diff options
-rw-r--r-- | config/libc/glibc-eglibc.in-common | 21 | ||||
-rw-r--r-- | scripts/build/libc/glibc-eglibc.sh-common | 9 |
2 files changed, 29 insertions, 1 deletions
diff --git a/config/libc/glibc-eglibc.in-common b/config/libc/glibc-eglibc.in-common index a901e58..6e00688 100644 --- a/config/libc/glibc-eglibc.in-common +++ b/config/libc/glibc-eglibc.in-common @@ -58,6 +58,27 @@ config LIBC_EXTRA_CC_ARGS Seldom used, except for sparc64 which seems to need the flag -64 to be passed onto gcc. +config LIBC_ENABLE_FORTIFIED_BUILD + bool + prompt "Enable fortified build (EXPERIMENTAL)" + depends on EXPERIMENTAL + default n + help + If you say 'y' here, then glibc will be using fortified versions + of functions with format arguments (eg. vsyslog, printf...), and + do a sanity check on the format at runtime, to avoid some of the + common format string attacks. + + This is currently not supported, and will most probably result in + a broken build, with an error message like: + ../misc/syslog.c: In function '__vsyslog_chk': + ../misc/syslog.c:123: sorry, unimplemented: inlining failed in + call to 'syslog': function body not available + + If you are brave enough and want to debug the issue, then say 'y' + here. Otherwise, be still and say 'n' (the default). ;-) + + config LIBC_DISABLE_VERSIONING bool prompt "Disable symbols versioning" diff --git a/scripts/build/libc/glibc-eglibc.sh-common b/scripts/build/libc/glibc-eglibc.sh-common index c03fa11..8ec8e8d 100644 --- a/scripts/build/libc/glibc-eglibc.sh-common +++ b/scripts/build/libc/glibc-eglibc.sh-common @@ -114,6 +114,7 @@ do_libc() { local extra_cc_args local -a extra_config local -a extra_make_args + local glibc_cflags CT_DoStep INFO "Installing C library" @@ -199,6 +200,12 @@ do_libc() { CT_DoLog DEBUG "Extra config args passed: '${extra_config[*]}'" CT_DoLog DEBUG "Extra CC args passed : '${extra_cc_args}'" + glibc_cflags="${CT_TARGET_CFLAGS} ${CT_LIBC_GLIBC_EXTRA_CFLAGS} ${OPTIMIZE}" + case "${CT_LIBC_ENABLE_FORTIFIED_BUILD}" in + y) ;; + *) glibc_cflags+=" -U_FORTIFY_SOURCE";; + esac + # ./configure is mislead by our tools override wrapper for bash # so just tell it where the real bash is _on_the_target_! # Notes: @@ -221,7 +228,7 @@ do_libc() { # Set BUILD_CC, or we won't be able to build datafiles BUILD_CC="${CT_BUILD}-gcc" \ - CFLAGS="${CT_TARGET_CFLAGS} ${CT_LIBC_GLIBC_EXTRA_CFLAGS} ${OPTIMIZE}" \ + CFLAGS="${glibc_cflags}" \ CC="${CT_TARGET}-gcc ${CT_LIBC_EXTRA_CC_ARGS} ${extra_cc_args}" \ AR=${CT_TARGET}-ar \ RANLIB=${CT_TARGET}-ranlib \ |