From 0f4251ec56ac471886be6f34317f8ff7588dcc22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89rico=20Rolim?= <erico.erc@gmail.com>
Date: Wed, 12 Aug 2020 22:37:50 -0300
Subject: [PATCH 1/3] New package: fortify-headers-1.1.

---
 srcpkgs/fortify-headers/template | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 srcpkgs/fortify-headers/template

diff --git a/srcpkgs/fortify-headers/template b/srcpkgs/fortify-headers/template
new file mode 100644
index 00000000000..1a82dd1dd44
--- /dev/null
+++ b/srcpkgs/fortify-headers/template
@@ -0,0 +1,20 @@
+# Template file for 'fortify-headers'
+pkgname=fortify-headers
+version=1.1
+revision=1
+archs="*-musl"
+build_style=gnu-makefile
+short_desc="Standalone implementation of fortify source"
+maintainer="Érico Nogueira <ericonr@disroot.org>"
+license="ISC"
+homepage="https://git.2f30.org/fortify-headers/"
+distfiles="http://dl.2f30.org/releases/${pkgname}-${version}.tar.gz"
+checksum=6ba5d860a2d2ba4c3346924b93930c34856eafe148bdbdf271ecab8065201fb6
+
+do_build() {
+	:
+}
+
+post_install() {
+	vlicense LICENSE
+}

From 44d73d5ebe5a4e3bb216862faa121f55bcfc80e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89rico=20Rolim?= <erico.erc@gmail.com>
Date: Wed, 12 Aug 2020 22:38:10 -0300
Subject: [PATCH 2/3] musl: have musl-devel depend on fortify-headers.

---
 srcpkgs/musl/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/musl/template b/srcpkgs/musl/template
index 22e79588acd..1c3af3e23f8 100644
--- a/srcpkgs/musl/template
+++ b/srcpkgs/musl/template
@@ -2,7 +2,7 @@
 pkgname=musl
 reverts="1.2.0_1"
 version=1.1.24
-revision=3
+revision=4
 archs="*-musl"
 bootstrap=yes
 build_style=gnu-configure
@@ -48,7 +48,7 @@ do_install() {
 }
 
 musl-devel_package() {
-	depends="kernel-libc-headers ${sourcepkg}-${version}_${revision}"
+	depends="kernel-libc-headers fortify-headers ${sourcepkg}-${version}_${revision}"
 	short_desc+=" - development files"
 	pkg_install() {
 		vmove usr/include

From e7d19004a5b0aab8bab89b085f934e6e4992169a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89rico=20Rolim?= <erico.erc@gmail.com>
Date: Wed, 12 Aug 2020 22:39:11 -0300
Subject: [PATCH 3/3] hardening: enable fortify-headers for musl.

---
 common/environment/configure/hardening.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/common/environment/configure/hardening.sh b/common/environment/configure/hardening.sh
index 10b67c75fd8..a70b52254e2 100644
--- a/common/environment/configure/hardening.sh
+++ b/common/environment/configure/hardening.sh
@@ -17,8 +17,8 @@ if [ -z "$nopie" ]; then
 		LDFLAGS="-specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
 	else
 		# Enable FORITFY_SOURCE=2
-		CFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CFLAGS}"
-		CXXFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
+		CFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 -isystem ${XBPS_CROSS_BASE}/usr/include/fortify ${CFLAGS}"
+		CXXFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 -isystem ${XBPS_CROSS_BASE}/usr/include/fortify ${CXXFLAGS}"
 		LDFLAGS="-Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
 	fi
 else