r1591 - in trunk/BOOK: . chapter01 chapter03 chapter05 chapter06

robert Mon, 15 Nov 2010 21:36:51 -0800

Author: robert
Date: 2010-11-15 22:34:54 -0700 (Mon, 15 Nov 2010)
New Revision: 1591


Modified:
   trunk/BOOK/chapter01/changelog.xml
   trunk/BOOK/chapter03/patches.xml
   trunk/BOOK/chapter05/gcc-pass2.xml
   trunk/BOOK/chapter06/gcc.xml
   trunk/BOOK/general.ent
   trunk/BOOK/packages.ent
   trunk/BOOK/patches.ent
Log:
Patch GCC for -D_FORTIFY_SOURCE=2, -fPIE -pie, and -fstack-protector-all. 
Upgraded to tcl8.5.9. tcl8.5.8 produces a buffer overflow (on i686) from 
tclsh8.5 strcpy() when built with -D_FORTIFY_SOURCE=2.

Modified: trunk/BOOK/chapter01/changelog.xml
===================================================================
--- trunk/BOOK/chapter01/changelog.xml  2010-11-15 05:30:55 UTC (rev 1590)
+++ trunk/BOOK/chapter01/changelog.xml  2010-11-16 05:34:54 UTC (rev 1591)
@@ -36,7 +36,21 @@
     </listitem>
 
 -->
+
     <listitem>
+      <para>2010-11-15</para>
+      <itemizedlist>
+        <listitem>
+          <para>[robert] - Patch GCC for -D_FORTIFY_SOURCE=2, -fPIE -pie, and
+          -fstack-protector-all. Upgraded to tcl8.5.9. tcl8.5.8 produces a
+          buffer overflow (on i686) from tclsh8.5 strcpy() when built with
+          -D_FORTIFY_SOURCE=2.
+          </para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>2010-11-14</para>
       <itemizedlist>
         <listitem>

Modified: trunk/BOOK/chapter03/patches.xml
===================================================================
--- trunk/BOOK/chapter03/patches.xml    2010-11-15 05:30:55 UTC (rev 1590)
+++ trunk/BOOK/chapter03/patches.xml    2010-11-16 05:34:54 UTC (rev 1591)
@@ -83,6 +83,30 @@
     </varlistentry>
 
     <varlistentry>
+      <term>GCC -D_FORTIFY_SOURCE=2 Patch - 
<token>&gcc-fortify_source-patch-size;</token>:</term>
+      <listitem>
+        <para>Download: <ulink 
url="&patches-root;&gcc-fortify_source-patch;"/></para>
+        <para>MD5 sum: <literal>&gcc-fortify_source-patch-md5;</literal></para>
+      </listitem>
+    </varlistentry>
+
+    <varlistentry>
+      <term>GCC -fPIE -pie Patch - <token>&gcc-fpie-patch-size;</token>:</term>
+      <listitem>
+        <para>Download: <ulink url="&patches-root;&gcc-fpie-patch;"/></para>
+        <para>MD5 sum: <literal>&gcc-fpie-patch-md5;</literal></para>
+      </listitem>                     
+    </varlistentry>
+
+   <varlistentry>
+      <term>GCC -fstack-protector-all Patch - 
<token>&gcc-fstack_protector-patch-size;</token>:</term>
+      <listitem>
+        <para>Download: <ulink 
url="&patches-root;&gcc-fstack_protector-patch;"/></para>
+        <para>MD5 sum: 
<literal>&gcc-fstack_protector-patch-md5;</literal></para>
+      </listitem>
+    </varlistentry>
+
+    <varlistentry>
       <term>GCC Startfiles Fix Patch - 
<token>&gcc-startfiles-patch-size;</token>:</term>
       <listitem>
         <para>Download: <ulink 
url="&patches-root;&gcc-startfiles-patch;"/></para>

Modified: trunk/BOOK/chapter05/gcc-pass2.xml
===================================================================
--- trunk/BOOK/chapter05/gcc-pass2.xml  2010-11-15 05:30:55 UTC (rev 1590)
+++ trunk/BOOK/chapter05/gcc-pass2.xml  2010-11-16 05:34:54 UTC (rev 1591)
@@ -128,6 +128,14 @@
   ;;
 esac</userinput></screen>
 
+    <para>Patch GCC to add <option>-D_FORTIFY_SOURCE=2</option>,
+    <option>-fPIE</option> <option>-pie</option>, 
<option>-fstack-protector-all</option>,
+    and <option>--param=ssp-buffer-size=4</option> by default:</para>
+
+<screen><userinput remap="pre">patch -Np1 -i ../&gcc-fortify_source-patch;
+patch -Np1 -i ../&gcc-fpie-patch;
+patch -Np1 -i ../&gcc-fstack_protector-patch;</userinput></screen>
+
     <para>As in the first build of GCC it requires the GMP, MPFR and MPC
     packages. Unpack the tarballs and move them into the required directory
     names:</para>

