choice
prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
+ default PKG_FORTIFY_SOURCE_1
help
Enable the _FORTIFY_SOURCE macro which introduces additional
checks to detect buffer-overflows in the following standard library
export GCC_HONOUR_COPTS:=0
TARGET_CROSS:=$(if $(TARGET_CROSS),$(TARGET_CROSS),$(OPTIMIZE_FOR_CPU)-openwrt-linux$(if $(TARGET_SUFFIX),-$(TARGET_SUFFIX))-)
TARGET_CFLAGS+= -fhonour-copts $(if $(CONFIG_GCC_VERSION_4_4)$(CONFIG_GCC_VERSION_4_5),,-Wno-error=unused-but-set-variable)
- TARGET_CPPFLAGS+= -I$(TOOLCHAIN_DIR)/usr/include -I$(TOOLCHAIN_DIR)/include
+ TARGET_CPPFLAGS+= -I$(TOOLCHAIN_DIR)/usr/include -I$(TOOLCHAIN_DIR)/include/fortify -I$(TOOLCHAIN_DIR)/include
TARGET_LDFLAGS+= -L$(TOOLCHAIN_DIR)/usr/lib -L$(TOOLCHAIN_DIR)/lib
TARGET_PATH:=$(TOOLCHAIN_DIR)/bin:$(TARGET_PATH)
else
curdir:=toolchain
# subdirectories to descend into
-$(curdir)/builddirs := $(if $(CONFIG_GDB),gdb) $(if $(CONFIG_INSIGHT),insight) $(if $(CONFIG_EXTERNAL_TOOLCHAIN),wrapper,kernel-headers binutils gcc/minimal gcc/initial gcc/final $(LIBC)/headers $(LIBC))
+$(curdir)/builddirs := $(if $(CONFIG_GDB),gdb) $(if $(CONFIG_INSIGHT),insight) $(if $(CONFIG_EXTERNAL_TOOLCHAIN),wrapper,kernel-headers binutils gcc/minimal gcc/initial gcc/final $(LIBC)/headers $(LIBC) fortify-headers)
ifdef CONFIG_USE_UCLIBC
$(curdir)/builddirs += $(LIBC)/utils
endif
--- /dev/null
+#
+# Copyright (C) 2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/target.mk
+
+PKG_NAME:=fortify-headers
+PKG_VERSION:=0.6
+PKG_RELEASE=1
+
+PKG_SOURCE_URL:=http://dl.2f30.org/releases
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_MD5SUM:=d85072939ec02a40af282fe3febc6c18
+
+include $(INCLUDE_DIR)/toolchain-build.mk
+
+define Host/Compile
+ true
+endef
+
+define Host/Install
+ $(MAKE) -C $(HOST_BUILD_DIR) PREFIX="" DESTDIR="$(TOOLCHAIN_DIR)" install
+endef
+
+$(eval $(call HostBuild))
--- /dev/null
+From 1f9848efc8a329cb9a13323cbb94b353d39802c1 Mon Sep 17 00:00:00 2001
+From: Steven Barth <steven@midlink.org>
+Date: Mon, 22 Jun 2015 14:36:16 +0200
+Subject: [PATCH] unistd: fix signed / unsigned comparison in getgroups
+
+Signed-off-by: Steven Barth <steven@midlink.org>
+---
+ include/unistd.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/unistd.h b/include/unistd.h
+index 45304e1..5274e22 100644
+--- a/include/unistd.h
++++ b/include/unistd.h
+@@ -71,7 +71,7 @@ _FORTIFY_FN(getgroups) int getgroups(int __l, gid_t *__s)
+ {
+ size_t __b = __builtin_object_size(__s, 0);
+
+- if (__l > __b / sizeof(gid_t))
++ if (__l < 0 || (size_t)__l > __b / sizeof(gid_t))
+ __builtin_trap();
+ return __orig_getgroups(__l, __s);
+ }
+--
+2.1.4
+
projects / openwrt / openwrt.git / commitdiff