diff options
| author |   Magnus Granberg <zorry@gentoo.org> | 2012-04-08 14:33:17 +0200 |
|---|---|---|
| committer | Magnus Granberg <zorry@gentoo.org> | 2012-04-08 14:33:17 +0200 |
| commit | a47328a2beadfa7ab70802444f0aabac82ede1b9 (patch) | |
| tree | 0689f57520cc5bf96c9a632847ed97a55a484f88 /gcc-4.7.0/piepatch | |
| parent | piepatch 0.5.2 for gcc 4.7 (diff) | |
| download | hardened-gccpatchset-a47328a2beadfa7ab70802444f0aabac82ede1b9.tar.gz hardened-gccpatchset-a47328a2beadfa7ab70802444f0aabac82ede1b9.tar.bz2 hardened-gccpatchset-a47328a2beadfa7ab70802444f0aabac82ede1b9.zip | |
Update 4.6 and 4.7
Diffstat (limited to 'gcc-4.7.0/piepatch')
| -rw-r--r-- | gcc-4.7.0/piepatch/01_all_gcc47_configure.patch | 267 | ||||
| -rw-r--r-- | gcc-4.7.0/piepatch/02_all_gcc47_config.in.patch (renamed from gcc-4.7.0/piepatch/02_all_gcc45_config.in.patch) | 13 | ||||
| -rw-r--r-- | gcc-4.7.0/piepatch/06_all_gcc46_esp.h.patch (renamed from gcc-4.7.0/piepatch/06_all_gcc45_esp.h.patch) | 8 | ||||
| -rw-r--r-- | gcc-4.7.0/piepatch/README.Changelog | 19 | ||||
| -rw-r--r-- | gcc-4.7.0/piepatch/README.history | 6 |
5 files changed, 82 insertions, 231 deletions
diff --git a/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch b/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch index 94958b1..e79ea25 100644 --- a/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch +++ b/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch @@ -1,10 +1,9 @@ -2012-01-07 Magnus Granberg <zorry@gentoo.org> +2012-04-06 Magnus Granberg <zorry@gentoo.org> * configure Add --enable-esp. Add-fno-stack-protector to stage1_cflags. - * gcc/configure Add --enable-esp. Check -z now, - PIE, SSP and FORTIFY_SOURCES. - Define ENABLE_ESP. + * gcc/configure Add --enable-esp and check if SSP works. + Define ENABLE_ESP ENABLE_ESP_SSP. Check if we support crtbeginP and define ENABLE_CRTBEGINP. --- a/configure 2011-12-22 21:51:34.700589641 +0100 @@ -46,12 +45,12 @@ +if test "${enable_esp+set}" = set; then : + enableval=$enable_esp; + case $target in -+ i?86*-*-linux* | x86_64*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*) ++ i?86*-*-linux* | x86_??*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*) + enable_esp=yes + ;; + *) -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: *** --enable-espf is not supported on this $target target." >&5 -+$as_echo "$as_me: WARNING: *** --enable-espf is not supported on this $target target." >&2;} ++ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: *** --enable-esp is not supported on this $target target." >&5 ++$as_echo "$as_me: WARNING: *** --enable-esp is not supported on this $target target." >&2;} + ;; + esac + @@ -97,49 +96,20 @@ --enable-plugin enable plugin support --disable-libquadmath-support disable libquadmath support for Fortran -+ --enable-esp Enable Stack protector, Position independent ++ --enable-esp Enable Stack protector, Position independent + executable and Fortify_sources as default if we have + suppot for it when compiling and link -z now as + default. Linux targets supported i*86, x86_64, -+ x86_x32, powerpc, powerpc64, ia64 and arm ++ x86_x32, powerpc, powerpc64, ia64, mips and arm Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] -@@ -26575,6 +26582,28 @@ else - target_header_dir=${native_system_header_dir} - fi - -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking linker -z now support" >&5 -+$as_echo_n "checking linker -z now support... " >&6; } -+if test "${gcc_cv_ld_now+set}" = set; then : -+ $as_echo_n "(cached) " >&6 -+else -+ gcc_cv_ld_now=no -+ if test $in_tree_ld = yes ; then -+ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \ -+ && test $in_tree_ld_is_elf = yes; then -+ gcc_cv_ld_now=yes -+ fi -+ elif test x$gcc_cv_ld != x; then -+ # Check if linker supports -z now options -+ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then -+ gcc_cv_ld_now=yes -+ fi -+ fi -+ -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_ld_now" >&5 -+$as_echo "$gcc_cv_ld_now" >&6; } -+ - # Test for stack protector support in target C library. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking __stack_chk_fail in target C library" >&5 - $as_echo_n "checking __stack_chk_fail in target C library... " >&6; } -@@ -27290,6 +27319,252 @@ _ACEOF +@@ -27290,6 +27411,113 @@ _ACEOF fi +# -------------- -+# Espf checks ++# Esp checks +# -------------- + +# Check whether --enable-esp was given and target have the support. @@ -153,9 +123,9 @@ +if test $set_enable_esp = yes ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $target support esp" >&5 +$as_echo_n "checking if $target support esp... " >&6; } -+if test x"$set_enable_esp" = x"yes" ; then ++if test $set_enable_esp = yes ; then + case "$target" in -+ i?86*-*-linux* | x86_64*-*-linux* | x86_x32*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*) ++ i?86*-*-linux* | x86_??*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux* | mips*-*-linux*) + enable_esp=yes + +$as_echo "#define ENABLE_ESP 1" >>confdefs.h @@ -174,80 +144,26 @@ + +if test $enable_esp = yes ; then + -+# Check for FORTIFY_SOURCES support in target C library. -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FORTIFY_SOURCES support in target C library" >&5 -+$as_echo_n "checking for _FORTIFY_SOURCES support in target C library... " >&6; } -+if test "${gcc_cv_libc_provides_fortify+set}" = set; then : -+ $as_echo_n "(cached) " >&6 -+else -+ gcc_cv_libc_provides_fortify=no -+ case "$target" in -+ *-*-linux*) -+ # glibc 2.8 and later provides _FORTIFY_SOURCES. -+ if test -f $target_header_dir/features.h; then -+ if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \ -+ $target_header_dir/features.h > /dev/null \ -+ && $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]|[8-9])' \ -+ $target_header_dir/features.h > /dev/null; then -+ gcc_cv_libc_provides_fortify=yes -+ elif $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]' \ -+ $target_header_dir/features.h > /dev/null ; then -+ gcc_cv_libc_provides_fortify=no -+ fi -+ fi -+ ;; -+ *) gcc_cv_libc_provides_fortify=no ;; -+ esac -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_libc_provides_fortify" >&5 -+$as_echo "$gcc_cv_libc_provides_fortify" >&6; } -+ -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can default to use -fPIE and link with -pie" >&5 -+$as_echo_n "checking if we can default to use -fPIE and link with -pie... " >&6; } -+ if test x"$gcc_cv_ld_pie" = x"yes"; then -+ saved_LDFLAGS="$LDFLAGS" -+ saved_CFLAGS="$CFLAGS" -+ CFLAGS="$CFLAGS -fPIE -Werror" -+ LDFLAGS="$LDFLAGS -fPIE -pie" -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+ -+int -+main () -+{ -+ -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_c_try_link "$LINENO"; then : -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -+$as_echo "yes" >&6; }; enable_espf_pie=yes -+else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; }; enable_espf_pie=no -+fi -+rm -f core conftest.err conftest.