[Buildroot] [PATCH] Config.in: security hardening: disable FORTIFY_SOURCE for gcc < 6
Romain Naour
romain.naour at gmail.com
Mon Nov 5 20:07:50 UTC 2018
As reported in the bug report [1], gcc < 6 doesn't build when
FORTIFY_SOURCE is set to 1 or 2. The issue is related to the
upstream bug report [2] but the patch fixing the issue for gcc 6
has not been backported to earlier gcc versions.
Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1
and BR2_FORTIFY_SOURCE_2.
[1] https://bugs.busybox.net/show_bug.cgi?id=11476
[2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
[3] https://github.com/gcc-mirror/gcc/commit/55f12fce4ccf77513644a247f9c401a5b1fa2402
Signed-off-by: Romain Naour <romain.naour at gmail.com>
Cc: Matthew Weber <matthew.weber at rockwellcollins.com>
Cc: Peter Korsgaard <peter at korsgaard.com>
---
To be backported up to Buildroot 2018.02.x.
---
Config.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/Config.in b/Config.in
index 584a1f087f..6176433fc0 100644
--- a/Config.in
+++ b/Config.in
@@ -798,6 +798,8 @@ config BR2_FORTIFY_SOURCE_NONE
config BR2_FORTIFY_SOURCE_1
bool "Conservative"
+ # gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
+ depends on BR2_TOOLCHAIN_GCC_AT_LEAST_6
help
This option sets _FORTIFY_SOURCE to 1 and only introduces
checks that shouldn't change the behavior of conforming
@@ -805,6 +807,8 @@ config BR2_FORTIFY_SOURCE_1
config BR2_FORTIFY_SOURCE_2
bool "Aggressive"
+ # gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
+ depends on BR2_TOOLCHAIN_GCC_AT_LEAST_6
help
This option sets _FORTIFY_SOURCES to 2 and some more
checking is added, but some conforming programs might fail.
--
2.14.5
More information about the buildroot
mailing list