r1147 - in trunk/BOOK: . chapter01 chapter04 chapter05 chapter06

robert at linuxfromscratch.org robert at linuxfromscratch.org
Mon Jun 11 03:37:16 PDT 2007


Author: robert
Date: 2007-06-11 04:37:16 -0600 (Mon, 11 Jun 2007)
New Revision: 1147

Modified:
   trunk/BOOK/chapter01/changelog.xml
   trunk/BOOK/chapter04/patches.xml
   trunk/BOOK/chapter05/cocoon-toolchain.xml
   trunk/BOOK/chapter06/butterfly-toolchain.xml
   trunk/BOOK/patches.ent
Log:
Added -fstack-protector-all and -fPIE GCC specs

Modified: trunk/BOOK/chapter01/changelog.xml
===================================================================
--- trunk/BOOK/chapter01/changelog.xml	2007-06-11 08:28:56 UTC (rev 1146)
+++ trunk/BOOK/chapter01/changelog.xml	2007-06-11 10:37:16 UTC (rev 1147)
@@ -52,6 +52,13 @@
       <para>June 11th, 2007</para>
       <itemizedlist>
         <listitem>
+          <para>[robert]: Added -fstack-protector-all and -fPIE GCC specs
+          patches.</para>
+        </listitem>
+        <listitem>
+          <para>[robert]: Added gcc-fortify_source specs patch.</para>
+        </listitem>
+        <listitem>
           <para>[robert]: Install the mkstemps(3) man page.</para>
         </listitem>
         <listitem>

Modified: trunk/BOOK/chapter04/patches.xml
===================================================================
--- trunk/BOOK/chapter04/patches.xml	2007-06-11 08:28:56 UTC (rev 1146)
+++ trunk/BOOK/chapter04/patches.xml	2007-06-11 10:37:16 UTC (rev 1147)
@@ -139,6 +139,30 @@
     </varlistentry>
 
     <varlistentry>
+      <term>GCC _FORTIFY_SOURCE Specs Patch - <token>&gcc-fortify_source-patch-size;</token>:</term>
+      <listitem>
+        <para>Download: <ulink url="&patches-root;&gcc-fortify_source-patch;"/></para>
+        <para>MD5 sum: <literal>&gcc-fortify_source-patch-md5;</literal></para>
+      </listitem>
+    </varlistentry>
+
+    <varlistentry role="aslr">
+      <term>GCC -fPIE Specs Patch - <token>&gcc-fpie-patch-size;</token>:</term>
+      <listitem>
+        <para>Download: <ulink url="&patches-root;&gcc-fpie-patch;"/></para>
+        <para>MD5 sum: <literal>&gcc-fpie-patch-md5;</literal></para>
+      </listitem>
+    </varlistentry>
+
+    <varlistentry role="ssp">
+      <term>GCC -fstack-protector-all Specs Patch - <token>&gcc-fstack_protector-patch-size;</token>:</term>
+      <listitem>
+        <para>Download: <ulink url="&patches-root;&gcc-fstack_protector-patch;"/></para>
+        <para>MD5 sum: <literal>&gcc-fstack_protector-patch-md5;</literal></para>
+      </listitem>
+    </varlistentry>
+
+    <varlistentry>
       <term>GCC __strncat_chk Patch - <token>&gcc-strncat_chk-patch-size;</token>:</term>
       <listitem>
         <para>Download: <ulink url="&patches-root;&gcc-strncat_chk-patch;"/></para>

Modified: trunk/BOOK/chapter05/cocoon-toolchain.xml
===================================================================
--- trunk/BOOK/chapter05/cocoon-toolchain.xml	2007-06-11 08:28:56 UTC (rev 1146)
+++ trunk/BOOK/chapter05/cocoon-toolchain.xml	2007-06-11 10:37:16 UTC (rev 1147)
@@ -93,6 +93,54 @@
 
