aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMagnus Granberg <zorry@gentoo.org>2012-04-08 14:33:17 +0200
committerMagnus Granberg <zorry@gentoo.org>2012-04-08 14:33:17 +0200
commita47328a2beadfa7ab70802444f0aabac82ede1b9 (patch)
tree0689f57520cc5bf96c9a632847ed97a55a484f88 /gcc-4.7.0
parentpiepatch 0.5.2 for gcc 4.7 (diff)
downloadhardened-gccpatchset-a47328a2beadfa7ab70802444f0aabac82ede1b9.tar.gz
hardened-gccpatchset-a47328a2beadfa7ab70802444f0aabac82ede1b9.tar.bz2
hardened-gccpatchset-a47328a2beadfa7ab70802444f0aabac82ede1b9.zip
Update 4.6 and 4.7
Diffstat (limited to 'gcc-4.7.0')
-rw-r--r--gcc-4.7.0/piepatch/01_all_gcc47_configure.patch267
-rw-r--r--gcc-4.7.0/piepatch/02_all_gcc47_config.in.patch (renamed from gcc-4.7.0/piepatch/02_all_gcc45_config.in.patch)13
-rw-r--r--gcc-4.7.0/piepatch/06_all_gcc46_esp.h.patch (renamed from gcc-4.7.0/piepatch/06_all_gcc45_esp.h.patch)8
-rw-r--r--gcc-4.7.0/piepatch/README.Changelog19
-rw-r--r--gcc-4.7.0/piepatch/README.history6
5 files changed, 82 insertions, 231 deletions
diff --git a/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch b/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch
index 94958b1..e79ea25 100644
--- a/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch
+++ b/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch
@@ -1,10 +1,9 @@
-2012-01-07 Magnus Granberg <zorry@gentoo.org>
+2012-04-06 Magnus Granberg <zorry@gentoo.org>
* configure Add --enable-esp. Add-fno-stack-protector
to stage1_cflags.
- * gcc/configure Add --enable-esp. Check -z now,
- PIE, SSP and FORTIFY_SOURCES.
- Define ENABLE_ESP.
+ * gcc/configure Add --enable-esp and check if SSP works.
+ Define ENABLE_ESP ENABLE_ESP_SSP.
Check if we support crtbeginP and define ENABLE_CRTBEGINP.
--- a/configure 2011-12-22 21:51:34.700589641 +0100
@@ -46,12 +45,12 @@
+if test "${enable_esp+set}" = set; then :
+ enableval=$enable_esp;
+ case $target in
-+ i?86*-*-linux* | x86_64*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*)
++ i?86*-*-linux* | x86_??*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*)
+ enable_esp=yes
+ ;;
+ *)
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: *** --enable-espf is not supported on this $target target." >&5
-+$as_echo "$as_me: WARNING: *** --enable-espf is not supported on this $target target." >&2;}
++ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: *** --enable-esp is not supported on this $target target." >&5
++$as_echo "$as_me: WARNING: *** --enable-esp is not supported on this $target target." >&2;}
+ ;;
+ esac
+
@@ -97,49 +96,20 @@
--enable-plugin enable plugin support
--disable-libquadmath-support
disable libquadmath support for Fortran
-+ --enable-esp Enable Stack protector, Position independent
++ --enable-esp Enable Stack protector, Position independent
+ executable and Fortify_sources as default if we have
+ suppot for it when compiling and link -z now as
+ default. Linux targets supported i*86, x86_64,
-+ x86_x32, powerpc, powerpc64, ia64 and arm
++ x86_x32, powerpc, powerpc64, ia64, mips and arm
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
-@@ -26575,6 +26582,28 @@ else
- target_header_dir=${native_system_header_dir}
- fi
-
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking linker -z now support" >&5
-+$as_echo_n "checking linker -z now support... " >&6; }
-+if test "${gcc_cv_ld_now+set}" = set; then :
-+ $as_echo_n "(cached) " >&6
-+else
-+ gcc_cv_ld_now=no
-+ if test $in_tree_ld = yes ; then
-+ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \
-+ && test $in_tree_ld_is_elf = yes; then
-+ gcc_cv_ld_now=yes
-+ fi
-+ elif test x$gcc_cv_ld != x; then
-+ # Check if linker supports -z now options
-+ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then
-+ gcc_cv_ld_now=yes
-+ fi
-+ fi
-+
-+fi
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_ld_now" >&5
-+$as_echo "$gcc_cv_ld_now" >&6; }
-+
- # Test for stack protector support in target C library.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking __stack_chk_fail in target C library" >&5
- $as_echo_n "checking __stack_chk_fail in target C library... " >&6; }
-@@ -27290,6 +27319,252 @@ _ACEOF
+@@ -27290,6 +27411,113 @@ _ACEOF
fi
+# --------------
-+# Espf checks
++# Esp checks
+# --------------
+
+# Check whether --enable-esp was given and target have the support.
