summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRomain Naour <romain.naour@gmail.com>2018-11-05 20:07:50 (GMT)
committerPeter Korsgaard <peter@korsgaard.com>2018-11-06 07:54:25 (GMT)
commita75ee0e8124023185f4a05e95b2fcd29fa9449d8 (patch)
tree63f186b76e891b2b3f317519a4b5610932b13d17
parent7a3f85ddff33c9c02ee04f1f9aaf5d5c7a9bac45 (diff)
downloadbuildroot-a75ee0e8124023185f4a05e95b2fcd29fa9449d8.tar.gz
buildroot-a75ee0e8124023185f4a05e95b2fcd29fa9449d8.tar.bz2
Config.in: security hardening: disable FORTIFY_SOURCE for gcc < 6
As reported in the bug report [1], gcc < 6 doesn't build when FORTIFY_SOURCE is set to 1 or 2. The issue is related to the upstream bug report [2] but the patch fixing the issue for gcc 6 has not been backported to earlier gcc versions. Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1 and BR2_FORTIFY_SOURCE_2. [1] https://bugs.busybox.net/show_bug.cgi?id=11476 [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164 [3] https://github.com/gcc-mirror/gcc/commit/55f12fce4ccf77513644a247f9c401a5b1fa2402 Signed-off-by: Romain Naour <romain.naour@gmail.com> Cc: Matthew Weber <matthew.weber@rockwellcollins.com> Cc: Peter Korsgaard <peter@korsgaard.com> [Peter: only limit for internal toolchain as suggested by Matthew] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--Config.in4
1 files changed, 4 insertions, 0 deletions
diff --git a/Config.in b/Config.in
index 42cdf7a..03e4eb3 100644
--- a/Config.in
+++ b/Config.in
@@ -812,6 +812,8 @@ config BR2_FORTIFY_SOURCE_NONE
config BR2_FORTIFY_SOURCE_1
bool "Conservative"
+ # gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
+ depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
help
This option sets _FORTIFY_SOURCE to 1 and only introduces
checks that shouldn't change the behavior of conforming
@@ -819,6 +821,8 @@ config BR2_FORTIFY_SOURCE_1
config BR2_FORTIFY_SOURCE_2
bool "Aggressive"
+ # gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
+ depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
help
This option sets _FORTIFY_SOURCES to 2 and some more
checking is added, but some conforming programs might fail.