From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: [PATCH 10/13] gnu: Add fortify-headers. Date: Mon, 9 Jan 2017 20:21:22 +0000 Message-ID: <20170109202125.31873-11-ng0@libertad.pw> References: <20170109202125.31873-1-ng0@libertad.pw> Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:43908) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cQgRI-0002p0-D2 for guix-devel@gnu.org; Mon, 09 Jan 2017 15:21:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cQgRF-0004Ch-Tm for guix-devel@gnu.org; Mon, 09 Jan 2017 15:21:08 -0500 Received: from aibo.runbox.com ([91.220.196.211]:40980) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cQgRF-0004CM-MC for guix-devel@gnu.org; Mon, 09 Jan 2017 15:21:05 -0500 Received: from [10.9.9.210] (helo=mailfront10.runbox.com) by bars.runbox.com with esmtp (Exim 4.71) (envelope-from ) id 1cQgRD-0003RZ-UQ for guix-devel@gnu.org; Mon, 09 Jan 2017 21:21:04 +0100 In-Reply-To: <20170109202125.31873-1-ng0@libertad.pw> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org * gnu/packages/suckless.scm (fortify-headers): New variable. --- gnu/packages/suckless.scm | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/gnu/packages/suckless.scm b/gnu/packages/suckless.scm index afbd8ccd6..e160273e3 100644 --- a/gnu/packages/suckless.scm +++ b/gnu/packages/suckless.scm @@ -497,3 +497,44 @@ factorisation, but you can force its output. You can adjust the number of decimals with the @code{SCALE} environment variable.") (license license:wtfpl))) + +(define-public fortify-headers + (package + (name "fortify-headers") + (version "0.8") + (source + (origin + (method url-fetch) + (uri (string-append "http://dl.2g30.org/releases/" + name "-" version ".tar.gz")) + (sha256 + (base32 + "1cacdczpjb49c4i1168g541wnl3i3gbpv2m2wbnmw5wddlyhgkdg")))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; No tests + #:make-flags (list "CC=gcc" + (string-append "PREFIX=" %output)) + #:phases + (modify-phases %standard-phases + (delete 'configure)))) ; No configure script + (home-page "http://2f30.org") + (synopsis "Standalone fortify-source implementation") + (description + "This is a standalone implementation of fortify source. It provides +compile time buffer checks. It is libc-agnostic and simply overlays the +system headers by using the @code{#include_next} extension found in GCC. It was +initially intended to be used on musl based Linux distributions. + +@itemize +@item It is portable, works on *BSD, Linux, Solaris and possibly others. +@item It will only trap non-conformant programs. This means that fortify + level 2 is treated in the same way as level 1. +@item Avoids making function calls when undefined behaviour has already been + invoked. This is handled by using __builtin_trap(). +@item Support for out-of-bounds read interfaces, such as send(), write(), + fwrite() etc. +@item No ABI is enforced. All of the fortify check functions are inlined + into the resulting binary. +@end itemize\n") + (license license:isc))) -- 2.11.0