diff options
author | Magnus Granberg <zorry@gentoo.org> | 2014-01-04 14:16:55 +0100 |
---|---|---|
committer | Magnus Granberg <zorry@gentoo.org> | 2014-01-04 14:16:55 +0100 |
commit | b3e30af86b5440815c3b00974883f2fdd463466b (patch) | |
tree | a9ed9067daa360962c7078cc032195930aec0ae2 | |
parent | Update the doc for gcc4.9 upstream (diff) | |
download | hardened-gccpatchset-b3e30af86b5440815c3b00974883f2fdd463466b.tar.gz hardened-gccpatchset-b3e30af86b5440815c3b00974883f2fdd463466b.tar.bz2 hardened-gccpatchset-b3e30af86b5440815c3b00974883f2fdd463466b.zip |
-rw-r--r-- | gcc-4.8.0/piepatch/01_all_gcc48_configure.patch | 114 | ||||
-rw-r--r-- | gcc-4.8.0/piepatch/03_all_gcc48_Makefile.in.patch | 35 | ||||
-rw-r--r-- | gcc-4.8.0/piepatch/05_all_gcc48_gcc.c.patch | 4 | ||||
-rw-r--r-- | gcc-4.8.0/piepatch/24_all_gcc48_invoke.texi.patch (renamed from gcc-4.8.0/piepatch/24_all_gcc44_invoke.texi.patch) | 4 | ||||
-rw-r--r-- | gcc-4.8.0/piepatch/40_all_gcc48_config_esp.patch | 8 | ||||
-rw-r--r-- | gcc-4.8.0/piepatch/README | 3 | ||||
-rw-r--r-- | gcc-4.8.0/piepatch/README.Changelog | 6 | ||||
-rw-r--r-- | gcc-4.8.0/piepatch/README.history | 9 | ||||
-rw-r--r-- | upstream/Makefile.patch | 29 | ||||
-rw-r--r-- | upstream/configure.ac.patch | 14 | ||||
-rw-r--r-- | upstream/gcc49_default_pie_doc.patch | 37 | ||||
-rw-r--r-- | upstream/gcc49_default_pie_main.patch | 13 | ||||
-rw-r--r-- | upstream/gcc_doc.patch | 8 | ||||
-rw-r--r-- | upstream/testsuite-espf-fortify.patch | 10 | ||||
-rw-r--r-- | upstream/testsuite-espf-piessp.patch | 16 |
15 files changed, 89 insertions, 221 deletions
diff --git a/gcc-4.8.0/piepatch/01_all_gcc48_configure.patch b/gcc-4.8.0/piepatch/01_all_gcc48_configure.patch index 1d3b429..fc932e7 100644 --- a/gcc-4.8.0/piepatch/01_all_gcc48_configure.patch +++ b/gcc-4.8.0/piepatch/01_all_gcc48_configure.patch @@ -1,53 +1,10 @@ -2013-04-01 Magnus Granberg <zorry@gentoo.org> +2013-12-30 Magnus Granberg <zorry@gentoo.org> - * configure.ac Add --enable-esp. Add -fno-stack-protector - to stage1_cflags. - * configure Regenerated * gcc/configure.ac Add --enable-esp and define ENABLE_ESP. Check if we support crtbeginP and define ENABLE_CRTBEGINP. * gcc/configure Regenerated ---- a/configure.ac 2011-11-29 22:36:43.000000000 +0100 -+++ b/configure.ac 2011-12-07 23:29:26.125712475 +0100 -@@ -419,6 +419,26 @@ if test "${ENABLE_LIBADA}" != "yes" ; th - noconfigdirs="$noconfigdirs gnattools" - fi - -+# Check whether --enable-esp was given and target have the support. -+AC_ARG_ENABLE([esp], -+[AS_HELP_STRING([--enable-esp], -+ [Enable Stack protector and Position independent executable as -+ default if we have suppot for it when compiling -+ and link with -z relro and -z now as default. -+ Linux targets supported i*86, x86_64, x32, -+ powerpc, powerpc64, ia64, arm and mips.])], -+[ -+ case $target in -+ i?86*-*-linux* | x86_64-*-linux* | powerpc*-*-linux* | mips-*-linux* | arm*-*-linux* | ia64-*-linux*) -+ enable_esp=yes -+ ;; -+ *) -+ AC_MSG_WARN([*** --enable-esp is not supported on this $target target.]) -+ ;; -+ esac -+]) -+AC_SUBST([enable_esp]) -+ - AC_ARG_ENABLE(libssp, - [AS_HELP_STRING([--enable-libssp], [build libssp directory])], - ENABLE_LIBSSP=$enableval, -@@ -3211,6 +3230,11 @@ if test "$GCC" = yes -a "$ENABLE_BUILD_W - CFLAGS="$saved_CFLAGS" - fi - -+# Disable -fstack-protector on stage1 -+if test x$enable_esp = xyes; then -+ stage1_cflags="$stage1_cflags -fno-stack-protector" -+fi -+ - AC_SUBST(stage1_cflags) - - # Enable --enable-checking in stage1 of the compiler. + --- a/gcc/configure.ac 2011-11-18 11:52:32.000000000 +0100 +++ b/gcc/configure.ac 2012-10-02 17:39:15.649526241 +0200 @@ -5130,6 +5237,55 @@ if test x"${LINKER_HASH_STYLE}" != x; th @@ -106,73 +63,6 @@ # Configure the subdirectories # AC_CONFIG_SUBDIRS($subdirs) ---- a/configure 2013-02-05 23:36:20.000000000 +0100 -+++ b/configure 2013-02-12 01:59:04.000000000 +0100 -@@ -670,6 +670,7 @@ - CFLAGS - CC - EXTRA_CONFIGARGS_LIBJAVA -+enable_esp - target_subdir - host_subdir - build_subdir -@@ -748,6 +749,7 @@ - enable_libquadmath - enable_libquadmath_support - enable_libada -+enable_esp - enable_libssp - enable_libstdcxx - enable_static_libjava -@@ -1464,6 +1466,11 @@ - --disable-libquadmath-support - disable libquadmath support for Fortran - --enable-libada build libada directory -+ --enable-esp Enable Stack protector and Position independent -+ executable as default if we have suppot for it when -+ compiling and link with and -z now as default. -+ Linux targets supported i*86, x86_64, x32, -+ powerpc, powerpc64, ia64, arm and mips. - --enable-libssp build libssp directory - --disable-libstdcxx do not build libstdc++-v3 directory - --enable-static-libjava[=ARG] -@@ -3068,6 +3075,24 @@ - noconfigdirs="$noconfigdirs gnattools" - fi - -+# Check whether --enable-esp was given and target have the support. -+# Check whether --enable-esp was given. -+if test "${enable_esp+set}" = set; then : -+ enableval=$enable_esp; -+ case $target in -+ i?86*-*-linux* | x86_64-*-linux* | powerpc*-*-linux* | mips*-*-linux* | arm*-*-linux* | ia64-*-linux*) -+ enable_esp=yes -+ ;; -+ *) -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: *** --enable-esp is not supported on this $target target." >&5 -+$as_echo "$as_me: WARNING: *** --enable-esp is not supported on this $target target." >&2;} -+ ;; -+ esac -+ -+fi -+ -+ -+ - # Check whether --enable-libssp was given. - if test "${enable_libssp+set}" = set; then : - enableval=$enable_libssp; ENABLE_LIBSSP=$enableval -@@ -14453,6 +14478,11 @@ - esac ;; - esac - -+# Disable -fstack-protector on stage1 -+if test x$enable_esp = xyes; then -+ stage1_cflags="$stage1_cflags -fno-stack-protector" -+fi -+ - - - # Enable --enable-checking in stage1 of the compiler. --- a/gcc/configure 2013-02-01 