aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMagnus Granberg <zorry@gentoo.org>2011-06-22 02:27:03 +0200
committerMagnus Granberg <zorry@gentoo.org>2011-06-22 02:27:03 +0200
commit64e6e9c8d2e7ad024b0defdf9f1698e1b7ec09f5 (patch)
tree9fa577e061bd79bdc9375a2eaa2dc77c2314af6b
parentAdded the configure.ac patch for upstream fist rev (diff)
downloadhardened-gccpatchset-64e6e9c8d2e7ad024b0defdf9f1698e1b7ec09f5.tar.gz
hardened-gccpatchset-64e6e9c8d2e7ad024b0defdf9f1698e1b7ec09f5.tar.bz2
hardened-gccpatchset-64e6e9c8d2e7ad024b0defdf9f1698e1b7ec09f5.zip
Updated configure.ac patch for upstreem
-rw-r--r--upstream/configure.ac.patch138
1 files changed, 137 insertions, 1 deletions
diff --git a/upstream/configure.ac.patch b/upstream/configure.ac.patch
index cfee97f..54cd876 100644
--- a/upstream/configure.ac.patch
+++ b/upstream/configure.ac.patch
@@ -1,7 +1,9 @@
-2011-04-27 Magnus Granberg <zorry@gentoo.org>
+2011-06-22 Magnus Granberg <zorry@gentoo.org>
* configure Add --enable-espf. Add -fno-stack-protector
to stage1_cflags.
+ * gcc/configure.ac Add --enable-espf and checks for it.
+
--- a/configure.ac 2011-04-18 23:27:00.000000000 +0200
+++ b/configure.ac 2011-04-27 12:47:11.351473240 +0200
@@ -419,6 +419,25 @@
@@ -41,3 +43,137 @@
# This is aimed to mimic bootstrap with a non-GCC compiler to catch problems.
if test "$GCC" = yes -a "$ENABLE_BUILD_WITH_CXX" != yes; then
saved_CFLAGS="$CFLAGS"
+--- a/gcc/configure.ac 2011-04-13 19:12:53.000000000 +0200
++++ b/gcc/configure.ac 2011-06-21 02:51:23.602374686 +0200
+@@ -4515,6 +4515,131 @@
+ AC_SUBST(MAINT)dnl
+
+ # --------------
++# Espf checks
++# --------------
++
++# Check whether --enable-espf was given and target have the support.
++AC_ARG_ENABLE([espf],
++[AS_HELP_STRING([--enable-espf],
++ [Enable Stack protector, Position independent executable and
++ Fortify_sources as default if we have suppot for it when compiling
++ and link with -z relro and -z now as default.
++ Linux targets supported x86_64])],
++ [case $espf in
++ yes | no) ;;
++ *) AC_MSG_ERROR(['$espf' is an invalid value for --enable-espf.
++Valid choices are 'yes' and 'no'.]) ;;
++ esac],
++ [set_espf_enable="$espf"])
++if test $set_enable_espf = yes ; then
++ AC_MSG_CHECKING(if $target support espf)
++if test $set_enable_espf = yes ; then
++ case "$target" in
++ ?86-*-linux* | x86_64-*-linux*)
++ enable_espf=yes
++ AC_DEFINE(ENABLE_ESPF, 1,
++ [Define if your target support espf and you have enable it.])
++ ;;
++ *)
++ enable_espf=no
++ ;;
++ esac
++else
++ enable_espf=no
++fi
++AC_MSG_RESULT($enable_espf)
++fi
++AC_SUBST([enable_espf])
++if test $enable_espf = yes ; then
++
++ AC_CACHE_CHECK(linker -z relro support,
++ gcc_cv_ld_relro,
++ [gcc_cv_ld_relro=no
++ if test $in_tree_ld = yes ; then
++ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \
++ && test $in_tree_ld_is_elf = yes; then
++ gcc_cv_ld_relro=yes
++ fi
++ elif test x$gcc_cv_ld != x; then
++ # Check if linker supports -z relro options
++ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then
++ gcc_cv_ld_relro=yes
++ fi
++ fi
++ ])
++
++ AC_CACHE_CHECK(linker -z now support,
++ gcc_cv_ld_now,
++ [gcc_cv_ld_now=no
++ if test $in_tree_ld = yes ; then
++ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \
++ && test $in_tree_ld_is_elf = yes; then
++ gcc_cv_ld_now=yes
++ fi
++ elif test x$gcc_cv_ld != x; then
++ # Check if linker supports -z now options
++ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then
++ gcc_cv_ld_now=yes
++ fi
++ fi
++ ])
++
++ # Check for -D_FORTIFY_SOURCES support in target C library
++ AC_CHECK_FUNC(__fortify_fail,[gcc_cv_libc_provides_fortify=yes],
++ [gcc_cv_libc_provides_fortify=no])
++
++ AC_MSG_CHECKING(if the compiler default to use -fPIE and link with -pie)
++ if test $set_enable_espf = yes && test x"$gcc_cv_ld_pie" = xyes; then
++ enable_espf_pie=yes
++ AC_DEFINE(ENABLE_ESPF_PIE, 1,
++ [Define if your compiler will default to use -fPIE and link with -pie.])
++ else
++ enable_espf_pie=no
++ fi
++ AC_MSG_RESULT($enable_espf_pie)
++AC_MSG_CHECKING(if the compiler default to use -fstack-protector)
++ if test $set_enable_espf = yes && test x$gcc_cv_libc_provides_ssp = xyes \
++ && test $set_have_as_tls = yes ; then
++ enable_espf_pie=yes
++ AC_DEFINE(ENABLE_ESPF_SSP, 1,
++ [Define if your compiler will default to use -fstack-protector.])
++ else
++ enable_espf_pie=no
++ fi
++ AC_MSG_RESULT($enable_espf_ssp)
++
++AC_MSG_CHECKING(if the compiler default to use -D_FORTIFY_SOURCES=2)
++ if test $set_enable_espf = yes && test x$gcc_cv_libc_provides_fortify = xyes; then
++ enable_espf_fortify=yes
++ AC_DEFINE(ENABLE_ESPF_FORTIFY, 1,
++ [Define if your compiler will default to use -D_FORTIFY_SOURCES=2.])
++ else
++ enable_espf_fortify=no
++ fi
++ AC_MSG_RESULT($enable_espf_fortify)
++
++ AC_MSG_CHECKING(if the compiler will pass -z relro to the linker)
++ if test $set_enable_espf = yes && test x$gcc_cv_ld_relro = xyes; then
++ enable_espf_relro=yes
++ AC_DEFINE(ENABLE_ESPF_RELRO, 1,
++ [Define if your compiler will pass -z relro to the linker.])
++ else
++ enable_espf_relro=no
++ fi
++ AC_MSG_RESULT($enable_espf_relro)
++
++ AC_MSG_CHECKING(if the compiler will pass -z now to the linker)
++ if test $set_enable_espf = yes && test x$gcc_cv_ld_now = xyes; then
++ enable_espf_now=yes
++ AC_DEFINE(ENABLE_ESPF_NOW, 1,
++ [Define if your compiler will pass -z now to the linker.])
++ else
++ enable_espf_now=no
++ fi
++ AC_MSG_RESULT($enable_espf_now)
++fi
++
++# --------------
+ # Language hooks
+ # --------------
+ \ No newline at end of file