 <screen><userinput>patch -Np1 -i ../&gcc-strncat_chk-patch;</userinput></screen>
 
+    <para>This next patch adds <parameter>-D_FORTIFY_SOURCE=2</parameter> to
+    the GCC specs file. This behavior can be reset by using
+    <parameter>-D_FORTIFY_SOURCE=?</parameter>, or disabled with
+    <parameter>-U_FORTIFY_SOURCE</parameter>, in <envar>CFLAGS</envar>. The
+    <parameter>-D_FORTIFY_SOURCE</parameter> option is a C preprocessor macro,
+    but the GCC documentation recommends adding it to <envar>CFLAGS</envar>,
+    instead of <envar>CPPFLAGS</envar>, unless there is a specific reason to
+    do otherwise. This patch also adds the <parameter>-O</parameter> option if
+    no other optimization option is used, because
+    <parameter>-D_FORTIFY_SOURCE</parameter> only works with optimization.
+    This patch is added at this stage so the toolchain in the next chapter
+    will be built with <parameter>-D_FORTIFY_SOURCE=2</parameter>. Apply this
+    patch with the following command:</para>
+
+<screen><userinput>patch -Np1 -i ../&gcc-fortify_source-patch;</userinput></screen>
+
+    <para role="ssp">The next patch adds <parameter>-fstack-protector-all</parameter>
+    and <parameter>-Wstack-protector</parameter> to GCC's default behaviour
+    for C, C++, ObjC, and ObjC++. This patch also reduces the minimum array
+    size for protection from 8 to 4 bytes, if
+    <parameter>-fstack-protector</parameter> is used. Additionally, this
+    patch fixes <filename>gcc/configure</filename> to detect libc support in
+    the C library regardless of where it is installed, but it depends on the
+    existance of the <filename class="libraryfile">libc.a</filename> library
+    file. This patch is added at this stage so the toolchain in the next
+    chapter will be built with <parameter>-fstack-protector-all</parameter>.
+    Apply this patch with the following command:</para>
+
+<screen role="ssp"><userinput>patch -Np1 -i ../&gcc-fstack_protector-patch;</userinput></screen>
+
+    <para role="aslr">This patch adds
+    <parameter>-fPIE -pie -Wl,-z,relro -Wl,-z,now -Wl,-z,combreloc</parameter>
+    to GCC's default behaviour for C, C++, ObjC, and ObjC++. The
+    <parameter>-fno-PIE -fPIC</parameter> options will be used if
+    <parameter>-shared</parameter>, <parameter>-nostdlib</parameter>, or
+    <parameter>-nostartfiles</parameter> options are used on GCC's command
+    line. Furthermore, <parameter>-fno-PIE -fno-PIE</parameter> will be
+    used if the <parameter>-static</parameter> or
+    <parameter>-D__KERNEL__</parameter> options are used. To disable the
+    new behaviour added by this patch use <parameter>-fno-PIE -nopie</parameter>
+    together. The <parameter>-norelro</parameter>,
+    <parameter>-nocombreloc</parameter>, and <parameter>-nonow</parameter>
+    options disable the other linking options. This patch is added at this
+    stage so the toolchain in the next chapter will be built with it. Apply
+    this patch with the following command:</para>
+
+<screen role="aslr"><userinput>patch -Np1 -i ../&gcc-fpie-patch;</userinput></screen>
+
 <screen condition="uclibc"><userinput>cd binutils-&binutils-version;/
 patch -Np1 -i ../../&binutils-uClibc_conf-patch;
 cd ../
@@ -107,173 +155,6 @@
 sed -e 's@/.:$$r@/.libs:$$r@' -e 's@/.:@/.libs:@' \
     Makefile.in.orig > Makefile.in</userinput></screen>
 
