1.1 --- a/config/libc/glibc-eglibc.in-common	Mon Feb 21 14:39:24 2011 +0100
     1.2 +++ b/config/libc/glibc-eglibc.in-common	Mon Feb 21 23:39:46 2011 +0100
     1.3 @@ -58,6 +58,27 @@
     1.4        Seldom used, except for sparc64 which seems to need the flag -64
     1.5        to be passed onto gcc.
     1.6  
     1.7 +config LIBC_ENABLE_FORTIFIED_BUILD
     1.8 +    bool
     1.9 +    prompt "Enable fortified build (EXPERIMENTAL)"
    1.10 +    depends on EXPERIMENTAL
    1.11 +    default n
    1.12 +    help
    1.13 +      If you say 'y' here, then glibc will be using fortified versions
    1.14 +      of functions with format arguments (eg. vsyslog, printf...), and
    1.15 +      do a sanity check on the format at runtime, to avoid some of the
    1.16 +      common format string attacks.
    1.17 +      
    1.18 +      This is currently not supported, and will most probably result in
    1.19 +      a broken build, with an error message like:
    1.20 +        ../misc/syslog.c: In function '__vsyslog_chk':
    1.21 +        ../misc/syslog.c:123: sorry, unimplemented: inlining failed in
    1.22 +        call to 'syslog': function body not available
    1.23 +      
    1.24 +      If you are brave enough and want to debug the issue, then say 'y'
    1.25 +      here. Otherwise, be still and say 'n' (the default). ;-)
    1.26 +
    1.27 +
    1.28  config LIBC_DISABLE_VERSIONING
    1.29      bool
    1.30      prompt "Disable symbols versioning"

     2.1 --- a/scripts/build/libc/glibc-eglibc.sh-common	Mon Feb 21 14:39:24 2011 +0100
     2.2 +++ b/scripts/build/libc/glibc-eglibc.sh-common	Mon Feb 21 23:39:46 2011 +0100
     2.3 @@ -114,6 +114,7 @@
     2.4      local extra_cc_args
     2.5      local -a extra_config
     2.6      local -a extra_make_args
     2.7 +    local glibc_cflags
     2.8  
     2.9      CT_DoStep INFO "Installing C library"
    2.10  
    2.11 @@ -199,6 +200,12 @@
    2.12      CT_DoLog DEBUG "Extra config args passed: '${extra_config[*]}'"
    2.13      CT_DoLog DEBUG "Extra CC args passed    : '${extra_cc_args}'"
    2.14  
    2.15 +    glibc_cflags="${CT_TARGET_CFLAGS} ${CT_LIBC_GLIBC_EXTRA_CFLAGS} ${OPTIMIZE}"
    2.16 +    case "${CT_LIBC_ENABLE_FORTIFIED_BUILD}" in
    2.17 +        y)  ;;
    2.18 +        *)  glibc_cflags+=" -U_FORTIFY_SOURCE";;
    2.19 +    esac
    2.20 +
    2.21      # ./configure is mislead by our tools override wrapper for bash
    2.22      # so just tell it where the real bash is _on_the_target_!
    2.23      # Notes:
    2.24 @@ -221,7 +228,7 @@
    2.25      # Set BUILD_CC, or we won't be able to build datafiles
    2.26  
    2.27      BUILD_CC="${CT_BUILD}-gcc"                                      \
    2.28 -    CFLAGS="${CT_TARGET_CFLAGS} ${CT_LIBC_GLIBC_EXTRA_CFLAGS} ${OPTIMIZE}"  \
    2.29 +    CFLAGS="${glibc_cflags}"                                        \
    2.30      CC="${CT_TARGET}-gcc ${CT_LIBC_EXTRA_CC_ARGS} ${extra_cc_args}" \
    2.31      AR=${CT_TARGET}-ar                                              \
    2.32      RANLIB=${CT_TARGET}-ranlib                                      \