From d6030cd898fb3f3bf06238216ef9e462da0bfe8c Mon Sep 17 00:00:00 2001
From: David Oberhollenzer <david.oberhollenzer@tele2.at>
Date: Sat, 20 Oct 2018 12:52:06 +0200
Subject: [PATCH] Replace gcc libssp with built musl builtins

Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
---
 pkg/musl/__stack_chk_fail_local.c |  2 ++
 pkg/musl/build                    |  7 +++++++
 pkg/tc-binutils/build             |  4 ----
 pkg/tc-gcc1/0003.patch            | 14 ++++++++++++++
 pkg/tc-gcc1/build                 |  6 ++----
 pkg/tc-gcc2/build                 | 14 ++------------
 6 files changed, 27 insertions(+), 20 deletions(-)
 create mode 100644 pkg/musl/__stack_chk_fail_local.c
 create mode 100644 pkg/tc-gcc1/0003.patch

diff --git a/pkg/musl/__stack_chk_fail_local.c b/pkg/musl/__stack_chk_fail_local.c
new file mode 100644
index 0000000..2b403a6
--- /dev/null
+++ b/pkg/musl/__stack_chk_fail_local.c
@@ -0,0 +1,2 @@
+extern void __stack_chk_fail(void);
+void __attribute__((visibility ("hidden"))) __stack_chk_fail_local(void) { __stack_chk_fail(); }
diff --git a/pkg/musl/build b/pkg/musl/build
index 991270f..6668890 100755
--- a/pkg/musl/build
+++ b/pkg/musl/build
@@ -16,6 +16,9 @@ build() {
 	if [ "x$TC_HARDENING" = "xyes" ]; then
 		cflags="-fPIE -fPIC -fstack-protector-all"
 		ldflags="-z noexecstack -z relro -z now"
+
+		${TARGET}-gcc -c "$SCRIPTDIR/pkg/$PKGNAME/__stack_chk_fail_local.c" -o __stack_chk_fail_local.o
+		${TARGET}-ar r libssp_nonshared.a __stack_chk_fail_local.o
 	fi
 
 	CFLAGS="$cflags" LDFLAGS="$ldflags" \
@@ -57,6 +60,10 @@ deploy() {
 
 	find "$DEPLOY/etc" -exec stat {} --printf="%n m %a 0 0\\n" \; | \
 		sed "s#^$DEPLOY/##g" | tail -n +2 >> "$DEPLOY/rootfs_files.txt"
+
+	if [ "x$TC_HARDENING" = "xyes" ]; then
+		cp libssp_nonshared.a "$DEPLOY/lib"
+	fi
 }
 
 check_update() {
diff --git a/pkg/tc-binutils/build b/pkg/tc-binutils/build
index 16714c1..c106783 100755
--- a/pkg/tc-binutils/build
+++ b/pkg/tc-binutils/build
@@ -12,10 +12,6 @@ prepare() {
 build() {
 	local extra=""
 
-	if [ "x$TC_HARDENING" = "xyes" ]; then
-		extra="--enable-libssp"
-	fi
-
 	$1/configure --prefix="$TCDIR" --target="$TARGET" --disable-nls \
 		     --with-sysroot="$TCDIR/$TARGET" --disable-multilib \
 		     --with-lib-path="$TCDIR/$TARGET/lib" $extra
diff --git a/pkg/tc-gcc1/0003.patch b/pkg/tc-gcc1/0003.patch
new file mode 100644
index 0000000..5a124fd
--- /dev/null
+++ b/pkg/tc-gcc1/0003.patch
@@ -0,0 +1,14 @@
+diff --git a/gcc/gcc.c b/gcc/gcc.c
+index a716f70..aca73c2 100644
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -869,8 +869,7 @@ proper position among the other output files.  */
+ 
+ #ifndef LINK_SSP_SPEC
+ #ifdef TARGET_LIBC_PROVIDES_SSP
+-#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
+-		       "|fstack-protector-strong|fstack-protector-explicit:}"
++#define LINK_SSP_SPEC "-lssp_nonshared"
+ #else
+ #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
+ 		       "|fstack-protector-strong|fstack-protector-explicit" \
diff --git a/pkg/tc-gcc1/build b/pkg/tc-gcc1/build
index 9a4340d..cfa8829 100755
--- a/pkg/tc-gcc1/build
+++ b/pkg/tc-gcc1/build
@@ -37,13 +37,11 @@ prepare() {
 }
 
 build() {
-	local extra=""
+	local extra="--disable-libssp"
 
 	if [ "x$TC_HARDENING" = "xyes" ]; then
-		extra="--enable-libssp --enable-default-pie"
+		extra="$extra --enable-default-pie"
 		extra="$extra --enable-default-ssp"
-	else
-		extra="--disable-libssp"
 	fi
 
 	$1/configure --prefix="$TCDIR" --target="$TARGET" \
diff --git a/pkg/tc-gcc2/build b/pkg/tc-gcc2/build
index 1577a0e..3cfa8e8 100755
--- a/pkg/tc-gcc2/build
+++ b/pkg/tc-gcc2/build
@@ -3,13 +3,11 @@ source "$SCRIPTDIR/pkg/tc-gcc1/build"
 DEPENDS="tc-gcc1 musl linux_headers"
 
 build() {
-	local extra=""
+	local extra="--disable-libssp"
 
 	if [ "x$TC_HARDENING" = "xyes" ]; then
-		extra="--enable-libssp --enable-default-pie"
+		extra="$extra --enable-default-pie"
 		extra="$extra --enable-default-ssp"
-	else
-		extra="--disable-libssp"
 	fi
 
 	$1/configure --prefix="$TCDIR" --target="$TARGET" \
@@ -53,12 +51,4 @@ deploy() {
 	mv ${TCDIR}/${TARGET}/{include,lib} "$DEPLOY"
 	rm ${DEPLOY}/lib/*.la
 	cp "$SCRIPTDIR/pkg/$PKGNAME/rootfs_files.txt" "$DEPLOY"
-
-	if [ "x$TC_HARDENING" = "xyes" ]; then
-		cat >> "$DEPLOY/rootfs_files.txt" <<_EOF
-lib/libssp.so m 777 0 0
-lib/libssp.so.0 m 777 0 0
-lib/libssp.so.0.0.0 m 555 0 0
-_EOF
-	fi
 }