-    <para>We can change the default behavior of GCC to add various flags by
-    creating a hardened specs header file which redefines GCC spec strings. A
-    detailed summary of the GCC specs is available here: <ulink
-    url="http://developer.apple.com/documentation/developertools/gcc-4.0.1/gcc/Spec-Files.html"/>.</para>
-
-    <para><option>-fstack-protector</option> is passed when _LIBC_REENTRANT is
-    defined (libc does this). <option>-fstack-protector-all</option> is passed
-    on everything else, unless __KERNEL__ is defined (kernel and modules).
-    _FORTIFY_SOURCE only works with optimization, so if no optimization level
-    is set <option>-O</option> is added, unless <option>-D_FORTIFY_SOURCE</option>
-    or <option>D_LIBC_REENTRANT</option> is passed on the command line.
-    FORTIFY_SOURCE redefines functions in Glibc, so much of Glibc can not be built
-    with FORTIFY_SOURCE, hence the _LIBC_REENTRANT condition. These specs add
-    <option>-nonow</option> as an alias for <option>-z lazy</option> because
-    <option>-lazy</option> will not work due to <option>-l*</option> being a
-    library linking option. <option>-z lazy</option> is the vanilla behaviour,
-    <option>-z now</option> is the non-lazy counterpart.</para>
-
-    <variablelist>
-      <title>Flags to disable specific options:</title>
-
-      <varlistentry>
-        <term><parameter><option>-fno-pic -fno-PIC</option></parameter></term>
-        <listitem>
-          <para>This will disable '<command>gcc</command> <option>-fPIC</option>'.
-          If <option>-fpic</option> is used, this will be used instead of
-          <option>-fPIC</option>.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><parameter><option>-fno-pie -fno-PIE</option></parameter></term>
-        <listitem>
-          <para>This will disable '<command>gcc</command> <option>-fPIE</option>'.
-          If <option>-fpie</option> is used, this will be used instead of
-          <option>-fPIE</option>.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><parameter><option>-fno-stack-protector</option></parameter></term>
-        <listitem>
-          <para>This will disable '<command>gcc</command> <option>-fstack-protector-all</option>'.
-          If <option>-fstack-protector</option> is used, this will be used
-          instead of <option>-fstack-protector-all</option>.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><parameter><option>-D_FORTIFY_SOURCE=0</option></parameter></term>
-        <listitem>
-          <para>This will disable '<command>ccp</command> <option>-D_FORTIFY_SOURCE=2</option>'.
-          Any of the <option>-D_FORTIFY_SOURCE="?"</option> options
-          can also be used to redefine <option>-D_FORTIFY_SOURCE</option>.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><parameter><option>-O0</option></parameter></term>
-        <listitem>
-          <para>This will disable '<command>gcc</command> <option>-O</option>'
-          optimization needed by <option>-D_FORTIFY_SOURCE=0</option>.
-          Any of the <option>O"?"</option> options can be used to
-          redefine the optimization level.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><parameter><option>-nopie</option></parameter></term>
-        <listitem>
-          <para>This will disable '<command>ld</command> <option>-z pie</option>'
-          as well as disable the linking to <filename class="libraryfile">crtendS.o</filename>,
-          <filename class="libraryfile">Scrt1.o</filename>, and
-          <filename class="libraryfile">crtbeginS.o</filename>.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><parameter><option>-norelro</option></parameter></term>
-        <listitem>
-          <para>This will disable '<command>ld</command> <option>-z relro</option>'
-          and enable '<command>ld</command> <option>-z norelro</option>'.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><parameter><option>-nocombreloc</option></parameter></term>
-        <listitem>
-          <para>This will disable '<command>ld</command> <option>-z combreloc</option>'
-          and enable '<command>ld</command> <option>-z nocombreloc</option>'.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><parameter><option>-nonow</option></parameter></term>
-        <listitem>
-          <para>This will disable '<command>ld</command> <option>-z now</option>'
-          and enable '<command>ld</command> <option>-z lazy</option>'.</para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-
-    <para>The following file redefines GCC's default behaviour to add various
-    options:</para>
-
-<screen><?dbfo keep-together="auto"?><userinput>echo <literal>'#ifndef HARDENED_SPECS_H
-#define HARDENED_SPECS_H
-
-#if defined(__i386__) && defined(__linux__) && defined(__ELF__) \
-	&& defined(HAVE_LD_PIE) && defined(TARGET_LIBC_PROVIDES_SSP)
-
-#undef CPP_SPEC
-#define CPP_SPEC "%{posix:-D_POSIX_SOURCE} %{pthread:-D_REENTRANT} \
-	%{D_FORTIFY_SOURCE*|D_LIBC_REENTRANT:;:-D_FORTIFY_SOURCE=2}"
-
-#undef CC1_SPEC
-#define CC1_SPEC "%(cc1_cpu) %{profile:-p} \
-	%{D__KERNEL__|fpic|fPIC|fpie|fPIE|fno-pic|fno-PIC \
-	:;shared|nostdlib|nostartfiles:-fPIC} \
-	%{static|D__KERNEL__|fpic|fPIC|fpie|fPIE|fno-pie|fno-PIE| \
-	shared|nostdlib|nostartfiles:;:-fPIE} \
-	%{D__KERNEL__|fno-stack-protector|fstack-protector| \
-	fstack-protector-all:;D_LIBC_REENTRANT:-fstack-protector;: \
-	-fstack-protector-all} %{D_FORTIFY_SOURCE*|D_LIBC_REENTRANT|O*:;:-O}"
-
-#undef CC1PLUS_SPEC
-#define CC1PLUS_SPEC \
-	"%{D__KERNEL__|fpic|fPIC|fpie|fPIE|fno-pic|fno-PIC \
-	:;shared|nostdlib|nostartfiles:-fPIC} \
-	%{static|D__KERNEL__|fpic|fPIC|fpie|fPIE|fno-pie|fno-PIE| \
-	shared|nostdlib|nostartfiles:;:-fPIE} \
-	%{D__KERNEL__|fno-stack-protector|fstack-protector| \
-	fstack-protector-all:;D_LIBC_REENTRANT:-fstack-protector;: \
-	-fstack-protector-all} %{D_FORTIFY_SOURCE*|D_LIBC_REENTRANT|O*:;:-O}"
-
-#undef ENDFILE_SPEC
-#define ENDFILE_SPEC "%{ffast-math|funsafe-math-optimizations: \
-	crtfastmath.o%s} \
-	%{static|nopie:crtend.o%s;:crtendS.o%s} crtn.o%s"
-
-#undef STARTFILE_SPEC
-#define STARTFILE_SPEC "%{shared:;pg|p|profile:gcrt1.o%s; \
-	static|nopie:crt1.o%s;:Scrt1.o%s} crti.o%s \
-	%{static:crtbeginT.o%s;nopie:crtbegin.o%s;:crtbeginS.o%s}"
-
-#undef LINK_PIE_SPEC
-#define LINK_PIE_SPEC "%{pie:-pie} %{!static:%{!Bstatic: \
-	%{nonow:-z lazy;:-z now} %{norelro:-z norelro;:-z relro} \
-	%{nocombreloc:-z nocombreloc;:-z combreloc} \
-	%{shared|Bshareable|i|r|pie|nopie:;:-pie}}}"
-
-#else /* __i386__ && __linux__ && __ELF__ && HAVE_LD_PIE */
-#error "You are using an unsupported system. This header can not be used."
-#endif /* __i386__ && __linux__ && __ELF__ && HAVE_LD_PIE */
-#endif /* HARDENED_SPECS_H */'</literal> > gcc/hardened-specs.h</userinput></screen>
-
-    <para>This command includes the hardened-specs header in the right place:</para>
-
-<screen><userinput>cp -vi gcc/gcc.c{,.orig}
-sed '0,/.*config.h can define.*/s//#include "hardened-specs.h"\n&/' \
-    gcc/gcc.c.orig > gcc/gcc.c</userinput></screen>
-
-    <para>Make a copy this file so we can use it again in chapter 6:</para>
-
-<screen><userinput>cp -v gcc/hardened-specs.h /tools</userinput></screen>
-
     <para>Under normal circumstances the GCC fixincludes script is run in order
     to fix potentially broken header files. As GCC-&gcc-version; and libc have
     already been installed at this point, and their respective header files
@@ -286,48 +167,6 @@
 <screen><userinput>cp -vi gcc/Makefile.in{,.orig2}
 sed 's@\./fixinc\.sh at -c true@' gcc/Makefile.in.orig2 > gcc/Makefile.in</userinput></screen>
 
