diff options
author | Magnus Granberg <zorry@gentoo.org> | 2014-01-04 14:16:55 +0100 |
---|---|---|
committer | Magnus Granberg <zorry@gentoo.org> | 2014-01-04 14:16:55 +0100 |
commit | b3e30af86b5440815c3b00974883f2fdd463466b (patch) | |
tree | a9ed9067daa360962c7078cc032195930aec0ae2 /gcc-4.8.0 | |
parent | Update the doc for gcc4.9 upstream (diff) | |
download | hardened-gccpatchset-b3e30af86b5440815c3b00974883f2fdd463466b.tar.gz hardened-gccpatchset-b3e30af86b5440815c3b00974883f2fdd463466b.tar.bz2 hardened-gccpatchset-b3e30af86b5440815c3b00974883f2fdd463466b.zip |
Diffstat (limited to 'gcc-4.8.0')
-rw-r--r-- | gcc-4.8.0/piepatch/01_all_gcc48_configure.patch | 114 | ||||
-rw-r--r-- | gcc-4.8.0/piepatch/03_all_gcc48_Makefile.in.patch | 35 | ||||
-rw-r--r-- | gcc-4.8.0/piepatch/05_all_gcc48_gcc.c.patch | 4 | ||||
-rw-r--r-- | gcc-4.8.0/piepatch/24_all_gcc48_invoke.texi.patch (renamed from gcc-4.8.0/piepatch/24_all_gcc44_invoke.texi.patch) | 4 | ||||
-rw-r--r-- | gcc-4.8.0/piepatch/40_all_gcc48_config_esp.patch | 8 | ||||
-rw-r--r-- | gcc-4.8.0/piepatch/README | 3 | ||||
-rw-r--r-- | gcc-4.8.0/piepatch/README.Changelog | 6 | ||||
-rw-r--r-- | gcc-4.8.0/piepatch/README.history | 9 |
8 files changed, 26 insertions, 157 deletions
diff --git a/gcc-4.8.0/piepatch/01_all_gcc48_configure.patch b/gcc-4.8.0/piepatch/01_all_gcc48_configure.patch index 1d3b429..fc932e7 100644 --- a/gcc-4.8.0/piepatch/01_all_gcc48_configure.patch +++ b/gcc-4.8.0/piepatch/01_all_gcc48_configure.patch @@ -1,53 +1,10 @@ -2013-04-01 Magnus Granberg <zorry@gentoo.org> +2013-12-30 Magnus Granberg <zorry@gentoo.org> - * configure.ac Add --enable-esp. Add -fno-stack-protector - to stage1_cflags. - * configure Regenerated * gcc/configure.ac Add --enable-esp and define ENABLE_ESP. Check if we support crtbeginP and define ENABLE_CRTBEGINP. * gcc/configure Regenerated ---- a/configure.ac 2011-11-29 22:36:43.000000000 +0100 -+++ b/configure.ac 2011-12-07 23:29:26.125712475 +0100 -@@ -419,6 +419,26 @@ if test "${ENABLE_LIBADA}" != "yes" ; th - noconfigdirs="$noconfigdirs gnattools" - fi - -+# Check whether --enable-esp was given and target have the support. -+AC_ARG_ENABLE([esp], -+[AS_HELP_STRING([--enable-esp], -+ [Enable Stack protector and Position independent executable as -+ default if we have suppot for it when compiling -+ and link with -z relro and -z now as default. -+ Linux targets supported i*86, x86_64, x32, -+ powerpc, powerpc64, ia64, arm and mips.])], -+[ -+ case $target in -+ i?86*-*-linux* | x86_64-*-linux* | powerpc*-*-linux* | mips-*-linux* | arm*-*-linux* | ia64-*-linux*) -+ enable_esp=yes -+ ;; -+ *) -+ AC_MSG_WARN([*** --enable-esp is not supported on this $target target.]) -+ ;; -+ esac -+]) -+AC_SUBST([enable_esp]) -+ - AC_ARG_ENABLE(libssp, - [AS_HELP_STRING([--enable-libssp], [build libssp directory])], - ENABLE_LIBSSP=$enableval, -@@ -3211,6 +3230,11 @@ if test "$GCC" = yes -a "$ENABLE_BUILD_W - CFLAGS="$saved_CFLAGS" - fi - -+# Disable -fstack-protector on stage1 -+if test x$enable_esp = xyes; then -+ stage1_cflags="$stage1_cflags -fno-stack-protector" -+fi -+ - AC_SUBST(stage1_cflags) - - # Enable --enable-checking in stage1 of