]> git.ipfire.org Git - thirdparty/openwrt.git/commitdiff
projects / thirdparty / openwrt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6268692)
build: Add _FORTIFY_SOURCE=3 support 20313/head
authorHauke Mehrtens <hauke@hauke-m.de>
Sun, 5 Oct 2025 21:30:17 +0000 (23:30 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Sat, 25 Oct 2025 23:43:01 +0000 (01:43 +0200)
Add support for _FORTIFY_SOURCE level 3.

This is supported with glibc and with musl libc.

Link: https://github.com/openwrt/openwrt/pull/20313
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
config/Config-build.in patch | blob | blame | history
include/hardening.mk patch | blob | blame | history
toolchain/glibc/common.mk patch | blob | blame | history

diff --git a/config/Config-build.in b/config/Config-build.in
index 42b353ecf727ae7914c706ce170dc1d74f2838a6..2d08f4ccd2bdcc2edac4831d9e4ce1731d4a0e08 100644 (file)
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -358,9 +358,11 @@ menu "Global build settings"
                config PKG_FORTIFY_SOURCE_NONE
                        bool "None"
                config PKG_FORTIFY_SOURCE_1
-                       bool "Conservative"
+                       bool "Conservative Level 1"
                config PKG_FORTIFY_SOURCE_2
-                       bool "Aggressive"
+                       bool "Aggressive Level 2"
+               config PKG_FORTIFY_SOURCE_3
+                       bool "Aggressive Level 3"
        endchoice
 
        choice
diff --git a/include/hardening.mk b/include/hardening.mk
index 4a8874261b92c38d769813b511fd325580290528..a2be5eabd0d9c10e82ab88e57e1df1f3dde595c8 100644 (file)
--- a/include/hardening.mk
+++ b/include/hardening.mk
@@ -51,6 +51,11 @@ ifdef CONFIG_PKG_FORTIFY_SOURCE_2
     TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
   endif
 endif
+ifdef CONFIG_PKG_FORTIFY_SOURCE_3
+  ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
+    TARGET_CFLAGS += -D_FORTIFY_SOURCE=3
+  endif
+endif
 ifdef CONFIG_PKG_RELRO_PARTIAL
   ifeq ($(strip $(PKG_RELRO)),1)
     TARGET_CFLAGS += -Wl,-z,relro
diff --git a/toolchain/glibc/common.mk b/toolchain/glibc/common.mk
index 02906d34b210b46284fdedd03062b45a98d45658..25d5d66aca0ef20772d75cd0496e33b94d919695 100644 (file)
--- a/toolchain/glibc/common.mk
+++ b/toolchain/glibc/common.mk
@@ -68,6 +68,7 @@ GLIBC_CONFIGURE:= \
                  $(if $(CONFIG_PKG_RELRO_FULL),--enable-bind-now) \
                  $(if $(CONFIG_PKG_FORTIFY_SOURCE_1),--enable-fortify-source=1) \
                  $(if $(CONFIG_PKG_FORTIFY_SOURCE_2),--enable-fortify-source=2) \
+                 $(if $(CONFIG_PKG_FORTIFY_SOURCE_3),--enable-fortify-source=3) \
                --enable-kernel=6.6.0
 
 export libc_cv_ssp=no
Mirror of https://github.com/openwrt/openwrt.git