21:26:24.000000000 +0100 +++ b/gcc/configure 2013-02-12 01:59:20.000000000 +0100 @@ -600,6 +600,8 @@ diff --git a/gcc-4.8.0/piepatch/03_all_gcc48_Makefile.in.patch b/gcc-4.8.0/piepatch/03_all_gcc48_Makefile.in.patch index 9f6c520..b36f2db 100644 --- a/gcc-4.8.0/piepatch/03_all_gcc48_Makefile.in.patch +++ b/gcc-4.8.0/piepatch/03_all_gcc48_Makefile.in.patch @@ -1,7 +1,5 @@ 2012-01-17 Magnus Granberg <zorry@gentoo.org> - * Makefile.in We add -fno-stack-protector to BOOT_CFLAGS, LIBCFLAGS and - LIBCXXFLAGS if enable_esp yes. * gcc/Makefile.in Add -fno-PIE. to ALL_CFLAGS and ALL_CXXFLAGS if enable_esp yes. Echo enable_esp and enable_crtbeginP to tmp-libgcc.mvars. @@ -9,39 +7,6 @@ We add new file crtbeginP.o if enable_crtbeginP yes Add -fno-PIE. to CRTSTUFF_CFLAGS. ---- a/Makefile.in 2010-01-22 08:35:38.000000000 -0500 -+++ b/Makefile.in 2010-02-07 15:10:59.000000000 -0500 -@@ -350,9 +350,17 @@ - BUILD_PREFIX = @BUILD_PREFIX@ - BUILD_PREFIX_1 = @BUILD_PREFIX_1@ - -+# Some stuff don't compile with SSP -+enable_esp = @enable_esp@ -+ifeq ($(enable_esp),yes) -+ESP_NOSSP_CFLAGS = -fno-stack-protector -+else -+ESP_NOSSP_CFLAGS= -+endif -+ - # Flags to pass to stage2 and later makes. They are defined - # here so that they can be overridden by Makefile fragments. --BOOT_CFLAGS= -g -O2 -+BOOT_CFLAGS= -g -O2 $(ESP_NOSSP_CFLAGS) - BOOT_LDFLAGS= - BOOT_ADAFLAGS=-gnatpg -gnata - -@@ -403,9 +403,9 @@ - - CFLAGS = @CFLAGS@ - LDFLAGS = @LDFLAGS@ --LIBCFLAGS = $(CFLAGS) -+LIBCFLAGS = $(CFLAGS) $(ESP_NOSSP_CFLAGS) - CXXFLAGS = @CXXFLAGS@ --LIBCXXFLAGS = $(CXXFLAGS) -fno-implicit-templates -+LIBCXXFLAGS = $(CXXFLAGS) -fno-implicit-templates $(ESP_NOSSP_CFLAGS) - GOCFLAGS = $(CFLAGS) - - TFLAGS = --- a/gcc/Makefile.in 2011-11-09 02:20:14.000000000 +0100 +++ b/gcc/Makefile.in 2011-12-24 22:28:08.864804375 +0100 @@ -247,6 +247,14 @@ LINKER_FLAGS = $(CFLAGS) diff --git a/gcc-4.8.0/piepatch/05_all_gcc48_gcc.c.patch b/gcc-4.8.0/piepatch/05_all_gcc48_gcc.c.patch index b92607b..ddfcafd 100644 --- a/gcc-4.8.0/piepatch/05_all_gcc48_gcc.c.patch +++ b/gcc-4.8.0/piepatch/05_all_gcc48_gcc.c.patch @@ -1,4 +1,4 @@ -2013-03-24 Magnus Granberg <zorry@gentoo.org> +2014-01-01 Magnus Granberg <zorry@gentoo.org> * gcc/gcc.c include esp.h static const char *cc1_spec We set that in esp.h if ENABLE_ESP. @@ -18,7 +18,7 @@ static const char *asm_debug; static const char *cpp_spec = CPP_SPEC; +#ifndef ENABLE_ESP - static const char *cc1_spec = CC1_SPEC; + static const char *cc1_spec = CC1_SPEC CC1_SSP_DEFAULT_SPEC; +#endif static const char *cc1plus_spec = CC1PLUS_SPEC; static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC; diff --git a/gcc-4.8.0/piepatch/24_all_gcc44_invoke.texi.patch b/gcc-4.8.0/piepatch/24_all_gcc48_invoke.texi.patch index 15b3417..36ab70c 100644 --- a/gcc-4.8.0/piepatch/24_all_gcc44_invoke.texi.patch +++ b/gcc-4.8.0/piepatch/24_all_gcc48_invoke.texi.patch @@ -1,4 +1,4 @@ -2009-09-11 