-    <para role="warnings">Although we don't use fixincludes we still build it.
-    This is the only place where using <parameter>--enable-werror-always</parameter>
-    will cause the build to fail due to a warning that
-    <filename>fixincl.x</filename> uses string constants longer than what the C
-    standard requires compilers to handle. This is somewhat fixed in GCC-4.2 with
-    the addition of the <option>-Wno-overlength-strings</option> compiler flag.
-    We can supress the <option>-Werror</option> flag for fixincludes with the
-    following <command>sed</command> command:</para>
-
-<screen role="warnings"><userinput>cp -vi fixincludes/Makefile.in{,.orig}
-sed 's/@WERROR@/-Wno-error/' fixincludes/Makefile.in.orig \
-    > fixincludes/Makefile.in</userinput></screen>
-
-    <para role="ssp">Don't build <filename
-    class="libraryfile">libssp.[a,so]</filename>
-    with <option>-fstack-protector[-all]</option>. This library won't be used but
-    will be built and installed:</para>
-
-<screen role="ssp"><userinput>cp -vi libssp/Makefile.in{,.orig}
-sed 's/^AM_CFLAGS =/& -fno-stack-protector/' \
-    libssp/Makefile.in.orig > libssp/Makefile.in</userinput></screen>
-
-    <para role="ssp">Don't build <filename
-    class="libraryfile">libgcc.[a,so]</filename>
-    with <option>-fstack-protector[-all]</option>.
-    <filename class="libraryfile">libgcc.a</filename> is often linked into other
-    static libraries and they will fail to resolve __stack_chk symbols:</para>
-
-<screen role="ssp"><userinput>cp -vi gcc/Makefile.in{,.orig3}
-sed 's/^LIBGCC2_CFLAGS =/& -fno-stack-protector/' \
-    gcc/Makefile.in.orig3 > gcc/Makefile.in</userinput></screen>
-
-    <para role="ssp">Don't build <filename
-    class="libraryfile">crtbegin[,S,T].o</filename>
-    or <filename class="libraryfile">crtend[,S].o</filename> files with
-    <option>-fstack-protector[-all]</option>. These libraries should be devoid
-    of dependencies (including the depenency to libc for SSP functions):</para>
-
-<screen role="ssp"><userinput>cp -vi gcc/Makefile.in{,.orig4}
-sed 's/^CRTSTUFF_CFLAGS =/& -fno-stack-protector/' \
-    gcc/Makefile.in.orig4 > gcc/Makefile.in</userinput></screen>
-
     <important>
       <para>The following two commands are critical in ensuring a successful
       build. Do not skip them.</para>
@@ -366,14 +205,14 @@
     --enable-shared --enable-threads=posix \
     --enable-__cxa_atexit --enable-languages=c,c++ \
     --with-lib-path=/tools/lib --disable-libstdcxx-pch \
-    --enable-checking --disable-werror</userinput></screen>
+    --enable-checking --enable-werror</userinput></screen>
 
