diff options
author | Magnus Granberg <zorry@gentoo.org> | 2014-01-04 14:16:55 +0100 |
---|---|---|
committer | Magnus Granberg <zorry@gentoo.org> | 2014-01-04 14:16:55 +0100 |
commit | b3e30af86b5440815c3b00974883f2fdd463466b (patch) | |
tree | a9ed9067daa360962c7078cc032195930aec0ae2 /upstream | |
parent | Update the doc for gcc4.9 upstream (diff) | |
download | hardened-gccpatchset-master.tar.gz hardened-gccpatchset-master.tar.bz2 hardened-gccpatchset-master.zip |
Diffstat (limited to 'upstream')
-rw-r--r-- | upstream/Makefile.patch | 29 | ||||
-rw-r--r-- | upstream/configure.ac.patch | 14 | ||||
-rw-r--r-- | upstream/gcc49_default_pie_doc.patch | 37 | ||||
-rw-r--r-- | upstream/gcc49_default_pie_main.patch | 13 | ||||
-rw-r--r-- | upstream/gcc_doc.patch | 8 | ||||
-rw-r--r-- | upstream/testsuite-espf-fortify.patch | 10 | ||||
-rw-r--r-- | upstream/testsuite-espf-piessp.patch | 16 |
7 files changed, 63 insertions, 64 deletions
diff --git a/upstream/Makefile.patch b/upstream/Makefile.patch index a116e5f..0e17143 100644 --- a/upstream/Makefile.patch +++ b/upstream/Makefile.patch @@ -38,23 +38,23 @@ INTERNAL_CFLAGS = -DIN_GCC @CROSS@ +# We don't want to compile the compiler with -fPIE, it make PCH fail. -+enable_espf = @enable_espf@ -+ifeq ($(enable_espf),yes) -+ESPF_NOPIE_CFLAGS = -fno-PIE ++enable_pie_default= @enable_pie_default@ ++ifeq ($(enable_pie_default),yes) ++PIE_DEFAULT_CFLAGS = -fno-PIE +else -+ESPF_NOPIE_CFLAGS= ++PIE_DEFAULT_CFLAGS= +endif + # This is the variable actually used when we compile. If you change this, # you probably want to update BUILD_CFLAGS in configure.ac -ALL_CFLAGS = $(T_CFLAGS) $(CFLAGS-$@) \ -+ALL_CFLAGS = $(ESPF_NOPIE_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) \ ++ALL_CFLAGS = $(PIE_DEFAULT_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) \ $(CFLAGS) $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(WARN_CFLAGS) @DEFS@ # The C++ version. -ALL_CXXFLAGS = $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) $(INTERNAL_CFLAGS) \ - $(COVERAGE_FLAGS) $(NOEXCEPTION_FLAGS) $(WARN_CXXFLAGS) @DEFS@ -+ALL_CXXFLAGS =$(ESPF_NOPIE_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) \ ++ALL_CXXFLAGS =$(PIE_DEFAULT_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) \ + $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(NOEXCEPTION_FLAGS) \ + $(WARN_CXXFLAGS) @DEFS@ @@ -64,7 +64,7 @@ echo GCC_CFLAGS = '$(GCC_CFLAGS)' >> tmp-libgcc.mvars echo INHIBIT_LIBC_CFLAGS = '$(INHIBIT_LIBC_CFLAGS)' >> tmp-libgcc.mvars echo TARGET_SYSTEM_ROOT = '$(TARGET_SYSTEM_ROOT)' >> tmp-libgcc.mvars -+ echo enable_espf = '$(enable_espf)' >> tmp-libgcc.mvars ++ echo enable_pie_default) = '$(enable_pie_default))' >> tmp-libgcc.mvars mv tmp-libgcc.mvars libgcc.mvars @@ -72,29 +72,30 @@ @if test "@enable_lto@" = "yes" ; then \ echo "set ENABLE_LTO 1" >> ./site.tmp; \ fi -+ @if test "@enable_espf@" = "yes" ; then \ -+ echo "set ENABLE_ESPF 1" >> ./site.tmp; \ ++ @if test "@enable_pie_default)@" = "yes" ; then \ ++ echo "set ENABLE_PIE_DEFAULT 1" >> ./site.tmp; \ + fi # If newlib has been configured, we need to pass -B to gcc so it can find # newlib's crt0.o if it exists. This will cause a "path prefix not used" # message if it doesn't, but the testsuite is supposed to ignore the message - --- a/libgcc/Makefile.in 