diff options
| author | ng0 <ng0@libertad.pw> | 2017-01-12 00:39:31 +0000 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2017-01-13 14:13:04 -0500 |
| commit | e3c101eb95753d780a6fa2232ad9331f6afc0030 (patch) | |
| tree | d8197b5399e761f7c0a7568c5a303b68376058b3 | |
| parent | 73aca00d53a5d810496b1f9910d98a45d3255dfe (diff) | |
| download | guix-e3c101eb95753d780a6fa2232ad9331f6afc0030.tar.gz guix-e3c101eb95753d780a6fa2232ad9331f6afc0030.zip | |
gnu: Add fortify-headers.
* gnu/packages/suckless.scm (fortify-headers): New variable.
Signed-off-by: Leo Famulari <leo@famulari.name>
| -rw-r--r-- | gnu/packages/suckless.scm | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/gnu/packages/suckless.scm b/gnu/packages/suckless.scm index 2f22f300d2..5ef640b70e 100644 --- a/gnu/packages/suckless.scm +++ b/gnu/packages/suckless.scm @@ -503,3 +503,44 @@ factorisation, but you can force its output. You can adjust the number of decimals with the @code{SCALE} environment variable.") (license license:wtfpl2)))) + +(define-public fortify-headers + (package + (name "fortify-headers") + (version "0.8") + (source + (origin + (method url-fetch) + (uri (string-append "http://dl.2f30.org/releases/" + name "-" version ".tar.gz")) + (sha256 + (base32 + "1cacdczpjb49c4i1168g541wnl3i3gbpv2m2wbnmw5wddlyhgkdg")))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; No tests + #:make-flags (list "CC=gcc" + (string-append "PREFIX=" %output)) + #:phases + (modify-phases %standard-phases + (delete 'configure)))) ; No configure script + (home-page "http://git.2f30.org/fortify-headers/") + (synopsis "Standalone fortify-source implementation") + (description + "This is a standalone implementation of fortify source. It provides +compile time buffer checks. It is libc-agnostic and simply overlays the +system headers by using the @code{#include_next} extension found in GCC. It was +initially intended to be used on musl based Linux distributions. + +@itemize +@item It is portable, works on *BSD, Linux, Solaris and possibly others. +@item It will only trap non-conformant programs. This means that fortify + level 2 is treated in the same way as level 1. +@item Avoids making function calls when undefined behaviour has already been + invoked. This is handled by using __builtin_trap(). +@item Support for out-of-bounds read interfaces, such as send(), write(), + fwrite() etc. +@item No ABI is enforced. All of the fortify check functions are inlined + into the resulting binary. +@end itemize\n") + (license license:isc))) |