@@ -153,9 +123,9 @@
+if test $set_enable_esp = yes ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $target support esp" >&5
+$as_echo_n "checking if $target support esp... " >&6; }
-+if test x"$set_enable_esp" = x"yes" ; then
++if test $set_enable_esp = yes ; then
+ case "$target" in
-+ i?86*-*-linux* | x86_64*-*-linux* | x86_x32*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*)
++ i?86*-*-linux* | x86_??*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux* | mips*-*-linux*)
+ enable_esp=yes
+
+$as_echo "#define ENABLE_ESP 1" >>confdefs.h
@@ -174,80 +144,26 @@
+
+if test $enable_esp = yes ; then
+
-+# Check for FORTIFY_SOURCES support in target C library.
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FORTIFY_SOURCES support in target C library" >&5
-+$as_echo_n "checking for _FORTIFY_SOURCES support in target C library... " >&6; }
-+if test "${gcc_cv_libc_provides_fortify+set}" = set; then :
-+ $as_echo_n "(cached) " >&6
-+else
-+ gcc_cv_libc_provides_fortify=no
-+ case "$target" in
-+ *-*-linux*)
-+ # glibc 2.8 and later provides _FORTIFY_SOURCES.
-+ if test -f $target_header_dir/features.h; then
-+ if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \
-+ $target_header_dir/features.h > /dev/null \
-+ && $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]|[8-9])' \
-+ $target_header_dir/features.h > /dev/null; then
-+ gcc_cv_libc_provides_fortify=yes
-+ elif $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]' \
-+ $target_header_dir/features.h > /dev/null ; then
-+ gcc_cv_libc_provides_fortify=no
-+ fi
-+ fi
-+ ;;
-+ *) gcc_cv_libc_provides_fortify=no ;;
-+ esac
-+fi
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_libc_provides_fortify" >&5
-+$as_echo "$gcc_cv_libc_provides_fortify" >&6; }
-+
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can default to use -fPIE and link with -pie" >&5
-+$as_echo_n "checking if we can default to use -fPIE and link with -pie... " >&6; }
-+ if test x"$gcc_cv_ld_pie" = x"yes"; then
-+ saved_LDFLAGS="$LDFLAGS"
-+ saved_CFLAGS="$CFLAGS"
-+ CFLAGS="$CFLAGS -fPIE -Werror"
-+ LDFLAGS="$LDFLAGS -fPIE -pie"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h. */
-+
-+int
-+main ()
-+{
-+
-+ ;
-+ return 0;
-+}
-+_ACEOF
-+if ac_fn_c_try_link "$LINENO"; then :
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+$as_echo "yes" >&6; }; enable_espf_pie=yes
-+else
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+$as_echo "no" >&6; }; enable_espf_pie=no
-+fi
-+rm -f core conftest.err conftest.$ac_objext \
-+ conftest$ac_exeext conftest.$ac_ext
-+ LDFLAGS="$saved_LDFLAGS"
-+ CFLAGS="$saved_CFLAGS"
-+ else
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+$as_echo "no" >&6; }
-+ enable_espf_pie=no
-+ fi
-+
-+ if test $enable_espf_pie = yes ; then
-+
-+$as_echo "#define ENABLE_ESPF_PIE 1" >>confdefs.h
-+
++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can default to use -fstack-protector" >&5
++$as_echo_n "checking if we can default to use -fstack-protector... " >&6; }
++ ssp_link_test=no
++ if test x$gcc_cv_libc_provides_ssp = xyes && test x$set_have_as_tls = yes; then
++ if $EGREP '^ *#[ ]*define[ ]+__UCLIBC__[ ]+1' \
++ $target_header_dir/features.h > /dev/null; then
++ if test -f $target_header_dir/bits/uClibc_config.h && \