Magnus Granberg <zorry@gentoo.org> +2014-01-04 Magnus Granberg <zorry@gentoo.org> * gcc/doc/invoke.texi Add NOTES about -fstack-protector-all, -pie and -fPIE/-fpie when --enable-esp is enable, this options is on by default. @@ -12,7 +12,7 @@ +NOTE: When --enable-esp this option is enabled by default +for C, C++, ObjC, ObjC++, if neither @option{-fno-stack-protector} +or @option{-nostdlib} or @option{-nodefaultlibs} or -+@option{-fstack-protector} are found. ++@option{@-ffreestanding} or @option{-fstack-protector} are found. + @item -fsection-anchors @opindex fsection-anchors diff --git a/gcc-4.8.0/piepatch/40_all_gcc48_config_esp.patch b/gcc-4.8.0/piepatch/40_all_gcc48_config_esp.patch index 805cc2c..535b638 100644 --- a/gcc-4.8.0/piepatch/40_all_gcc48_config_esp.patch +++ b/gcc-4.8.0/piepatch/40_all_gcc48_config_esp.patch @@ -1,13 +1,13 @@ -2013-08-10 Magnus Granberg <zorry@gentoo.org> +2014-01-04 Magnus Granberg <zorry@gentoo.org> * gcc/esp.h New file to support --enable-esp - Version 20130810.1 + Version 20140104.1 --- gcc/config/esp.h 2010-04-09 16:14:00.000000000 +0200 +++ gcc/config/esp.h 2012-06-23 01:00:31.248348491 +0200 @@ -0,0 +1,128 @@ +/* License terms see GNU GENERAL PUBLIC LICENSE Version 3. -+ * Version 20130810.1 ++ * Version 20140104.1 + * Magnus Granberg (Zorry) <zorry@gentoo.org> */ +#ifndef GCC_ESP_H +#define GCC_ESP_H @@ -53,7 +53,7 @@ + -fstack-protector-all and we have EFAULT_SSP or EFAULT_PIE_SSP defined. */ + #if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP ) + #define ESP_OPTIONS_SSP_SPEC \ -+ "%{nostdlib|nodefaultlibs|fno-stack-protector| \ ++ "%{nostdlib|nodefaultlibs|ffreestanding|fno-stack-protector| \ + fstack-protector|fstack-protector-all:;:-fstack-protector-all} \ + %{fstack-check|fstack-check=*:;: -fstack-check}" + #else diff --git a/gcc-4.8.0/piepatch/README b/gcc-4.8.0/piepatch/README index 5d0bc13..3a82705 100644 --- a/gcc-4.8.0/piepatch/README +++ b/gcc-4.8.0/piepatch/README @@ -8,6 +8,7 @@ http://forums.gentoo.org/viewtopic-t-668885.html. I joined the thread and starte We started with the pieworld code from kevquinn's overlay. The PIE and minispecs part hit the tree later on. With GCC 4.4.0 I was willing to do some code cleanup, use built-in specs and add it as --enable-esp in the configure command line. On GCC 4.8.0 we use DRIVER_SELF_SPECS for the specs. +From gcc 4.8.2-r1 it will have -fstack-protector on as default. Thank you all: Kevin K. Quinn, Peter S. Mazinger, Natanael Copa, Alexander Gabert, Solar, PaX Team, SpanKY, Xake, Dwokfur, @@ -15,4 +16,4 @@ KernelOfTruth, SteveL, nixnut, Hopeless, forsaken1, XioXous, obrut<-, mv, qjim, unk, neuron, alexxy, hellboi64, likewhoa, g0rg0n, costel78, polsas, 7v5w7go9ub0o, uberpinguin, Naib, cilly, bonsaikitten, kerframil, agaffney, Gordon Malm, blueness, Matthias Klose, Kees Cook, mentor, Anarchy, devurandom and everyone else for helping to