the compiler. + --- a/gcc/configure.ac 2011-11-18 11:52:32.000000000 +0100 +++ b/gcc/configure.ac 2012-10-02 17:39:15.649526241 +0200 @@ -5130,6 +5237,55 @@ if test x"${LINKER_HASH_STYLE}" != x; th @@ -106,73 +63,6 @@ # Configure the subdirectories # AC_CONFIG_SUBDIRS($subdirs) ---- a/configure 2013-02-05 23:36:20.000000000 +0100 -+++ b/configure 2013-02-12 01:59:04.000000000 +0100 -@@ -670,6 +670,7 @@ - CFLAGS - CC - EXTRA_CONFIGARGS_LIBJAVA -+enable_esp - target_subdir - host_subdir - build_subdir -@@ -748,6 +749,7 @@ - enable_libquadmath - enable_libquadmath_support - enable_libada -+enable_esp - enable_libssp - enable_libstdcxx - enable_static_libjava -@@ -1464,6 +1466,11 @@ - --disable-libquadmath-support - disable libquadmath support for Fortran - --enable-libada build libada directory -+ --enable-esp Enable Stack protector and Position independent -+ executable as default if we have suppot for it when -+ compiling and link with and -z now as default. -+ Linux targets supported i*86, x86_64, x32, -+ powerpc, powerpc64, ia64, arm and mips. - --enable-libssp build libssp directory - --disable-libstdcxx do not build libstdc++-v3 directory - --enable-static-libjava[=ARG] -@@ -3068,6 +3075,24 @@ - noconfigdirs="$noconfigdirs gnattools" - fi - -+# Check whether --enable-esp was given and target have the support. -+# Check whether --enable-esp was given. -+if test "${enable_esp+set}" = set; then : -+ enableval=$enable_esp; -+ case $target in -+ i?86*-*-linux* | x86_64-*-linux* | powerpc*-*-linux* | mips*-*-linux* | arm*-*-linux* | ia64-*-linux*) -+ enable_esp=yes -+ ;; -+ *) -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: *** --enable-esp is not supported on this $target target." >&5 -+$as_echo "$as_me: WARNING: *** --enable-esp is not supported on this $target target." >&2;} -+ ;; -+ esac -+ -+fi -+ -+ -+ - # Check whether --enable-libssp was given. - if test "${enable_libssp+set}" = set; then : - enableval=$enable_libssp; ENABLE_LIBSSP=$enableval -@@ -14453,6 +14478,11 @@ - esac ;; - esac - -+# Disable -fstack-protector on stage1 -+if test x$enable_esp = xyes; then -+ stage1_cflags="$stage1_cflags -fno-stack-protector" -+fi -+ - - - # Enable --enable-checking in stage1 of the compiler. --- a/gcc/configure 2013-02-01 21:26:24.000000000 +0100 +++ b/gcc/configure 2013-02-12 01:59:20.000000000 +0100 @@ -600,6 +600,8 @@ diff --git a/gcc-4.8.0/piepatch/03_all_gcc48_Makefile.in.patch b/gcc-4.8.0/piepatch/03_all_gcc48_Makefile.in.patch index 9f6c520..b36f2db 100644 --- a/gcc-4.8.0/piepatch/03_all_gcc48_Makefile.in.patch +++ b/gcc-4.8.0/piepatch/03_all_gcc48_Makefile.in.patch @@ -1,7 +1,5 @@ 2012-01-17 Magnus Granberg <zorry@gentoo.org> - * Makefile.in We add -fno-stack-protector to BOOT_CFLAGS, LIBCFLAGS and - LIBCXXFLAGS if enable_esp yes. * gcc/Makefile.in Add -fno-PIE. to ALL_CFLAGS and ALL_CXXFLAGS if enable_esp yes. Echo enable_esp and enable_crtbeginP to tmp-libgcc.mvars. @@ -9,39 +7,6 @@ We add new file crtbeginP.o if enable_crtbeginP yes Add -fno-PIE. to CRTSTUFF_CFLAGS. ---- a/Makefile.in 2010-01-22 08:35:38.000000000 -0500 -+++ b/Makefile.in 2010-02-07 15:10:59.000000000 -0500 -@@ -350,9 +350,17 @@ - BUILD_PREFIX = @BUILD_PREFIX@ - BUILD_PREFIX_1 = @BUILD_PREFIX_1@ - -+# Some stuff don't compile with SSP -+enable_esp = @enable_esp@ -+ifeq ($(enable_esp),yes) -+ESP_NOSSP_CFLAGS = -fno-stack-protector -+else -+ESP_NOSSP_CFLAGS= -+endif -+ - # Flags to pass to stage2 and later makes. They are defined - # here so that they can be overridden by Makefile fragments. --BOOT_CFLAGS= -g -O2 -+BOOT_CFLAGS= -g -O2 $(ESP_NOSSP_CFLAGS) - BOOT_LDFLAGS= - BOOT_ADAFLAGS=-gnatpg -gnata - -@@ -403,9 +403,9 @@ - - CFLAGS = @CFLAGS@ - LDFLAGS = @LDFLAGS@ --LIBCFLAGS = $(CFLAGS) -+LIBCFLAGS = $(CFLAGS) $(ESP_NOSSP_CFLAGS) - CXXFLAGS = @CXXFLAGS@ --LIBCXXFLAGS = $(CXXFLAGS) -fno-implicit-templates -+LIBCXXFLAGS = $(CXXFLAGS) -fno-implicit-templates $(ESP_NOSSP_CFLAGS) - GOCFLAGS = $(CFLAGS) - - TFLAGS = --- a/gcc/Makefile.in 2011-11-09 02:20:14.000000000 +0100 +++ b/gcc/Makefile.in 2011-12-24 22:28:08.864804375 +0100 @@ -247,6 +247,14 @@ LINKER_FLAGS = $(CFLAGS) diff --git a/gcc-4.8.0/piepatch/05_all_gcc48_gcc.c.patch b/gcc-4.8.0/piepatch/05_all_gcc48_gcc.c.patch index b92607b..ddfcafd 100644 --- a/gcc-4.8.0/piepatch/05_all_gcc48_gcc.c.patch +++ b/gcc-4.8.0/piepatch/05_all_gcc48_gcc.c.patch @@ -1,4 +1,4 @@ -2013-03-24 Magnus Granberg <zorry@gentoo.org> +2014-01-01 Magnus Granberg <zorry@gentoo.org> * gcc/gcc.c include esp.h static const char *cc1_spec We set that in esp.h if ENABLE_ESP. @@ -18,7 +18,7 @@ static const char *asm_debug; static const char *cpp_spec = CPP_SPEC; +#ifndef ENABLE_ESP - static const char *cc1_spec = CC1_SPEC; + static const char *cc1_spec = CC1_SPEC CC1_SSP_DEFAULT_SPEC; +#endif static const char *cc1plus_spec = CC1PLUS_SPEC; static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC; diff --git a/gcc-4.8.0/piepatch/24_all_gcc44_invoke.texi.patch b/gcc-4.8.0/piepatch/24_all_gcc48_invoke.texi.patch index 15b3417..36ab70c 100644 --- a/gcc-4.8.0/piepatch/24_all_gcc44_invoke.texi.patch +++ b/gcc-4.8.0/piepatch/24_all_gcc48_invoke.texi.patch @@ -1,4 +1,4 @@ -2009-09-11 Magnus Granberg <zorry@gentoo.org> +2014-01-04 Magnus Granberg <zorry@gentoo.org> * gcc/doc/invoke.texi Add NOTES about -fstack-protector-all, -pie and -fPIE/-fpie when --enable-esp is enable, this options is on by default. @@ -12,7 +12,7 @@ +NOTE: When --enable-esp this option is enabled by default +for C, C++, ObjC, ObjC++, if neither @option{-fno-stack-protector} +or @option{-nostdlib} or @option{-nodefaultlibs} or -+@option{-fstack-protector} are found. ++@option{@-ffreestanding} or @option{-fstack-protector} are found. + @item -fsection-anchors @opindex fsection-anchors diff --git a/gcc-4.8.0/piepatch/40_all_gcc48_config_esp.patch b/gcc-4.8.0/piepatch/40_all_gcc48_config_esp.patch index 805cc2c..535b638 100644 --- a/gcc-4.8.0/piepatch/40_all_gcc48_config_esp.patch +++ b/gcc-4.8.0/piepatch/40_all_gcc48_config_esp.patch @@ -1,13 +1,13 @@ -2013-08-10 Magnus Granberg <zorry@gentoo.org> +2014-01-04 Magnus Granberg <zorry@gentoo.org> * gcc/esp.h New file to support --enable-esp - Version 20130810.1 + Version 20140104.1 --- gcc/config/esp.h 2010-04-09 16:14:00.000000000 +0200 +++ gcc/config/esp.h 2012-06-23 01:00:31.248348491 +0200 @@ -0,0 +1,128 @@ +/* License terms see GNU GENERAL PUBLIC LICENSE Version 3. -+ * Version 20130810.1 ++ * Version 20140104.1 + * Magnus Granberg (Zorry) <zorry@gentoo.org> */ +#ifndef GCC_ESP_H +#define GCC_ESP_H @@ -53,7 +53,7 @@ + -fstack-protector-all and we have EFAULT_SSP or EFAULT_PIE_SSP defined. */ + #if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP ) + #define ESP_OPTIONS_SSP_SPEC \ -+ "%{nostdlib|nodefaultlibs|fno-stack-protector| \ ++ "%{nostdlib|nodefaultlibs|ffreestanding|fno-stack-protector| \ + fstack-protector|fstack-protector-all:;:-fstack-protector-all} \ + %{fstack-check|fstack-check=*:;: -fstack-check}" + #else diff --git a/gcc-4.8.0/piepatch/README b/gcc-4.8.0/piepatch/README index 5d0bc13..3a82705 100644 --- a/gcc-4.8.0/piepatch/README +++ b/gcc-4.8.0/piepatch/README @@ -8,6 +8,7 @@ http://forums.gentoo.org/viewtopic-t-668885.html. I joined the thread and starte We started with the pieworld code from kevquinn's overlay. The PIE and minispecs part hit the tree later on. With GCC 4.4.0 I was willing to do some code cleanup, use built-in specs and add it as --enable-esp in the configure command line. On GCC 4.8.0 we use DRIVER_SELF_SPECS for the specs. +From gcc 4.8.2-r1 it will have -fstack-protector on as default. Thank you all: Kevin K. Quinn, Peter S. Mazinger, Natanael Copa, Alexander Gabert, Solar, PaX Team, SpanKY, Xake, Dwokfur, @@ -15,4 +16,4 @@ KernelOfTruth, SteveL, nixnut, Hopeless, forsaken1, XioXous, obrut<-, mv, qjim, unk, neuron, alexxy, hellboi64, likewhoa, g0rg0n, costel78, polsas, 7v5w7go9ub0o, uberpinguin, Naib, cilly, bonsaikitten, kerframil, agaffney, Gordon Malm, blueness, Matthias Klose, Kees Cook, mentor, Anarchy, devurandom and everyone else for helping to test, suggestions, fixes and anything else we have missed. -/2013-03-31 Magnus Grenberg (Zorry) <zorry@gentoo.org> +/2013-12-30 Magnus Grenberg (Zorry) <zorry@gentoo.org> diff --git a/gcc-4.8.0/piepatch/README.Changelog b/gcc-4.8.0/piepatch/README.Changelog index 962ba41..741776c 100644 --- a/gcc-4.8.0/piepatch/README.Changelog +++ b/gcc-4.8.0/piepatch/README.Changelog @@ -1,3 +1,9 @@ +0.5.9 + * configure.ac Remove + * configure Remove + * Makefile.in -fno-stack-protector moved to gentoo gcc patchset. + * gcc/gcc.c Update cc1_spec define + * gcc/doc/invoke.texi And note on ssp-all for --enable-esp and -ffreestanding 0.5.8 * gcc/config/rs6000/linux64 (ASM_SPEC32): Allready applay. diff --git a/gcc-4.8.0/piepatch/README.history b/gcc-4.8.0/piepatch/README.history index 116a1ea..fcba0d8 100644 --- a/gcc-4.8.0/piepatch/README.history +++ b/gcc-4.8.0/piepatch/README.history @@ -1,3 +1,10 @@ +0.5.9 4 Jan 2014 + U 01_all_gcc48_configure.patch + U 03_all_gcc48_Makefile.in.patch + U 05_all_gcc48_gcc.c.patch + - 24_all_gcc44_invoke.texi.patch + + 24_all_gcc48_invoke.texi.patch + U README 0.5.8 11 Nov 2013 U 33_all_gcc48_config_rs6000.patch 0.5.7 10 Jul 2013 @@ -14,7 +21,7 @@ - 03_all_gcc47_Makefile.in.patch + 03_all_gcc48_Makefile.in.patch - 05_all_gcc47_gcc.c.patch - - 05_all_gcc48_gcc.c.patch + + 05_all_gcc48_gcc.c.patch - 33_all_gcc46_config_rs6000_linux64.h.patch + 33_all_gcc48_config_rs6000.patch - 34_all_gcc47_config_all_gnu_user.patch |