[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 10/13] gnu: Add fortify-headers.

From: ng0
Subject: [PATCH 10/13] gnu: Add fortify-headers.
Date: Mon, 9 Jan 2017 20:21:22 +0000

* gnu/packages/suckless.scm (fortify-headers): New variable.
 gnu/packages/suckless.scm | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/gnu/packages/suckless.scm b/gnu/packages/suckless.scm
index afbd8ccd6..e160273e3 100644
--- a/gnu/packages/suckless.scm
+++ b/gnu/packages/suckless.scm
@@ -497,3 +497,44 @@ factorisation, but you can force its output.
 You can adjust the number of decimals with the @code{SCALE}
 environment variable.")
     (license license:wtfpl)))
+(define-public fortify-headers
+  (package
+    (name "fortify-headers")
+    (version "0.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "";
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1cacdczpjb49c4i1168g541wnl3i3gbpv2m2wbnmw5wddlyhgkdg"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (home-page "";)
+    (synopsis "Standalone fortify-source implementation")
+    (description
+     "This is a standalone implementation of fortify source.  It provides
+compile time buffer checks.  It is libc-agnostic and simply overlays the
+system headers by using the @code{#include_next} extension found in GCC.  It 
+initially intended to be used on musl based Linux distributions.
address@hidden It is portable, works on *BSD, Linux, Solaris and possibly 
address@hidden It will only trap non-conformant programs.  This means that 
+  level 2 is treated in the same way as level 1.
address@hidden Avoids making function calls when undefined behaviour has 
already been
+  invoked.  This is handled by using __builtin_trap().
address@hidden Support for out-of-bounds read interfaces, such as send(), 
+  fwrite() etc.
address@hidden No ABI is enforced.  All of the fortify check functions are 
+  into the resulting binary.
address@hidden itemize\n")
+    (license license:isc)))

reply via email to

[Prev in Thread] Current Thread [Next in Thread]