 <screen condition="uclibc"><userinput>../cocoon-toolchain/configure --prefix=/tools \
     --with-local-prefix=/tools --enable-clocale \
     --enable-shared --enable-threads=posix \
     --enable-__cxa_atexit --enable-languages=c,c++ \
     --with-lib-path=/tools/lib --disable-libstdcxx-pch \
-    --enable-checking --disable-werror</userinput></screen>
+    --enable-checking --enable-werror</userinput></screen>
 
     <variablelist>
       <title>The meaning of the configure options:</title>
@@ -460,15 +299,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term><parameter>--disable-werror</parameter></term>
-        <listitem>
-         <para role="warnings">This switch disables the use of <option>-Werror</option>,
-          because <option>-D_FORTIFY_SOURCE</option> will cause a few
-          compiler warnings.</para>
-        </listitem>
-      </varlistentry>
-
     </variablelist>
 
     <para>Compile the toolchain:</para>

Modified: trunk/BOOK/chapter06/butterfly-toolchain.xml
===================================================================
--- trunk/BOOK/chapter06/butterfly-toolchain.xml	2007-06-11 08:28:56 UTC (rev 1146)
+++ trunk/BOOK/chapter06/butterfly-toolchain.xml	2007-06-11 10:37:16 UTC (rev 1147)
@@ -102,6 +102,18 @@
 
 <screen><userinput>patch -Np1 -i ../&gcc-strncat_chk-patch;</userinput></screen>
 
+    <para>Apply the <parameter>-D_FORTIFY_SOURCE=2</parameter> GCC specs patch:</para>
+
+<screen><userinput>patch -Np1 -i ../&gcc-fortify_source-patch;</userinput></screen>
+
+    <para role="ssp">Apply the <parameter>-fstack-protector-all</parameter> GCC specs patch:</para>
+
+<screen role="ssp"><userinput>patch -Np1 -i ../&gcc-fstack_protector-patch;</userinput></screen>
+
+    <para role="aslr">Apply the <parameter>-fPIE</parameter> patch:</para>
+
+<screen role="aslr"><userinput>patch -Np1 -i ../&gcc-fpie-patch;</userinput></screen>
+
     <para condition="uclibc">Apply these patches for uClibc support.
     The locale patch is needed even if you have disabled locale support:</para>
 
