From 6f535f866ae37e2ab5ea481426ad2317fe8b6e21 Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Mon, 2 Oct 2017 14:43:44 +0100
Subject: [PATCH] kernel: Enable FORTIFY_SOURCE for 4.13 kernels

This new feature was disabled by default, enable it as it seems
sensible to have. From the documentation:
  Detect overflows of buffers in common string and memory functions
  where the compiler can determine and validate the buffer sizes.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 kernel/kernel_config-4.13.x-aarch64 | 2 +-
 kernel/kernel_config-4.13.x-x86_64  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/kernel_config-4.13.x-aarch64 b/kernel/kernel_config-4.13.x-aarch64
index 88f6571ec..2c7df0eae 100644
--- a/kernel/kernel_config-4.13.x-aarch64
+++ b/kernel/kernel_config-4.13.x-aarch64
@@ -3864,7 +3864,7 @@ CONFIG_SECURITY_PATH=y
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
-# CONFIG_FORTIFY_SOURCE is not set
+CONFIG_FORTIFY_SOURCE=y
 CONFIG_STATIC_USERMODEHELPER=y
 CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
 # CONFIG_SECURITY_SELINUX is not set
diff --git a/kernel/kernel_config-4.13.x-x86_64 b/kernel/kernel_config-4.13.x-x86_64
index c096cfa1b..aa930368f 100644
--- a/kernel/kernel_config-4.13.x-x86_64
+++ b/kernel/kernel_config-4.13.x-x86_64
@@ -3817,7 +3817,7 @@ CONFIG_SECURITY_PATH=y
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
-# CONFIG_FORTIFY_SOURCE is not set
+CONFIG_FORTIFY_SOURCE=y
 CONFIG_STATIC_USERMODEHELPER=y
 CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
 # CONFIG_SECURITY_SELINUX is not set