2011-11-22 04:01:02.000000000 +0100 +++ b/libgcc/Makefile.in 2012-06-29 00:15:04.534016511 +0200 -@@ -275,11 +275,16 @@ override CFLAGS := $(filter-out -fprofil +@@ -275,11 +275,17 @@ override CFLAGS := $(filter-out -fprofil INTERNAL_CFLAGS = $(CFLAGS) $(LIBGCC2_CFLAGS) $(HOST_LIBGCC2_CFLAGS) \ $(INCLUDES) @set_have_cc_tls@ @set_use_emutls@ -+ifeq ($(enable_espf),yes) -+ESPF_NOPIE_CFLAGS = -fno-PIE ++We don't want to compile crt* with -fPIE. ++ifeq ($(enable_pie_default)),yes) ++PIE_DEFAULT_CFLAGS = -fno-PIE +else -+ESPF_NOPIE_CFLAGS= ++PIE_DEFAULT_CFLAGS= +endif # Options to use when compiling crtbegin/end. CRTSTUFF_CFLAGS = -O2 $(GCC_CFLAGS) $(INCLUDES) $(MULTILIB_CFLAGS) -g0 \ -finhibit-size-directive -fno-inline -fno-exceptions \ -fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \ - -fno-stack-protector \ -+ -fno-stack-protector $(ESPF_NOPIE_CFLAGS) \ ++ -fno-stack-protector $(PIE_DEFAULT_CFLAGS) \ $(INHIBIT_LIBC_CFLAGS) # Extra flags to use when compiling crt{begin,end}.o. diff --git a/upstream/configure.ac.patch b/upstream/configure.ac.patch index 2e39577..2537eeb 100644 --- a/upstream/configure.ac.patch +++ b/upstream/configure.ac.patch @@ -103,14 +103,14 @@ +AC_SUBST([enable_espf]) +if test $enable_espf = yes ; then + -+# Check for FORTIFY_SOURCES support in target C library. -+ AC_CACHE_CHECK(for _FORTIFY_SOURCES support in target C library, ++# Check for FORTIFY_SOURCE support in target C library. ++ AC_CACHE_CHECK(for _FORTIFY_SOURCE support in target C library, + gcc_cv_libc_provides_fortify, + [gcc_cv_libc_provides_fortify=no + case "$target" in + *-*-linux*) -+ [# glibc 2.8 and later provides _FORTIFY_SOURCES. -+ # uClibc 0.9.32 and later provides _FORTIFY_SOURCES. ++ [# glibc 2.8 and later provides _FORTIFY_SOURCE. ++ # uClibc 0.9.32 and later provides _FORTIFY_SOURCE. + if test -f $target_header_dir/features.h; then + if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \ + $target_header_dir/features.h > /dev/null \ @@ -195,12 +195,12 @@ + AC_MSG_RESULT([no]) + fi + -+ AC_MSG_CHECKING(if the compiler default to use -D_FORTIFY_SOURCES=2) ++ AC_MSG_CHECKING(if the compiler default to use -D_FORTIFY_SOURCE=2) + if test x$gcc_cv_libc_provides_fortify = xyes && test x$cross_compiling = xno ; then + saved_CFLAGS="$CFLAGS" + saved_CPPFLAGS="$CPPFLAGS" + CFLAGS="$CFLAGS -O2 -Werror" -+ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCES=2" ++ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" + AC_TRY_LINK([ + #include <sys/types.h> + #include <sys/stat.h> @@ -221,7 +221,7 @@ + fi + if test $enable_espf_fortify = yes ; then + AC_DEFINE(ENABLE_ESPF_FORTIFY, 1, -+ [Define if your compiler will default to use -D_FORTIFY_SOURCES=2.]) ++ [Define if your compiler will default to use -D_FORTIFY_SOURCE=2.]) + fi + +fi diff --git a/upstream/gcc49_default_pie_doc.patch b/upstream/gcc49_default_pie_doc.patch index d10c930..8e32035 100644 --- a/upstream/gcc49_default_pie_doc.patch +++ b/upstream/gcc49_default_pie_doc.patch @@ -1,40 +1,39 @@ --- a/gcc/doc/install.texi 2013-10-01 19:29:40.000000000 +0200 -+++ b/gcc/doc/install.texi 2013-11-09 15:40:20.831402110 +0100 -@@ -1421,6 +1421,11 @@ do a @samp{make -C gcc gnatlib_and_tools ++++ b/gcc/doc/install.texi 2013-11-17 16:13:20.474144921 +0100 +@@ -1421,6 +1421,10 @@ do a @samp{make -C gcc gnatlib_and_tools Specify that the run-time libraries for stack smashing protection should not be built. +@item --enable-default-pie -+We will turn on @option{-fPIE} and @option{-pie} as default when -+compileing and linking if the support is there. We only support -+i?86-*-linux* and x86-64-*-linux* as target for now. ++Turn on @option{-fPIE} and @option{-pie} by default if supported. ++Currently supported targets are i?86-*-linux* and x86-64-*-linux*. + @item --disable-libquadmath Specify that the GCC quad-precision math library should not be built. On some systems, the library is required to be linkable when building ---- a/gcc/doc/invoke.texi 2012-03-01 10:57:59.000000000 +0100 -+++ b/gcc/doc/invoke.texi 2012-07-30 00:57:03.766847851 +0200 -@@ -9457,6 +9480,12 @@ For predictable results, you must also s - that were used to generate code (@option{-fpie}, @option{-fPIE}, - or model suboptions) when you specify this option. +--- a/gcc/doc/invoke.texi 2013-10-03 19:13:50.000000000 +0200 ++++ b/gcc/doc/invoke.texi 2013-11-17 21:30:02.784220111 +0100 +@@ -10134,6 +10134,12 @@ For predictable results, you must also s + used for compilation (@option{-fpie}, @option{-fPIE}, + or model suboptions) when you specify this linker option. -+NOTE: With configure --enable-default-pie this option is enabled by default -+for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, @option{-fno-pie}, -+@option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, @option{-fno-pic}, -+@option{-nostdlib}, @option{-nostartfiles}, @option{-shared}, ++NOTE: With configure --enable-default-pie this option is enabled by default ++for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, @option{-fno-pie}, ++@option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, @option{-fno-pic}, ++@option{-nostdlib}, @option{-nostartfiles}, @option{-shared}, +@option{-nodefaultlibs}, nor @option{static} are found. + @item -rdynamic @opindex rdynamic Pass the flag @option{-export-dynamic} to the ELF linker, on targets -@@ -19125,6 +19154,12 @@ used during linking. +@@ -21371,6 +21377,12 @@ used during linking. @code{__pie__} and @code{__PIE__}. The macros have the value 1 for @option{-fpie} and 2 for @option{-fPIE}. -+NOTE: With configure --enable-default-pie this option is enabled by default -+for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, @option{-fno-pie}, -+@option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, @option{-fno-pic}, -+@option{-nostdlib}, @option{-nostartfiles}, @option{-shared}, ++NOTE: With configure --enable-default-pie this option is enabled by default ++for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, @option{-fno-pie}, ++@option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, @option{-fno-pic}, ++@option{-nostdlib}, @option{-nostartfiles}, @option{-shared}, +@option{-nodefaultlibs}, nor @option{static} are found. + @item -fno-jump-tables diff --git a/upstream/gcc49_default_pie_main.patch b/upstream/gcc49_default_pie_main.patch index 37eb527..8533a03 100644 --- a/upstream/gcc49_default_pie_main.patch +++ b/upstream/gcc49_default_pie_main.patch @@ -10,7 +10,7 @@ +#ifdef ENABLE_DEFAULT_PIE +#define PIE_DRIVER_SELF_SPECS \ +"%{pie|fpic|fPIC|fpie|fPIE|fno-pic|fno-PIC|fno-pie|fno-PIE| \ -+ shared|static|nostdlib|nostartfiles:;:-fPIE -pie}" ++ shared|static|nostdlib|nodefaultlibs|nostartfiles:;:-fPIE -pie}" +#else +#define PIE_DRIVER_SELF_SPECS "" +#endif @@ -31,19 +31,18 @@ +#endif --- a/gcc/configure.ac 2013-09-25 18:10:35.000000000 +0200 +++ b/gcc/configure.ac 2013-10-22 21:26:56.287602139 +0200 -@@ -5434,6 +5434,31 @@ if test x"${LINKER_HASH_STYLE}" != x; th +@@ -5434,6 +5434,30 @@ if test x"${LINKER_HASH_STYLE}" != x; th [The linker hash style]) fi +# Check whether --enable-default-pie was given and target have the support. +AC_ARG_ENABLE(default-pie, -+[AS_HELP_STRING([--enable-default-pie], [Enable Position independent executable as default. -+ If we have suppot for it when compiling and linking. -+ Linux targets supported i?86 and x86_64.])], ++[AS_HELP_STRING([--enable-default-pie], ++ [enable Position Independent Executable as default])], +enable_default_pie=$enableval, +enable_default_pie=no) +if test x$enable_default_pie = xyes; then -+ AC_MSG_CHECKING(if $target support to default with -fPIE and link with -pie as default) ++ AC_MSG_CHECKING(if $target supports default PIE) + enable_default_pie=no + case $target in + i?86*-*-linux* | x86_64*-*-linux*) @@ -56,7 +55,7 @@ +fi +if test x$enable_default_pie == xyes ; then + AC_DEFINE(ENABLE_DEFAULT_PIE, 1, -+ [Define if your target support default-pie and you have enable it.]) ++ [Define if your target supports default PIE and it is enabled.]) +fi +AC_SUBST([enable_default_pie]) + diff --git a/upstream/gcc_doc.patch b/upstream/gcc_doc.patch index c3e876b..92d727e 100644 --- a/upstream/gcc_doc.patch +++ b/upstream/gcc_doc.patch @@ -60,8 +60,8 @@ or model suboptions) when you specify this option. +@emph{Note:} (existing style). -+With @option{--enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}} this option is -+enabled by default for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, ++With @option{--enable-pie-default} this option is enabled by default ++for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, +@option{-fno-pie}, @option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, +@option{-fno-pic}, @option{-nostdlib}, @option{-nostartfiles}, +@option{-shared}, @option{-nodefaultlibs}, nor @option{-static} are found. @@ -74,8 +74,8 @@ for @option{-fpie} and 2 for @option{-fPIE}. +@emph{Note:} (existing style). -+With @option{--enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}} this option is -+enabled by default for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, ++With @option{--enable-pie-default} this option is enabled by default ++for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, +@option{-fno-pie}, @option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, +@option{-fno-pic}, @option{-nostdlib}, @option{-nostartfiles}, +@option{-shared}, @option{-nodefaultlibs}, nor @option{-static} are found. diff --git a/upstream/testsuite-espf-fortify.patch b/upstream/testsuite-espf-fortify.patch index 82456cc..ec098e3 100644 --- a/upstream/testsuite-espf-fortify.patch +++ b/upstream/testsuite-espf-fortify.patch @@ -4,12 +4,12 @@ return [info exists ENABLE_LTO] } -+# Return 1 if the compiler has been configure with espf -+# (configure --enable-espf=(all|ssp|pie)) support. ++# Return 1 if the compiler has been configure with pie-default ++# (configure --enable-pie-default) support. + -+proc check_effective_target_espf { } { -+ global ENABLE_ESPF -+ return [info exists ENABLE_ESPF] ++proc check_effective_target_pie { } { ++ global ENABLE_PIE_DEFAULT ++ return [info exists ENABLE_PIE_DEFAULT] +} + # Return 1 if this target supports the -fsplit-stack option, 0 diff --git a/upstream/testsuite-espf-piessp.patch b/upstream/testsuite-espf-piessp.patch index 8991a69..000f683 100644 --- a/upstream/testsuite-espf-piessp.patch +++ b/upstream/testsuite-espf-piessp.patch @@ -4,7 +4,7 @@ /* { dg-do run } */ /* { dg-require-profiling "-p" } */ /* { dg-options "-O2 -p" } */ -+/* { dg-additional-options "-fno-PIE" { target espf } } */ ++/* { dg-additional-options "-fno-PIE" { target pie } } */ /* { dg-options "-O2 -p -static" { target hppa*-*-hpux* } } */ /* { dg-error "profiler" "No profiler support" { target xstormy16-*-* } 0 } */ /* { dg-message "" "consider using `-pg' instead of `-p' with gprof(1)" { target *-*-freebsd* } 0 } */ @@ -14,7 +14,7 @@ /* { dg-require-profiling "-pg" } */ /* { dg-options "-O2 -pg" } */ /* { dg-options "-O2 -pg -static" { target hppa*-*-hpux* } } */ -+/* { dg-additional-options "-fno-PIE" { target espf } } */ ++/* { dg-additional-options "-fno-PIE" { target pie } } */ /* { dg-error "profiler" "No profiler support" { target xstormy16-*-* } 0 } */ extern void abort (void); @@ -24,7 +24,7 @@ /* { dg-do run } */ /* { dg-options "-pg" } */ /* { dg-options "-pg -static" { target hppa*-*-hpux* } } */ -+/* { dg-additional-options "-fno-PIE" { target espf } } */ ++/* { dg-additional-options "-fno-PIE" { target pie } } */ /* { dg-require-profiling "-pg" } */ extern void abort(void); @@ -34,7 +34,7 @@ /* { dg-options "-O2 -pg" } */ /* { dg-options "-O2 -pg -mtune=core2" { target { i?86-*-* x86_64-*-* } } } */ /* { dg-options "-O2 -pg -static" { target hppa*-*-hpux* } } */ -+/* { dg-additional-options "-fno-PIE" { target espf } } */ ++/* { dg-additional-options "-fno-PIE" { target pie } } */ extern void abort (void); @@ -44,7 +44,7 @@ /* { dg-require-profiling "-pg" } */ /* { dg-options "-O2 -pg" } */ /* { dg-options "-O2 -pg -static" { target hppa*-*-hpux* } } */ -+/* { dg-additional-options "-fno-PIE" { target espf } } */ ++/* { dg-additional-options "-fno-PIE" { target pie } } */ extern char *strdup (const char *); @@ -54,7 +54,7 @@ defined for executables as well as shared libraries. */ /* { dg-skip-if "" { *-*-darwin* hppa*64*-*-* mips*-*-linux* mips*-*-irix* *-*-mingw* } { "*" } { "" } } */ /* { dg-options "-O2 -fno-common -fdump-tree-optimized" } */ -+/* { dg-skip-if "" { espf } { "*" } { "" } } */ */ ++/* { dg-skip-if "" { pie } { "*" } { "" } } */ */ const int conststaticvariable; @@ -82,7 +82,7 @@ // PR c++/34094 // { dg-do link { target { ! { *-*-darwin* *-*-hpux* *-*-solaris2.* alpha*-dec-osf* mips-sgi-irix* } } } } // { dg-options "-g" } -+// { dg-additional-options "-fno-PIE" { target espf } } ++// { dg-additional-options "-fno-PIE" { target pie } } namespace { struct c @@ -92,7 +92,7 @@ // { dg-require-profiling "-pg" } // { dg-options "-pg" } // { dg-options "-pg -static" { target hppa*-*-hpux* } } -+// { dg-additional-options "-fno-PIE" { target espf } } ++// { dg-additional-options "-fno-PIE" { target pie } } // GROUPS passed profiling #include <stdio.h> main() |