$ac_objext \ -+ conftest$ac_exeext conftest.$ac_ext -+ LDFLAGS="$saved_LDFLAGS" -+ CFLAGS="$saved_CFLAGS" -+ else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } -+ enable_espf_pie=no -+ fi -+ -+ if test $enable_espf_pie = yes ; then -+ -+$as_echo "#define ENABLE_ESPF_PIE 1" >>confdefs.h -+ ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can default to use -fstack-protector" >&5 ++$as_echo_n "checking if we can default to use -fstack-protector... " >&6; } ++ ssp_link_test=no ++ if test x$gcc_cv_libc_provides_ssp = xyes && test x$set_have_as_tls = yes; then ++ if $EGREP '^ *#[ ]*define[ ]+__UCLIBC__[ ]+1' \ ++ $target_header_dir/features.h > /dev/null; then ++ if test -f $target_header_dir/bits/uClibc_config.h && \ ++ $EGREP '^ *#[ ]*define[ ]+__UCLIBC_SUBLEVEL__[ ]+([3-9][2-9]|[4-9][0-9])' \ ++ $target_header_dir/bits/uClibc_config.h > /dev/null && \ ++ $EGREP '^ *#[ ]*define[ ]+__UCLIBC_HAS_TLS__[ ]+1' \ ++ $target_header_dir/bits/uClibc_config.h > /dev/null; then ++ ssp_link_test=yes ++ fi ++ else ++ ssp_link_test=yes ++ fi + fi -+ -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can default to use -fstack-protector-all" >&5 -+$as_echo_n "checking if we can default to use -fstack-protector-all... " >&6; } -+ if test x"$gcc_cv_libc_provides_ssp" = x"yes" && test x"$set_have_as_tls" = x"yes" ; then ++ if test x$ssp_link_test=xyes ; then + saved_CFLAGS="$CFLAGS" -+ CFLAGS="$CFLAGS -O2 -fstack-protector-all -Werror" ++ CFLAGS="$CFLAGS -O2 -fstack-protector -Werror" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + @@ -261,127 +177,42 @@ +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -+$as_echo "yes" >&6; }; enable_espf_ssp=yes ++$as_echo "yes" >&6; }; enable_esp_ssp=yes +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; }; enable_espf_ssp=no -+fi -+rm -f core conftest.err conftest.$ac_objext \ -+ conftest$ac_exeext conftest.$ac_ext -+ CFLAGS="$saved_CFLAGS" -+ else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } -+ enable_espf_ssp=no -+ fi -+ if test x"$enable_espf_ssp" = x"yes" ; then -+ -+$as_echo "#define ENABLE_ESPF_SSP 1" >>confdefs.h -+ -+ fi -+ -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the compiler default to use -D_FORTIFY_SOURCES" >&5 -+$as_echo_n "checking if the compiler default to use -D_FORTIFY_SOURCES... " >&6; } -+ if test x"$gcc_cv_libc_provides_fortify" = x"yes"; then -+ saved_CFLAGS="$CFLAGS" -+ saved_CPPFLAGS="$CPPFLAGS" -+ CFLAGS="$CFLAGS -O2 -Werror -Wall" -+ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCES=2" -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+ -+ #include <sys/types.h> -+ #include <sys/stat.h> -+ #include <fcntl.h> -+ -+int -+main () -+{ -+ -+ open ("/tmp/foo", O_WRONLY | O_CREAT); -+ -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_c_try_link "$LINENO"; then : -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; }; enable_espf_fortify=no -+else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -+$as_echo "yes" >&6; }; enable_espf_fortify=yes ++$as_echo "no" >&6; }; enable_esp_ssp=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS="$saved_CFLAGS" -+ CPPFLAGS="$saved_CPPFLAGS" + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } -+ enable_espf_fortify=no -+ fi -+ if test x"$enable_espf_fortify" = x"yes" ; then -+ -+$as_echo "#define ENABLE_ESPF_FORTIFY 1" >>confdefs.h -+ ++ enable_esp_ssp=no + fi ++ if test $enable_esp_ssp = yes ; then + -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the compiler default to use -z now to the linker" >&5 -+$as_echo_n "checking if the compiler default to use -z now to the linker... " >&6; } -+ if test x"$gcc_cv_ld_now" = x"yes"; then -+ saved_LDFLAGS="$LDFLAGS" -+ saved_CFLAGS="$CFLAGS" -+ CFLAGS="$CFLAGS -Werror" -+ LDFLAGS="$LDFLAGS -Wl,-z,now" -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ ++$as_echo "#define ENABLE_ESP_SSP 1" >>confdefs.h + -+int -+main () -+{ ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking checking for crtbeginP.o support" >&5 ++$as_echo_n "checking checking for crtbeginP.o support... " >&6; } ++ case "$target" in ++ ia64*-*-linux*) ++ enable_crtbeginP=no ;; ++ *-*-linux*) ++ if test x$gcc_cv_ld_pie = xyes && test x$lt_cv_prog_compiler_static_works = xyes; then ++ enable_crtbeginP=yes + -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_c_try_link "$LINENO"; then : -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -+$as_echo "yes" >&6; }; enable_espf_now=yes -+else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; }; enable_espf_now=no -+fi -+rm -f core conftest.err conftest.$ac_objext \ -+ conftest$ac_exeext conftest.$ac_ext -+ LDFLAGS="$saved_LDFLAGS" -+ CFLAGS="$saved_CFLAGS" -+ else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } -+ enable_espf_now=no -+ fi -+ if test x"$enable_espf_now" = x"yes" ; then -+ -+$as_echo "#define ENABLE_ESPF_NOW 1" >>confdefs.h ++$as_echo "#define ENABLE_CRTBEGINP 1" >>confdefs.h + ++ fi ++ ;; ++ *) enable_crtbeginP=no ;; ++ esac + fi -+ -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crtbeginP.o support" >&5 -+$as_echo_n "checking for crtbeginP.o support... " >&6; } -+ case "$target" in -+ ia64*-*-linux*) -+ enable_crtbeginP=no ;; -+ *-*-linux*) -+ if test x"$gcc_cv_ld_pie" = x"yes" && test x"$lt_cv_prog_compiler_static_works" = x"yes"; then -+ enable_crtbeginP=yes -+$as_echo "#define ENABLE_CRTBEGINP 1" >>confdefs.h -+ else -+ enable_crtbeginP=no -+ fi ;; -+ *) enable_crtbeginP=no ;; -+ esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_crtbeginP" >&5 +$as_echo "$enable_crtbeginP" >&6; } ++ +fi + # Configure the subdirectories diff --git a/gcc-4.7.0/piepatch/02_all_gcc45_config.in.patch b/gcc-4.7.0/piepatch/02_all_gcc47_config.in.patch index 489658f..43cd7f8 100644 --- a/gcc-4.7.0/piepatch/02_all_gcc45_config.in.patch +++ b/gcc-4.7.0/piepatch/02_all_gcc47_config.in.patch @@ -1,6 +1,7 @@ -2011-12-05 Magnus Granberg <zorry@gentoo.org> +2012-04-06 Magnus Granberg <zorry@gentoo.org> - * gcc/config.in Add ENABLE_CRTBEGINP and ENABLE_ESP + * gcc/config.in Add ENABLE_CRTBEGINP, ENABLE_ESP + and ENABLE_ESP_SSP --- gcc/config.in 2009-04-21 11:08:08.000000000 +0200 +++ gcc/config.in 2009-05-12 00:10:08.000000000 +0200 @@ -17,7 +18,7 @@ /* Define to 1 to specify that we are using the BID decimal floating point format instead of DPD */ #ifndef USED_FOR_TARGET -@@ -65,6 +65,12 @@ +@@ -65,6 +65,18 @@ #endif @@ -27,6 +28,12 @@ +#endif + + ++/* Define to 1 to enable esp. */ ++#ifndef USED_FOR_TARGET ++#undef ENABLE_ESP_SSP ++#endif ++ ++ /* Define to 1 to enable fixed-point arithmetic extension to C. */ #ifndef USED_FOR_TARGET #undef ENABLE_FIXED_POINT diff --git a/gcc-4.7.0/piepatch/06_all_gcc45_esp.h.patch b/gcc-4.7.0/piepatch/06_all_gcc46_esp.h.patch index c51e8b4..e11c910 100644 --- a/gcc-4.7.0/piepatch/06_all_gcc45_esp.h.patch +++ b/gcc-4.7.0/piepatch/06_all_gcc46_esp.h.patch @@ -1,13 +1,13 @@ -2011-12-05 Magnus Granberg <zorry@gentoo.org> +2012-04-03 Magnus Granberg <zorry@gentoo.org> * gcc/esp.h New file to support --enable-esp - Version 20111205.1 + Version 20120403.2 --- gcc/esp.h 2010-04-09 16:14:00.000000000 +0200 +++ gcc/esp.h 2010-04-29 21:30:47.000000000 +0200 @@ -0,0 +1,145 @@ +/* License terms see GNU GENERAL PUBLIC LICENSE Version 3. -+ * Version 20111205.1 ++ * Version 20120403.2 + * Magnus Granberg (Zorry) <zorry@gentoo.org> */ +#ifndef GCC_ESP_H +#define GCC_ESP_H @@ -57,7 +57,7 @@ + + /* This will add -fstack-protector-all if we don't have -nostdlib -nodefaultlibs -fno-stack-protector -fstack-protector + -fstack-protector-all and we have EFAULT_SSP or EFAULT_PIE_SSP defined. */ -+ #if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP ) ++ #if ( defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP ) ) && defined ( ENABLE_ESP_SSP ) + #define ESP_OPTIONS_SSP_SPEC \ + "%{!D__KERNEL__:%{!nostdlib:%{!nodefaultlibs: %{!fno-stack-protector: \ + %{!fstack-protector:%{!fstack-protector-all:-fstack-protector-all}}}}}}" diff --git a/gcc-4.7.0/piepatch/README.Changelog b/gcc-4.7.0/piepatch/README.Changelog index 1729b6a..b6252ed 100644 --- a/gcc-4.7.0/piepatch/README.Changelog +++ b/gcc-4.7.0/piepatch/README.Changelog @@ -1,15 +1,22 @@ +0.5.3 Magnus Granberg <zorry@gentoo.org> + + * gcc/configure Clean up the checks and added + check for uclibc ssp support. + * gcc/config.in Add define for ENABLE_ESP_SSP + * gcc/esp.h Check for ENABLE_ESP_SSP + 0.5.2 Magnus Granberg <zorry@gentoo.org> - * gcc/common.opt Add -nopie + * gcc/common.opt Add -nopie 0.5.1 Magnus Granberg <zorry@gentoo.org> - * configure Bumped for 4.7.0 release - * gcc/configure Bumped for 4.7.0 release and + * configure Bumped for 4.7.0 release + * gcc/configure Bumped for 4.7.0 release and added some checks. - * gcc/Makefile Bumped for 4.7.0 release - * gcc/gcc.c Bumped for 4.7.0 release - * libgcc/Makefile Bumped for 4.7.0 release + * gcc/Makefile Bumped for 4.7.0 release + * gcc/gcc.c Bumped for 4.7.0 release + * libgcc/Makefile Bumped for 4.7.0 release 0.5.0 Magnus Granberg <zorry@gentoo.org> diff --git a/gcc-4.7.0/piepatch/README.history b/gcc-4.7.0/piepatch/README.history index 3c5a7b1..537cc48 100644 --- a/gcc-4.7.0/piepatch/README.history +++ b/gcc-4.7.0/piepatch/README.history @@ -1,3 +1,9 @@ +0.5.3 06 Apr 2012 + U 01_all_gcc47_configure.patch + + 02_all_gcc47_config.in.patch + - 02_all_gcc45_config.in.patch + + 06_all_gcc46_esp.h.patch + - 06_all_gcc45_esp.h.patch 0.5.2 24 Jan 2012 + 16_all_gcc47_nopie_option.patch 0.5.1 17 Jan 2012 |