++ $EGREP '^ *#[ ]*define[ ]+__UCLIBC_SUBLEVEL__[ ]+([3-9][2-9]|[4-9][0-9])' \
++ $target_header_dir/bits/uClibc_config.h > /dev/null && \
++ $EGREP '^ *#[ ]*define[ ]+__UCLIBC_HAS_TLS__[ ]+1' \
++ $target_header_dir/bits/uClibc_config.h > /dev/null; then
++ ssp_link_test=yes
++ fi
++ else
++ ssp_link_test=yes
++ fi
+ fi
-+
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can default to use -fstack-protector-all" >&5
-+$as_echo_n "checking if we can default to use -fstack-protector-all... " >&6; }
-+ if test x"$gcc_cv_libc_provides_ssp" = x"yes" && test x"$set_have_as_tls" = x"yes" ; then
++ if test x$ssp_link_test=xyes ; then
+ saved_CFLAGS="$CFLAGS"
-+ CFLAGS="$CFLAGS -O2 -fstack-protector-all -Werror"
++ CFLAGS="$CFLAGS -O2 -fstack-protector -Werror"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
@@ -261,127 +177,42 @@
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+$as_echo "yes" >&6; }; enable_espf_ssp=yes
++$as_echo "yes" >&6; }; enable_esp_ssp=yes
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+$as_echo "no" >&6; }; enable_espf_ssp=no
-+fi
-+rm -f core conftest.err conftest.$ac_objext \
-+ conftest$ac_exeext conftest.$ac_ext
-+ CFLAGS="$saved_CFLAGS"
-+ else
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+$as_echo "no" >&6; }
-+ enable_espf_ssp=no
-+ fi
-+ if test x"$enable_espf_ssp" = x"yes" ; then
-+
-+$as_echo "#define ENABLE_ESPF_SSP 1" >>confdefs.h
-+
-+ fi
-+
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the compiler default to use -D_FORTIFY_SOURCES" >&5
-+$as_echo_n "checking if the compiler default to use -D_FORTIFY_SOURCES... " >&6; }
-+ if test x"$gcc_cv_libc_provides_fortify" = x"yes"; then
-+ saved_CFLAGS="$CFLAGS"
-+ saved_CPPFLAGS="$CPPFLAGS"
-+ CFLAGS="$CFLAGS -O2 -Werror -Wall"
-+ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCES=2"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h. */
-+
-+ #include <sys/types.h>
-+ #include <sys/stat.h>
-+ #include <fcntl.h>
-+
-+int
-+main ()
-+{
-+
-+ open ("/tmp/foo", O_WRONLY | O_CREAT);
-+
-+ ;
-+ return 0;
-+}
-+_ACEOF
-+if ac_fn_c_try_link "$LINENO"; then :
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+$as_echo "no" >&6; }; enable_espf_fortify=no
-+else
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+$as_echo "yes" >&6; }; enable_espf_fortify=yes
++$as_echo "no" >&6; }; enable_esp_ssp=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ CFLAGS="$saved_CFLAGS"
-+ CPPFLAGS="$saved_CPPFLAGS"
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
-+ enable_espf_fortify=no
-+ fi
-+ if test x"$enable_espf_fortify" = x"yes" ; then
-+
-+$as_echo "#define ENABLE_ESPF_FORTIFY 1" >>confdefs.h
-+
++ enable_esp_ssp=no
+ fi
++ if test $enable_esp_ssp = yes ; then
+
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the compiler default to use -z now to the linker" >&5
-+$as_echo_n "checking if the compiler default to use -z now to the linker... " >&6; }
-+ if test x"$gcc_cv_ld_now" = x"yes"; then
-+ saved_LDFLAGS="$LDFLAGS"
-+ saved_CFLAGS="$CFLAGS"
-+ CFLAGS="$CFLAGS -Werror"
-+ LDFLAGS="$LDFLAGS -Wl,-z,now"
-+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h. */
++$as_echo "#define ENABLE_ESP_SSP 1" >>confdefs.h
+
-+int
-+main ()
-+{
++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking checking for crtbeginP.o support" >&5