test, suggestions, fixes and anything else we have missed. -/2013-03-31 Magnus Grenberg (Zorry) <zorry@gentoo.org> +/2013-12-30 Magnus Grenberg (Zorry) <zorry@gentoo.org> diff --git a/gcc-4.8.0/piepatch/README.Changelog b/gcc-4.8.0/piepatch/README.Changelog index 962ba41..741776c 100644 --- a/gcc-4.8.0/piepatch/README.Changelog +++ b/gcc-4.8.0/piepatch/README.Changelog @@ -1,3 +1,9 @@ +0.5.9 + * configure.ac Remove + * configure Remove + * Makefile.in -fno-stack-protector moved to gentoo gcc patchset. + * gcc/gcc.c Update cc1_spec define + * gcc/doc/invoke.texi And note on ssp-all for --enable-esp and -ffreestanding 0.5.8 * gcc/config/rs6000/linux64 (ASM_SPEC32): Allready applay. diff --git a/gcc-4.8.0/piepatch/README.history b/gcc-4.8.0/piepatch/README.history index 116a1ea..fcba0d8 100644 --- a/gcc-4.8.0/piepatch/README.history +++ b/gcc-4.8.0/piepatch/README.history @@ -1,3 +1,10 @@ +0.5.9 4 Jan 2014 + U 01_all_gcc48_configure.patch + U 03_all_gcc48_Makefile.in.patch + U 05_all_gcc48_gcc.c.patch + - 24_all_gcc44_invoke.texi.patch + + 24_all_gcc48_invoke.texi.patch + U README 0.5.8 11 Nov 2013 U 33_all_gcc48_config_rs6000.patch 0.5.7 10 Jul 2013 @@ -14,7 +21,7 @@ - 03_all_gcc47_Makefile.in.patch + 03_all_gcc48_Makefile.in.patch - 05_all_gcc47_gcc.c.patch - - 05_all_gcc48_gcc.c.patch + + 05_all_gcc48_gcc.c.patch - 33_all_gcc46_config_rs6000_linux64.h.patch + 33_all_gcc48_config_rs6000.patch - 34_all_gcc47_config_all_gnu_user.patch diff --git a/upstream/Makefile.patch b/upstream/Makefile.patch index a116e5f..0e17143 100644 --- a/upstream/Makefile.patch +++ b/upstream/Makefile.patch @@ -38,23 +38,23 @@ INTERNAL_CFLAGS = -DIN_GCC @CROSS@ +# We don't want to compile the compiler with -fPIE, it make PCH fail. -+enable_espf = @enable_espf@ -+ifeq ($(enable_espf),yes) -+ESPF_NOPIE_CFLAGS = -fno-PIE ++enable_pie_default= @enable_pie_default@ ++ifeq ($(enable_pie_default),yes) ++PIE_DEFAULT_CFLAGS = -fno-PIE +else -+ESPF_NOPIE_CFLAGS= ++PIE_DEFAULT_CFLAGS= +endif + # This is the variable actually used when we compile. If you change this, # you probably want to update BUILD_CFLAGS in configure.ac -ALL_CFLAGS = $(T_CFLAGS) $(CFLAGS-$@) \ -+ALL_CFLAGS = $(ESPF_NOPIE_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) \ ++ALL_CFLAGS = $(PIE_DEFAULT_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) \ $(CFLAGS) $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(WARN_CFLAGS) @DEFS@ # The C++ version. -ALL_CXXFLAGS = $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) $(INTERNAL_CFLAGS) \ - $(COVERAGE_FLAGS) $(NOEXCEPTION_FLAGS) $(WARN_CXXFLAGS) @DEFS@ -+ALL_CXXFLAGS =$(ESPF_NOPIE_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) \ ++ALL_CXXFLAGS =$(PIE_DEFAULT_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) \ + $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(NOEXCEPTION_FLAGS) \ + $(WARN_CXXFLAGS) @DEFS@ @@ -64,7 +64,7 @@ echo GCC_CFLAGS = '$(GCC_CFLAGS)' >> tmp-libgcc.mvars echo INHIBIT_LIBC_CFLAGS = '$(INHIBIT_LIBC_CFLAGS)' >> tmp-libgcc.mvars echo TARGET_SYSTEM_ROOT = '$(TARGET_SYSTEM_ROOT)' >> tmp-libgcc.mvars -+ echo enable_espf = '$(enable_espf)' >> tmp-libgcc.mvars ++ echo enable_pie_default) = '$(enable_pie_default))' >> tmp-libgcc.mvars mv tmp-libgcc.mvars libgcc.mvars @@ -72,29 +72,30 @@ @if test "@enable_lto@" = "yes" ; then \ echo "set ENABLE_LTO 1" >> ./site.tmp; \ fi -+ @if test "@enable_espf@" = "yes" ; then \ -+ echo "set ENABLE_ESPF 1" >> ./site.tmp; \ ++ @if test "@enable_pie_default)@" = "yes" ; then \ ++ echo "set ENABLE_PIE_DEFAULT 1" >> ./site.tmp; \ + fi # If newlib has been configured, we need to pass -B to gcc so it can find # newlib's crt0.o if it exists. This will cause a "path prefix not used" # message if it doesn't, but the testsuite is supposed to ignore the message - --- a/libgcc/Makefile.in 2011-11-22 04:01:02.000000000 +0100 +++ b/libgcc/Makefile.in 2012-06-29 00:15:04.534016511 +0200 -@@ -275,11 +275,16 @@ override CFLAGS := $(filter-out -fprofil +@@ -275,11 +275,17 @@ override CFLAGS := $(filter-out -fprofil INTERNAL_CFLAGS = $(CFLAGS) $(LIBGCC2_CFLAGS) $(HOST_LIBGCC2_CFLAGS) \ $(INCLUDES) @set_have_cc_tls@ @set_use_emutls@ -+ifeq ($(enable_espf),yes) -+ESPF_NOPIE_CFLAGS = -fno-PIE ++We don't want to compile crt* with -fPIE. ++ifeq ($(enable_pie_default)),yes) ++PIE_DEFAULT_CFLAGS = -fno-PIE +else -+ESPF_NOPIE_CFLAGS= ++PIE_DEFAULT_CFLAGS= +endif # Options to use when compiling crtbegin/end. CRTSTUFF_CFLAGS = -O2 $(GCC_CFLAGS) $(INCLUDES) $(MULTILIB_CFLAGS) -g0 \ -finhibit-size-directive -fno-inline -fno-exceptions \ -fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \ - -fno-stack-protector \ -+ -fno-stack-protector $(ESPF_NOPIE_CFLAGS) \ ++ -fno-stack-protector $(PIE_DEFAULT_CFLAGS) \ $(INHIBIT_LIBC_CFLAGS) # Extra flags to use when compiling crt{begin,end}.o. diff --git a/upstream/configure.ac.patch b/upstream/configure.ac.patch index 2e39577..2537eeb 100644 --- a/upstream/configure.ac.patch +++ b/upstream/configure.ac.patch @@ -103,14 +103,14 @@ +AC_SUBST([enable_espf]) +if test $enable_espf = yes ; then + -+# Check for FORTIFY_SOURCES support in target C library. -+ AC_CACHE_CHECK(for _FORTIFY_SOURCES support in target C library, ++# Check for FORTIFY_SOURCE support in target C library. ++ AC_CACHE_CHECK(for _FORTIFY_SOURCE support in target C library, + gcc_cv_libc_provides_fortify, + [gcc_cv_libc_provides_fortify=no + case "$target" in + *-*-linux*) -+ [# glibc 2.8 and later provides _FORTIFY_SOURCES. -+ # uClibc 0.9.32 and later provides _FORTIFY_SOURCES. ++ [# glibc 2.8 and later provides _FORTIFY_SOURCE. ++ # uClibc 0.9.32 and later provides _FORTIFY_SOURCE. + if test -f $target_header_dir/features.h; then + if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \ + $target_header_dir/features.h > /dev/null \ @@ -195,12 +195,12 @@ + AC_MSG_RESULT([no]) + fi + -+ AC_MSG_CHECKING(if the compiler default to use -D_FORTIFY_SOURCES=2) ++ AC_MSG_CHECKING(if the compiler default to use -D_FORTIFY_SOURCE=2) + if test x$gcc_cv_libc_provides_fortify = xyes && test x$cross_compiling = xno ; then + saved_CFLAGS="$CFLAGS" + saved_CPPFLAGS="$CPPFLAGS" + CFLAGS="$CFLAGS -O2 -Werror" -+ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCES=2" ++ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" + AC_TRY_LINK([ + #include <sys/types.h> + #include <sys/stat.h> @@ -221,7 +221,7 @@ + fi + if test $enable_espf_fortify = yes ; then + AC_DEFINE(ENABLE_ESPF_FORTIFY, 1, -+ [Define if your compiler will default to use -D_FORTIFY_SOURCES=2.]) ++ [Define if your compiler will default to use -D_FORTIFY_SOURCE=2.]) + fi + +fi diff --git a/upstream/gcc49_default_pie_doc.patch b/upstream/gcc49_default_pie_doc.patch index d10c930..8e32035 100644 --- a/upstream/gcc49_default_pie_doc.patch +++ b/upstream/gcc49_default_pie_doc.patch @@ -1,40 +1,39 @@ --- a/gcc/doc/install.texi 2013-10-01 19:29:40.000000000 +0200 -+++ b/gcc/doc/install.texi 2013-11-09 15:40:20.831402110 +0100 -@@ -1421,6 +1421,11 @@ do a @samp{make -C gcc gnatlib_and_tools ++++ b/gcc/doc/install.texi 2013-11-17 16:13:20.474144921 +0100 +@@ -1421,6 +1421,10 @@ do a @samp{make -C gcc gnatlib_and_tools Specify that the run-time libraries for stack smashing protection should not be built. +@item --enable-default-pie -+We will turn on @option{-fPIE} and @option{-pie} as default when -+compileing and linking if the support is there. We only support -+i?86-*-linux* and x86-64-*-linux* as target for now. ++Turn on @option{-fPIE} and @option{-pie} by default if supported. ++Currently supported targets are i?86-*-linux* and x86-64-*-linux*. + @item --disable-libquadmath Specify that the GCC quad-precision math library should not be built. On some systems, the library is required to be linkable when building ---- a/gcc/doc/invoke.texi 2012-03-01 10:57:59.000000000 +0100 -+++ b/gcc/doc/invoke.texi 2012-07-30 00:57:03.766847851 +0200 -@@ -9457,6 +9480,12 @@ For predictable results, you must also s - that were used to generate code (@option{-fpie}, @option{-fPIE}, - or model suboptions) when you specify this option. +--- a/gcc/doc/invoke.texi 2013-10-03 19:13:50.000000000 +0200 ++++ b/gcc/doc/invoke.texi 2013-11-17 21:30:02.784220111 +0100 +@@ -10134,6 +10134,12 @@ For predictable results, you must also s + used for compilation (@option{-fpie}, @option{-fPIE}, + or model suboptions) when you specify this linker option. -+NOTE: With configure --enable-default-pie this option is enabled by default -+for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, @option{-fno-pie}, -+@option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, @option{-fno-pic}, -+@option{-nostdlib}, @option{-nostartfiles}, @option{-shared}, ++NOTE: With configure --enable-default-pie