1.1 --- a/config/libc/glibc-eglibc.in-common Mon Feb 21 14:39:24 2011 +0100
1.2 +++ b/config/libc/glibc-eglibc.in-common Mon Feb 21 23:39:46 2011 +0100
1.3 @@ -58,6 +58,27 @@
1.4 Seldom used, except for sparc64 which seems to need the flag -64
1.5 to be passed onto gcc.
1.6
1.7 +config LIBC_ENABLE_FORTIFIED_BUILD
1.8 + bool
1.9 + prompt "Enable fortified build (EXPERIMENTAL)"
1.10 + depends on EXPERIMENTAL
1.11 + default n
1.12 + help
1.13 + If you say 'y' here, then glibc will be using fortified versions
1.14 + of functions with format arguments (eg. vsyslog, printf...), and
1.15 + do a sanity check on the format at runtime, to avoid some of the
1.16 + common format string attacks.
1.17 +
1.18 + This is currently not supported, and will most probably result in
1.19 + a broken build, with an error message like:
1.20 + ../misc/syslog.c: In function '__vsyslog_chk':
1.21 + ../misc/syslog.c:123: sorry, unimplemented: inlining failed in
1.22 + call to 'syslog': function body not available
1.23 +
1.24 + If you are brave enough and want to debug the issue, then say 'y'
1.25 + here. Otherwise, be still and say 'n' (the default). ;-)
1.26 +
1.27 +
1.28 config LIBC_DISABLE_VERSIONING
1.29 bool
1.30 prompt "Disable symbols versioning"
2.1 --- a/scripts/build/libc/glibc-eglibc.sh-common Mon Feb 21 14:39:24 2011 +0100
2.2 +++ b/scripts/build/libc/glibc-eglibc.sh-common Mon Feb 21 23:39:46 2011 +0100
2.3 @@ -114,6 +114,7 @@
2.4 local extra_cc_args
2.5 local -a extra_config
2.6 local -a extra_make_args
2.7 + local glibc_cflags
2.8
2.9 CT_DoStep INFO "Installing C library"
2.10
2.11 @@ -199,6 +200,12 @@
2.12 CT_DoLog DEBUG "Extra config args passed: '${extra_config[*]}'"
2.13 CT_DoLog DEBUG "Extra CC args passed : '${extra_cc_args}'"
2.14
2.15 + glibc_cflags="${CT_TARGET_CFLAGS} ${CT_LIBC_GLIBC_EXTRA_CFLAGS} ${OPTIMIZE}"
2.16 + case "${CT_LIBC_ENABLE_FORTIFIED_BUILD}" in
2.17 + y) ;;
2.18 + *) glibc_cflags+=" -U_FORTIFY_SOURCE";;
2.19 + esac
2.20 +
2.21 # ./configure is mislead by our tools override wrapper for bash
2.22 # so just tell it where the real bash is _on_the_target_!
2.23 # Notes:
2.24 @@ -221,7 +228,7 @@
2.25 # Set BUILD_CC, or we won't be able to build datafiles
2.26
2.27 BUILD_CC="${CT_BUILD}-gcc" \
2.28 - CFLAGS="${CT_TARGET_CFLAGS} ${CT_LIBC_GLIBC_EXTRA_CFLAGS} ${OPTIMIZE}" \
2.29 + CFLAGS="${glibc_cflags}" \
2.30 CC="${CT_TARGET}-gcc ${CT_LIBC_EXTRA_CC_ARGS} ${extra_cc_args}" \
2.31 AR=${CT_TARGET}-ar \
2.32 RANLIB=${CT_TARGET}-ranlib \