++$as_echo_n "checking checking for crtbeginP.o support... " >&6; }
++ case "$target" in
++ ia64*-*-linux*)
++ enable_crtbeginP=no ;;
++ *-*-linux*)
++ if test x$gcc_cv_ld_pie = xyes && test x$lt_cv_prog_compiler_static_works = xyes; then
++ enable_crtbeginP=yes
+
-+ ;
-+ return 0;
-+}
-+_ACEOF
-+if ac_fn_c_try_link "$LINENO"; then :
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+$as_echo "yes" >&6; }; enable_espf_now=yes
-+else
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+$as_echo "no" >&6; }; enable_espf_now=no
-+fi
-+rm -f core conftest.err conftest.$ac_objext \
-+ conftest$ac_exeext conftest.$ac_ext
-+ LDFLAGS="$saved_LDFLAGS"
-+ CFLAGS="$saved_CFLAGS"
-+ else
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+$as_echo "no" >&6; }
-+ enable_espf_now=no
-+ fi
-+ if test x"$enable_espf_now" = x"yes" ; then
-+
-+$as_echo "#define ENABLE_ESPF_NOW 1" >>confdefs.h
++$as_echo "#define ENABLE_CRTBEGINP 1" >>confdefs.h
+
++ fi
++ ;;
++ *) enable_crtbeginP=no ;;
++ esac
+ fi
-+
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crtbeginP.o support" >&5
-+$as_echo_n "checking for crtbeginP.o support... " >&6; }
-+ case "$target" in
-+ ia64*-*-linux*)
-+ enable_crtbeginP=no ;;
-+ *-*-linux*)
-+ if test x"$gcc_cv_ld_pie" = x"yes" && test x"$lt_cv_prog_compiler_static_works" = x"yes"; then
-+ enable_crtbeginP=yes
-+$as_echo "#define ENABLE_CRTBEGINP 1" >>confdefs.h
-+ else
-+ enable_crtbeginP=no
-+ fi ;;
-+ *) enable_crtbeginP=no ;;
-+ esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_crtbeginP" >&5
+$as_echo "$enable_crtbeginP" >&6; }
++
+fi
+
# Configure the subdirectories
diff --git a/gcc-4.7.0/piepatch/02_all_gcc45_config.in.patch b/gcc-4.7.0/piepatch/02_all_gcc47_config.in.patch
index 489658f..43cd7f8 100644
--- a/gcc-4.7.0/piepatch/02_all_gcc45_config.in.patch
+++ b/gcc-4.7.0/piepatch/02_all_gcc47_config.in.patch
@@ -1,6 +1,7 @@
-2011-12-05 Magnus Granberg <zorry@gentoo.org>
+2012-04-06 Magnus Granberg <zorry@gentoo.org>
- * gcc/config.in Add ENABLE_CRTBEGINP and ENABLE_ESP
+ * gcc/config.in Add ENABLE_CRTBEGINP, ENABLE_ESP
+ and ENABLE_ESP_SSP
--- gcc/config.in 2009-04-21 11:08:08.000000000 +0200
+++ gcc/config.in 2009-05-12 00:10:08.000000000 +0200
@@ -17,7 +18,7 @@
/* Define to 1 to specify that we are using the BID decimal floating point
format instead of DPD */
#ifndef USED_FOR_TARGET
-@@ -65,6 +65,12 @@
+@@ -65,6 +65,18 @@
#endif
@@ -27,6 +28,12 @@
+#endif
+
+
++/* Define to 1 to enable esp. */
++#ifndef USED_FOR_TARGET
++#undef ENABLE_ESP_SSP
++#endif
++
++
/* Define to 1 to enable fixed-point arithmetic extension to C. */
#ifndef USED_FOR_TARGET
#undef ENABLE_FIXED_POINT
diff --git a/gcc-4.7.0/piepatch/06_all_gcc45_esp.h.patch b/gcc-4.7.0/piepatch/06_all_gcc46_esp.h.patch
index c51e8b4..e11c910 100644
--- a/gcc-4.7.0/piepatch/06_all_gcc45_esp.h.patch
+++ b/gcc-4.7.0/piepatch/06_all_gcc46_esp.h.patch
@@ -1,13 +1,13 @@
-2011-12-05 Magnus Granberg <zorry@gentoo.org>
+2012-04-03 Magnus Granberg <zorry@gentoo.org>
* gcc/esp.h New file to support --enable-esp
- Version 20111205.1
+ Version 20120403.2
--- gcc/esp.h 2010-04-09 16:14:00.000000000 +0200
+++ gcc/esp.h 2010-04-29 21:30:47.000000000 +0200
@@ -0,0 +1,145 @@
+/* License terms see GNU GENERAL PUBLIC LICENSE Version 3.