@@ -121,39 +133,6 @@
 
 <screen><userinput>sed -e 's@/.:$$r@/.libs:$$r@' -e 's@/.:@/.libs:@' -i.orig Makefile.in</userinput></screen>
 
-    <para>Copy over the <filename>hardened-specs.h</filename> file previously
-    installed to <filename class="directory">/tools</filename> from the
-    <xref linkend="ch-tools-cocoon-toolchain" role="."/>
-    page include it in <filename>gcc.c</filename>:</para>
-
-<screen><userinput>cp -v /tools/hardened-specs.h gcc/
-sed '0,/.*config.h can define.*/s//#include "hardened-specs.h"\n&/' \
-    -i.orig gcc/gcc.c</userinput></screen>
-
-    <para role="warnings">Disable the fixincludes script and -Werror option:</para>
-
-<screen role="warnings"><userinput>sed 's@\./fixinc\.sh at -c true@' -i.orig2 gcc/Makefile.in
-sed 's/@WERROR@/-Wno-error/' -i.orig fixincludes/Makefile.in</userinput></screen>
-
-    <para role="ssp">Disable <option>-fstack-protector[-all]</option> in
-    <filename class="libraryfile">libssp.[a,so]</filename>:</para>
-
-<screen role="ssp"><userinput>sed 's/^AM_CFLAGS =/& -fno-stack-protector/' \
-    -i.orig libssp/Makefile.in</userinput></screen>
-
-    <para role="ssp">Disable <option>-fstack-protector[-all]</option> in
-    <filename class="libraryfile">libgcc.[a,so]</filename>:</para>
-
-<screen role="ssp"><userinput>sed 's/^LIBGCC2_CFLAGS =/& -fno-stack-protector/' \
-    -i.orig3 gcc/Makefile.in</userinput></screen>
-
-    <para role="ssp">Disable <option>-fstack-protector[-all]</option> in
-    <filename class="libraryfile">crtbegin[,S,T].o</filename> and
-    <filename class="libraryfile">crtend[,S].o</filename>:</para>
-
-<screen role="ssp"><userinput>sed 's/^CRTSTUFF_CFLAGS =/& -fno-stack-protector/' \
-    -i.orig4 gcc/Makefile.in</userinput></screen>
-
     <para>The mudflap debugging feature included with GCC will normally
     allow a program to continue running during violations to give the
     user more information. The following command will change this

Modified: trunk/BOOK/patches.ent
===================================================================
--- trunk/BOOK/patches.ent	2007-06-11 08:28:56 UTC (rev 1146)
+++ trunk/BOOK/patches.ent	2007-06-11 10:37:16 UTC (rev 1147)
@@ -62,6 +62,18 @@
 <!ENTITY gcc-DW_CFA_val-patch-md5 "989a79a1ca1f2f52899164407cd6ac43">
 <!ENTITY gcc-DW_CFA_val-patch-size "28 KB">
 
+<!ENTITY gcc-fortify_source-patch "gcc-&gcc-version;-fortify_source-1.patch">
+<!ENTITY gcc-fortify_source-patch-md5 "7d4348448a2a8a71aaddc1dc7d35788a">
+<!ENTITY gcc-fortify_source-patch-size "4 KB">
+
+<!ENTITY gcc-fpie-patch "gcc-&gcc-version;-fpie-1.patch">
+<!ENTITY gcc-fpie-patch-md5 "f67a8ef1f41ad7b64280ef438201c96d">
+<!ENTITY gcc-fpie-patch-size "8 KB">
+
+<!ENTITY gcc-fstack_protector-patch "gcc-&gcc-version;-fstack_protector-1.patch">
+<!ENTITY gcc-fstack_protector-patch-md5 "2ad206de142daa136187a5ebcaf7d110">
+<!ENTITY gcc-fstack_protector-patch-size "12 KB">
+
 <!ENTITY gcc-strncat_chk-patch "gcc-&gcc-version;-strncat_chk-1.patch">
 <!ENTITY gcc-strncat_chk-patch-md5 "8516a1d45457db1148d669555cac60dc">
 <!ENTITY gcc-strncat_chk-patch-size "4 KB">




More information about the hlfs-book mailing list