From 8063550d4e2a1b1adbc37dc696ed95fb95399991 Mon Sep 17 00:00:00 2001
From: David Oberhollenzer <david.oberhollenzer@tele2.at>
Date: Wed, 17 Oct 2018 00:39:37 +0200
Subject: [PATCH] Add libc agnostic fortify-headers package

Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
---
 pkg/fortify-headers/build | 24 ++++++++++++++++++++++++
 pkg/musl/build            |  2 +-
 pkg/tc-gcc1/0001.patch    | 13 +++++++++++++
 pkg/tc-gcc1/0002.patch    | 14 ++++++++++++++
 pkg/tc-gcc1/build         |  4 +++-
 5 files changed, 55 insertions(+), 2 deletions(-)
 create mode 100755 pkg/fortify-headers/build
 create mode 100644 pkg/tc-gcc1/0001.patch
 create mode 100644 pkg/tc-gcc1/0002.patch

diff --git a/pkg/fortify-headers/build b/pkg/fortify-headers/build
new file mode 100755
index 0000000..b23dbf7
--- /dev/null
+++ b/pkg/fortify-headers/build
@@ -0,0 +1,24 @@
+VERSION="1.0"
+SRCDIR="fortify-headers-$VERSION"
+TARBALL="$SRCDIR.tar.xz"
+URL="http://infraroot.at/pygos"
+SHA256SUM="992af871941317b75b5520485111da14dd1b785dcb45de86244b1f6476182696"
+DEPENDS="linux_headers"
+
+prepare() {
+	return
+}
+
+build() {
+	return
+}
+
+deploy() {
+	make -C "$1" PREFIX="" DESTDIR="$2" install
+}
+
+check_update() {
+	curl --silent -L "http://git.2f30.org/fortify-headers/refs.html" | \
+		grep -o "<td>[0-9.]\+</td>" | grep -o "[0-9.]*" | \
+		verson_find_greatest "$VERSION"
+}
diff --git a/pkg/musl/build b/pkg/musl/build
index 887296c..4461704 100755
--- a/pkg/musl/build
+++ b/pkg/musl/build
@@ -3,7 +3,7 @@ SRCDIR="musl-$VERSION"
 TARBALL="$SRCDIR.tar.gz"
 URL="https://www.musl-libc.org/releases"
 SHA256SUM="44be8771d0e6c6b5f82dd15662eb2957c9a3173a19a8b49966ac0542bbd40d61"
-DEPENDS="tc-gcc1 linux_headers"
+DEPENDS="tc-gcc1 linux_headers fortify-headers"
 
 prepare() {
 	return
diff --git a/pkg/tc-gcc1/0001.patch b/pkg/tc-gcc1/0001.patch
new file mode 100644
index 0000000..4f7712c
--- /dev/null
+++ b/pkg/tc-gcc1/0001.patch
@@ -0,0 +1,13 @@
+diff --git a/gcc/config/linux.h b/gcc/config/linux.h
+index 2ea4ff9..e10e0a5 100644
+--- a/gcc/config/linux.h
++++ b/gcc/config/linux.h
+@@ -154,6 +154,8 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
+ 
+ #ifdef NATIVE_SYSTEM_HEADER_DIR
+ #define INCLUDE_DEFAULTS_MUSL_NATIVE			\
++    { NATIVE_SYSTEM_HEADER_DIR "/fortify", 0, 0, 0, 1, 2 },	\
++    { NATIVE_SYSTEM_HEADER_DIR "/fortify", 0, 0, 0, 1, 0 },	\
+     { NATIVE_SYSTEM_HEADER_DIR, 0, 0, 0, 1, 2 },	\
+     { NATIVE_SYSTEM_HEADER_DIR, 0, 0, 0, 1, 0 },
+ #else
diff --git a/pkg/tc-gcc1/0002.patch b/pkg/tc-gcc1/0002.patch
new file mode 100644
index 0000000..7ee9077
--- /dev/null
+++ b/pkg/tc-gcc1/0002.patch
@@ -0,0 +1,14 @@
+diff --git a/gcc/c-family/c-cppbuiltin.c b/gcc/c-family/c-cppbuiltin.c
+index 3fc4fa9..2c502be 100644
+--- a/gcc/c-family/c-cppbuiltin.c
++++ b/gcc/c-family/c-cppbuiltin.c
+@@ -1342,6 +1342,9 @@ c_cpp_builtins (cpp_reader *pfile)
+   builtin_define_with_value ("__REGISTER_PREFIX__", REGISTER_PREFIX, 0);
+   builtin_define_with_value ("__USER_LABEL_PREFIX__", user_label_prefix, 0);
+ 
++  /* Fortify Source enabled by default w/optimization.  */
++  cpp_define (pfile, "_FORTIFY_SOURCE=((defined __OPTIMIZE__ && __OPTIMIZE__ > 0) ? 2 : 0)");
++
+   /* Misc.  */
+   if (flag_gnu89_inline)
+     cpp_define (pfile, "__GNUC_GNU_INLINE__");
diff --git a/pkg/tc-gcc1/build b/pkg/tc-gcc1/build
index ef947f1..812d779 100755
--- a/pkg/tc-gcc1/build
+++ b/pkg/tc-gcc1/build
@@ -3,9 +3,11 @@ SRCDIR="gcc-$VERSION"
 TARBALL="gcc-$VERSION.tar.xz"
 URL="http://ftp.gnu.org/gnu/gcc/gcc-$VERSION"
 SHA256SUM="196c3c04ba2613f893283977e6011b2345d1cd1af9abeac58e916b1aab3e0080"
-DEPENDS="tc-binutils tc-cloog tc-gmp tc-isl tc-mpc tc-mpfr linux_headers"
+DEPENDS="tc-binutils tc-cloog tc-gmp tc-isl tc-mpc tc-mpfr linux_headers fortify-headers"
 
 prepare() {
+	apply_patches
+
 	#
 	# XXX: if you ever add support for another 64 bit processor,
 	#      you need to patch this.