Modified: trunk/BOOK/chapter06/gcc.xml
===================================================================
--- trunk/BOOK/chapter06/gcc.xml        2010-11-15 05:30:55 UTC (rev 1590)
+++ trunk/BOOK/chapter06/gcc.xml        2010-11-16 05:34:54 UTC (rev 1591)
@@ -66,6 +66,14 @@
 
 <screen><userinput remap="pre">sed -i 's...@\./fixinc\...@-c true@' 
gcc/Makefile.in</userinput></screen>
 
+    <para>Patch GCC to add <option>-D_FORTIFY_SOURCE=2</option>,
+    <option>-fPIE</option> <option>-pie</option>, 
<option>-fstack-protector-all</option>,
+    and <option>--param=ssp-buffer-size=4</option> by default:</para>
+
+<screen><userinput remap="pre">patch -Np1 -i ../&gcc-fortify_source-patch;
+patch -Np1 -i ../&gcc-fpie-patch;
+patch -Np1 -i ../&gcc-fstack_protector-patch;</userinput></screen>
+
     <para>The GCC documentation recommends building GCC outside of the source
     directory in a dedicated build directory:</para>
 

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent      2010-11-15 05:30:55 UTC (rev 1590)
+++ trunk/BOOK/general.ent      2010-11-16 05:34:54 UTC (rev 1591)
@@ -1,5 +1,5 @@
-<!ENTITY version "SVN-20101114">
-<!ENTITY releasedate "November 14, 2010">
+<!ENTITY version "SVN-20101115">
+<!ENTITY releasedate "November 15, 2010">
 <!ENTITY copyrightdate "1999-2010"><!-- jhalfs needs a literal dash, not 
&ndash; -->
 <!ENTITY milestone "1.0">
 <!ENTITY generic-version "development"> <!-- Use "development", "testing", or 
"x.y[-pre{x}]" -->

Modified: trunk/BOOK/packages.ent
===================================================================
--- trunk/BOOK/packages.ent     2010-11-15 05:30:55 UTC (rev 1590)
+++ trunk/BOOK/packages.ent     2010-11-16 05:34:54 UTC (rev 1591)
@@ -495,11 +495,11 @@
 <!ENTITY tar-ch6-du "21.2 MB">
 <!ENTITY tar-ch6-sbu "1.9 SBU">
 
-<!ENTITY tcl-version "8.5.8">
+<!ENTITY tcl-version "8.5.9">
 <!ENTITY tcl-major-version "8.5">
-<!ENTITY tcl-size "4,348 KB">
+<!ENTITY tcl-size "4,365 KB">
 <!ENTITY tcl-url "&sourceforge;tcl/tcl&tcl-version;-src.tar.gz">
-<!ENTITY tcl-md5 "7f123e53b3daaaba2478d3af5a0752e3">
+<!ENTITY tcl-md5 "8512d8db3233041dd68a81476906012a">
 <!ENTITY tcl-home "http://tcl.sourceforge.net/";>
 <!ENTITY tcl-ch5-du "32 MB">
 <!ENTITY tcl-ch5-sbu "0.5 SBU">

Modified: trunk/BOOK/patches.ent
===================================================================
--- trunk/BOOK/patches.ent      2010-11-15 05:30:55 UTC (rev 1590)
+++ trunk/BOOK/patches.ent      2010-11-16 05:34:54 UTC (rev 1591)
@@ -43,7 +43,18 @@
 <!ENTITY flex-gcc-patch-md5 "ad9109820534278c6dd0898178c0788f">
 <!ENTITY flex-gcc-patch-size "1 KB">
 
+<!ENTITY gcc-fortify_source-patch "gcc-&gcc-version;-fortify_source-1.patch">
+<!ENTITY gcc-fortify_source-patch-md5 "8331ab81cc53aa3f07672d3436cd412f">
+<!ENTITY gcc-fortify_source-patch-size "4.2 KB">
 
+<!ENTITY gcc-fpie-patch "gcc-&gcc-version;-fpie-1.patch">
+<!ENTITY gcc-fpie-patch-md5 "fba3e0087f615a557663f199e614a77a">
+<!ENTITY gcc-fpie-patch-size "4.7 KB">
+
+<!ENTITY gcc-fstack_protector-patch 
"gcc-&gcc-version;-fstack_protector-1.patch">
+<!ENTITY gcc-fstack_protector-patch-md5 "d8148d2b0d807d24ec485a4603029ab7">
+<!ENTITY gcc-fstack_protector-patch-size "3.1 KB">
+
 <!ENTITY gcc-startfiles-patch "gcc-&gcc-version;-startfiles_fix-1.patch">
 <!ENTITY gcc-startfiles-patch-md5 "799ef1971350d2e3c794f2123f247cc6">
 <!ENTITY gcc-startfiles-patch-size "1.5 KB">

-- 
http://linuxfromscratch.org/mailman/listinfo/hlfs-book
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

r1591 - in trunk/BOOK: . chapter01 chapter03 chapter05 chapter06

Reply via email to