diff options
author | Magnus Granberg <zorry@gentoo.org> | 2011-06-22 02:27:03 +0200 |
---|---|---|
committer | Magnus Granberg <zorry@gentoo.org> | 2011-06-22 02:27:03 +0200 |
commit | 64e6e9c8d2e7ad024b0defdf9f1698e1b7ec09f5 (patch) | |
tree | 9fa577e061bd79bdc9375a2eaa2dc77c2314af6b | |
parent | Added the configure.ac patch for upstream fist rev (diff) | |
download | hardened-gccpatchset-64e6e9c8d2e7ad024b0defdf9f1698e1b7ec09f5.tar.gz hardened-gccpatchset-64e6e9c8d2e7ad024b0defdf9f1698e1b7ec09f5.tar.bz2 hardened-gccpatchset-64e6e9c8d2e7ad024b0defdf9f1698e1b7ec09f5.zip |
Updated configure.ac patch for upstreem
-rw-r--r-- | upstream/configure.ac.patch | 138 |
1 files changed, 137 insertions, 1 deletions
diff --git a/upstream/configure.ac.patch b/upstream/configure.ac.patch index cfee97f..54cd876 100644 --- a/upstream/configure.ac.patch +++ b/upstream/configure.ac.patch @@ -1,7 +1,9 @@ -2011-04-27 Magnus Granberg <zorry@gentoo.org> +2011-06-22 Magnus Granberg <zorry@gentoo.org> * configure Add --enable-espf. Add -fno-stack-protector to stage1_cflags. + * gcc/configure.ac Add --enable-espf and checks for it. + --- a/configure.ac 2011-04-18 23:27:00.000000000 +0200 +++ b/configure.ac 2011-04-27 12:47:11.351473240 +0200 @@ -419,6 +419,25 @@ @@ -41,3 +43,137 @@ # This is aimed to mimic bootstrap with a non-GCC compiler to catch problems. if test "$GCC" = yes -a "$ENABLE_BUILD_WITH_CXX" != yes; then saved_CFLAGS="$CFLAGS" +--- a/gcc/configure.ac 2011-04-13 19:12:53.000000000 +0200 ++++ b/gcc/configure.ac 2011-06-21 02:51:23.602374686 +0200 +@@ -4515,6 +4515,131 @@ + AC_SUBST(MAINT)dnl + + # -------------- ++# Espf checks ++# -------------- ++ ++# Check whether --enable-espf was given and target have the support. ++AC_ARG_ENABLE([espf], ++[AS_HELP_STRING([--enable-espf], ++ [Enable Stack protector, Position independent executable and ++ Fortify_sources as default if we have suppot for it when compiling ++ and link with -z relro and -z now as default. ++ Linux targets supported x86_64])], ++ [case $espf in ++ yes | no) ;; ++ *) AC_MSG_ERROR(['$espf' is an invalid value for --enable-espf. ++Valid choices are 'yes' and 'no'.]) ;; ++ esac], ++ [set_espf_enable="$espf"]) ++if test $set_enable_espf = yes ; then ++ AC_MSG_CHECKING(if $target support espf) ++if test $set_enable_espf = yes ; then ++ case "$target" in ++ ?86-*-linux* | x86_64-*-linux*) ++ enable_espf=yes ++ AC_DEFINE(ENABLE_ESPF, 1, ++ [Define if your target support espf and you have enable it.]) ++ ;; ++ *) ++ enable_espf=no ++ ;; ++ esac ++else ++ enable_espf=no ++fi ++AC_MSG_RESULT($enable_espf) ++fi ++AC_SUBST([enable_espf]) ++if test $enable_espf = yes ; then ++ ++ AC_CACHE_CHECK(linker -z relro support, ++ gcc_cv_ld_relro, ++ [gcc_cv_ld_relro=no ++ if test $in_tree_ld = yes ; then ++ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \ ++ && test $in_tree_ld_is_elf = yes; then ++ gcc_cv_ld_relro=yes ++ fi ++ elif test x$gcc_cv_ld != x; then ++ # Check if linker supports -z relro options ++ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then ++ gcc_cv_ld_relro=yes ++ fi ++ fi ++ ]) ++ ++ AC_CACHE_CHECK(linker -z now support, ++ gcc_cv_ld_now, ++ [gcc_cv_ld_now=no ++ if test $in_tree_ld = yes ; then ++ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \ ++ && test $in_tree_ld_is_elf = yes; then ++ gcc_cv_ld_now=yes ++ fi ++ elif test x$gcc_cv_ld != x; then ++ # Check if linker supports -z now options ++ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then ++ gcc_cv_ld_now=yes ++ fi ++ fi ++ ]) ++ ++ # Check for -D_FORTIFY_SOURCES support in target C library ++ AC_CHECK_FUNC(__fortify_fail,[gcc_cv_libc_provides_fortify=yes], ++ [gcc_cv_libc_provides_fortify=no]) ++ ++ AC_MSG_CHECKING(if the compiler default to use -fPIE and link with -pie) ++ if test $set_enable_espf = yes && test x"$gcc_cv_ld_pie" = xyes; then ++ enable_espf_pie=yes ++ AC_DEFINE(ENABLE_ESPF_PIE, 1, ++ [Define if your compiler will default to use -fPIE and link with -pie.]) ++ else ++ enable_espf_pie=no ++ fi ++ AC_MSG_RESULT($enable_espf_pie) ++AC_MSG_CHECKING(if the compiler default to use -fstack-protector) ++ if test $set_enable_espf = yes && test x$gcc_cv_libc_provides_ssp = xyes \ ++ && test $set_have_as_tls = yes ; then ++ enable_espf_pie=yes ++ AC_DEFINE(ENABLE_ESPF_SSP, 1, ++ [Define if your compiler will default to use -fstack-protector.]) ++ else ++ enable_espf_pie=no ++ fi ++ AC_MSG_RESULT($enable_espf_ssp) ++ ++AC_MSG_CHECKING(if the compiler default to use -D_FORTIFY_SOURCES=2) ++ if test $set_enable_espf = yes && test x$gcc_cv_libc_provides_fortify = xyes; then ++ enable_espf_fortify=yes ++ AC_DEFINE(ENABLE_ESPF_FORTIFY, 1, ++ [Define if your compiler will default to use -D_FORTIFY_SOURCES=2.]) ++ else ++ enable_espf_fortify=no ++ fi ++ AC_MSG_RESULT($enable_espf_fortify) ++ ++ AC_MSG_CHECKING(if the compiler will pass -z relro to the linker) ++ if test $set_enable_espf = yes && test x$gcc_cv_ld_relro = xyes; then ++ enable_espf_relro=yes ++ AC_DEFINE(ENABLE_ESPF_RELRO, 1, ++ [Define if your compiler will pass -z relro to the linker.]) ++ else ++ enable_espf_relro=no ++ fi ++ AC_MSG_RESULT($enable_espf_relro) ++ ++ AC_MSG_CHECKING(if the compiler will pass -z now to the linker) ++ if test $set_enable_espf = yes && test x$gcc_cv_ld_now = xyes; then ++ enable_espf_now=yes ++ AC_DEFINE(ENABLE_ESPF_NOW, 1, ++ [Define if your compiler will pass -z now to the linker.]) ++ else ++ enable_espf_now=no ++ fi ++ AC_MSG_RESULT($enable_espf_now) ++fi ++ ++# -------------- + # Language hooks + # -------------- +
\ No newline at end of file |