-+ * Version 20111205.1
++ * Version 20120403.2
+ * Magnus Granberg (Zorry) <zorry@gentoo.org> */
+#ifndef GCC_ESP_H
+#define GCC_ESP_H
@@ -57,7 +57,7 @@
+
+ /* This will add -fstack-protector-all if we don't have -nostdlib -nodefaultlibs -fno-stack-protector -fstack-protector
+ -fstack-protector-all and we have EFAULT_SSP or EFAULT_PIE_SSP defined. */
-+ #if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP )
++ #if ( defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP ) ) && defined ( ENABLE_ESP_SSP )
+ #define ESP_OPTIONS_SSP_SPEC \
+ "%{!D__KERNEL__:%{!nostdlib:%{!nodefaultlibs: %{!fno-stack-protector: \
+ %{!fstack-protector:%{!fstack-protector-all:-fstack-protector-all}}}}}}"
diff --git a/gcc-4.7.0/piepatch/README.Changelog b/gcc-4.7.0/piepatch/README.Changelog
index 1729b6a..b6252ed 100644
--- a/gcc-4.7.0/piepatch/README.Changelog
+++ b/gcc-4.7.0/piepatch/README.Changelog
@@ -1,15 +1,22 @@
+0.5.3 Magnus Granberg <zorry@gentoo.org>
+
+ * gcc/configure Clean up the checks and added
+ check for uclibc ssp support.
+ * gcc/config.in Add define for ENABLE_ESP_SSP
+ * gcc/esp.h Check for ENABLE_ESP_SSP
+
0.5.2 Magnus Granberg <zorry@gentoo.org>
- * gcc/common.opt Add -nopie
+ * gcc/common.opt Add -nopie
0.5.1 Magnus Granberg <zorry@gentoo.org>
- * configure Bumped for 4.7.0 release
- * gcc/configure Bumped for 4.7.0 release and
+ * configure Bumped for 4.7.0 release
+ * gcc/configure Bumped for 4.7.0 release and
added some checks.
- * gcc/Makefile Bumped for 4.7.0 release
- * gcc/gcc.c Bumped for 4.7.0 release
- * libgcc/Makefile Bumped for 4.7.0 release
+ * gcc/Makefile Bumped for 4.7.0 release
+ * gcc/gcc.c Bumped for 4.7.0 release
+ * libgcc/Makefile Bumped for 4.7.0 release
0.5.0 Magnus Granberg <zorry@gentoo.org>
diff --git a/gcc-4.7.0/piepatch/README.history b/gcc-4.7.0/piepatch/README.history
index 3c5a7b1..537cc48 100644
--- a/gcc-4.7.0/piepatch/README.history
+++ b/gcc-4.7.0/piepatch/README.history
@@ -1,3 +1,9 @@
+0.5.3 06 Apr 2012
+ U 01_all_gcc47_configure.patch
+ + 02_all_gcc47_config.in.patch
+ - 02_all_gcc45_config.in.patch
+ + 06_all_gcc46_esp.h.patch
+ - 06_all_gcc45_esp.h.patch
0.5.2 24 Jan 2012
+ 16_all_gcc47_nopie_option.patch
0.5.1 17 Jan 2012