[Buildroot] [PATCH] Config.in: security hardening: disable FORTIFY_SOURCE for gcc < 6

Matthew Weber matthew.weber at rockwellcollins.com
Mon Nov 5 22:21:16 UTC 2018


Peter/Romain,


On Mon, Nov 5, 2018 at 4:17 PM Peter Korsgaard <peter at korsgaard.com> wrote:
>
> >>>>> "Matthew" == Matthew Weber <matthew.weber at rockwellcollins.com> writes:
>
>  > Romain ,
>  > On Mon, Nov 5, 2018, 14:07 Romain Naour <romain.naour at gmail.com wrote:
>
>  >> As reported in the bug report [1], gcc < 6 doesn't build when
>  >> FORTIFY_SOURCE is set to 1 or 2. The issue is related to the
>  >> upstream bug report [2] but the patch fixing the issue for gcc 6
>  >> has not been backported to earlier gcc versions.
>  >>
>  >> Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1
>  >> and BR2_FORTIFY_SOURCE_2.
>  >>
>
>  > Sorry about the HTML email.
>
>  > Could this dependency be conditional on if a internal toolchain is used?
>
> Ahh yes, if this is really about *building* gcc, then it should be
>
> depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
>

Correct.  I'll have to dig a bit and see what the minimum supported
external toolchain version is.  I believe 5.4.x

Matt



-- 
Matthew L Weber / Pr Software Engineer
Airborne Information Systems / RC Linux Secure Platforms
MS 131-100, C Ave NE, Cedar Rapids, IA, 52498, USA
www.rockwellcollins.com

Note: Any Export License Required Information and License Restricted
Third Party Intellectual Property (TPIP) content must be encrypted and
sent to matthew.weber at corp.rockwellcollins.com.


More information about the buildroot mailing list