From 0f1b17be07ed91f70922978b91c7cc99e7b65f63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89rico=20Rolim?= <erico.erc@gmail.com>
Date: Wed, 12 Aug 2020 22:37:50 -0300
Subject: [PATCH 1/3] New package: fortify-headers-1.1.

---
 srcpkgs/fortify-headers/template | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 srcpkgs/fortify-headers/template

diff --git a/srcpkgs/fortify-headers/template b/srcpkgs/fortify-headers/template
new file mode 100644
index 00000000000..33c00322c4d
--- /dev/null
+++ b/srcpkgs/fortify-headers/template
@@ -0,0 +1,20 @@
+# Template file for 'fortify-headers'
+pkgname=fortify-headers
+version=1.1
+revision=1
+archs="*-musl"
+build_style=gnu-makefile
+short_desc="Standalone implementation of fortify source"
+maintainer="Érico Rolim <erico.erc@gmail.com>"
+license="ISC"
+homepage="https://git.2f30.org/fortify-headers/"
+distfiles="http://dl.2f30.org/releases/${pkgname}-${version}.tar.gz"
+checksum=6ba5d860a2d2ba4c3346924b93930c34856eafe148bdbdf271ecab8065201fb6
+
+do_build() {
+	:
+}
+
+post_install() {
+	vlicense LICENSE
+}

From c16148f3bf0704413c1cc7ee791e4d6fd5672b53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89rico=20Rolim?= <erico.erc@gmail.com>
Date: Wed, 12 Aug 2020 22:38:10 -0300
Subject: [PATCH 2/3] musl: have musl-devel depend on fortify-headers.

---
 srcpkgs/musl/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/musl/template b/srcpkgs/musl/template
index 22e79588acd..1c3af3e23f8 100644
--- a/srcpkgs/musl/template
+++ b/srcpkgs/musl/template
@@ -2,7 +2,7 @@
 pkgname=musl
 reverts="1.2.0_1"
 version=1.1.24
-revision=3
+revision=4
 archs="*-musl"
 bootstrap=yes
 build_style=gnu-configure
@@ -48,7 +48,7 @@ do_install() {
 }
 
 musl-devel_package() {
-	depends="kernel-libc-headers ${sourcepkg}-${version}_${revision}"
+	depends="kernel-libc-headers fortify-headers ${sourcepkg}-${version}_${revision}"
 	short_desc+=" - development files"
 	pkg_install() {
 		vmove usr/include

From e70c843db6e4a64d4b88bf382f05ebedf7bd050c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89rico=20Rolim?= <erico.erc@gmail.com>
Date: Wed, 12 Aug 2020 22:39:11 -0300
Subject: [PATCH 3/3] hardening: enable fortify-headers for musl.

---
 common/environment/configure/hardening.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/common/environment/configure/hardening.sh b/common/environment/configure/hardening.sh
index 10b67c75fd8..d7658ee37be 100644
--- a/common/environment/configure/hardening.sh
+++ b/common/environment/configure/hardening.sh
@@ -17,8 +17,8 @@ if [ -z "$nopie" ]; then
 		LDFLAGS="-specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
 	else
 		# Enable FORITFY_SOURCE=2
-		CFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CFLAGS}"
-		CXXFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
+		CFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 -I${XBPS_CROSS_BASE}/usr/include/fortify ${CFLAGS}"
+		CXXFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 -I${XBPS_CROSS_BASE}/usr/include/fortify ${CXXFLAGS}"
 		LDFLAGS="-Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
 	fi
 else