpkgs/fortify-headers/template
@@ -0,0 +1,20 @@
+# Template file for 'fortify-headers'
+pkgname=fortify-headers
+version=1.1
+revision=1
+archs="*-musl"
+build_style=gnu-makefile
+short_desc="Standalone implementation of fortify source"
+maintainer="Érico Nogueira <ericonr@disroot.org>"
+license="ISC"
+homepage="https://git.2f30.org/fortify-headers/"
+distfiles="http://dl.2f30.org/releases/${pkgname}-${version}.tar.gz"
+checksum=6ba5d860a2d2ba4c3346924b93930c34856eafe148bdbdf271ecab8065201fb6
+
+do_build() {
+ :
+}
+
+post_install() {
+ vlicense LICENSE
+}
From 44d73d5ebe5a4e3bb216862faa121f55bcfc80e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89rico=20Rolim?= <erico.erc@gmail.com>
Date: Wed, 12 Aug 2020 22:38:10 -0300
Subject: [PATCH 2/3] musl: have musl-devel depend on fortify-headers.
---
srcpkgs/musl/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/musl/template b/srcpkgs/musl/template
index 22e79588acd..1c3af3e23f8 100644
--- a/srcpkgs/musl/template
+++ b/srcpkgs/musl/template
@@ -2,7 +2,7 @@
pkgname=musl
reverts="1.2.0_1"
version=1.1.24
-revision=3
+revision=4
archs="*-musl"
bootstrap=yes
build_style=gnu-configure
@@ -48,7 +48,7 @@ do_install() {
}
musl-devel_package() {
- depends="kernel-libc-headers ${sourcepkg}-${version}_${revision}"
+ depends="kernel-libc-headers fortify-headers ${sourcepkg}-${version}_${revision}"
short_desc+=" - development files"
pkg_install() {
vmove usr/include
From a7f51f06b8ad9a7955211e2296682a547f8fdcf9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89rico=20Rolim?= <erico.erc@gmail.com>
Date: Wed, 12 Aug 2020 22:39:11 -0300
Subject: [PATCH 3/3] hardening: enable fortify-headers for musl.
---
common/environment/configure/hardening.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/common/environment/configure/hardening.sh b/common/environment/configure/hardening.sh
index 10b67c75fd8..d7658ee37be 100644
--- a/common/environment/configure/hardening.sh
+++ b/common/environment/configure/hardening.sh
@@ -17,8 +17,8 @@ if [ -z "$nopie" ]; then
LDFLAGS="-specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
else
# Enable FORITFY_SOURCE=2
- CFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CFLAGS}"
- CXXFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
+ CFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 -I${XBPS_CROSS_BASE}/usr/include/fortify ${CFLAGS}"
+ CXXFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 -I${XBPS_CROSS_BASE}/usr/include/fortify ${CXXFLAGS}"
LDFLAGS="-Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
fi
else
next prev parent reply other threads:[~2020-08-13 2:03 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-13 2:01 [PR PATCH] " ericonr
2020-08-13 2:03 ` ericonr [this message]
2020-08-13 4:29 ` q66
2020-08-13 4:43 ` q66
2020-08-13 4:52 ` q66
2020-08-13 4:55 ` q66
2020-08-13 5:46 ` [PR PATCH] [Updated] " ericonr
2020-08-13 5:51 ` ericonr
2020-08-13 5:52 ` ericonr
2020-08-13 5:52 ` ericonr
2020-08-13 14:21 ` q66
2020-08-13 14:24 ` sgn
2020-08-13 14:34 ` ericonr
2020-08-13 14:45 ` q66
2020-08-13 14:45 ` [PR PATCH] [Closed]: " q66
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200813020324.HtDc5ZNNq-DftwJwzbwPBcl3MC-HGDl56WzcF8da2-Y@z \
--to=ericonr@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).