this option is enabled by default ++for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, @option{-fno-pie}, ++@option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, @option{-fno-pic}, ++@option{-nostdlib}, @option{-nostartfiles}, @option{-shared}, +@option{-nodefaultlibs}, nor @option{static} are found. + @item -rdynamic @opindex rdynamic Pass the flag @option{-export-dynamic} to the ELF linker, on targets -@@ -19125,6 +19154,12 @@ used during linking. +@@ -21371,6 +21377,12 @@ used during linking. @code{__pie__} and @code{__PIE__}. The macros have the value 1 for @option{-fpie} and 2 for @option{-fPIE}. -+NOTE: With configure --enable-default-pie this option is enabled by default -+for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, @option{-fno-pie}, -+@option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, @option{-fno-pic}, -+@option{-nostdlib}, @option{-nostartfiles}, @option{-shared}, ++NOTE: With configure --enable-default-pie this option is enabled by default ++for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, @option{-fno-pie}, ++@option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, @option{-fno-pic}, ++@option{-nostdlib}, @option{-nostartfiles}, @option{-shared}, +@option{-nodefaultlibs}, nor @option{static} are found. + @item -fno-jump-tables diff --git a/upstream/gcc49_default_pie_main.patch b/upstream/gcc49_default_pie_main.patch index 37eb527..8533a03 100644 --- a/upstream/gcc49_default_pie_main.patch +++ b/upstream/gcc49_default_pie_main.patch @@ -10,7 +10,7 @@ +#ifdef ENABLE_DEFAULT_PIE +#define PIE_DRIVER_SELF_SPECS \ +"%{pie|fpic|fPIC|fpie|fPIE|fno-pic|fno-PIC|fno-pie|fno-PIE| \ -+ shared|static|nostdlib|nostartfiles:;:-fPIE -pie}" ++ shared|static|nostdlib|nodefaultlibs|nostartfiles:;:-fPIE -pie}" +#else +#define PIE_DRIVER_SELF_SPECS "" +#endif @@ -31,19 +31,18 @@ +#endif --- a/gcc/configure.ac 2013-09-25 18:10:35.000000000 +0200 +++ b/gcc/configure.ac 2013-10-22 21:26:56.287602139 +0200 -@@ -5434,6 +5434,31 @@ if test x"${LINKER_HASH_STYLE}" != x; th +@@ -5434,6 +5434,30 @@ if test x"${LINKER_HASH_STYLE}" != x; th [The linker hash style]) fi +# Check whether --enable-default-pie was given and target have the support. +AC_ARG_ENABLE(default-pie, -+[AS_HELP_STRING([--enable-default-pie], [Enable Position independent executable as default. -+ If we have suppot for it when compiling and linking. -+ Linux targets supported i?86 and x86_64.])], ++[AS_HELP_STRING([--enable-default-pie], ++ [enable Position Independent Executable as default])], +enable_default_pie=$enableval, +enable_default_pie=no) +if test x$enable_default_pie = xyes; then -+ AC_MSG_CHECKING(if $target support to default with -fPIE and link with -pie as default) ++ AC_MSG_CHECKING(if $target supports default PIE) + enable_default_pie=no + case $target in + i?86*-*-linux* | x86_64*-*-linux*) @@ -56,7 +55,7 @@ +fi +if test x$enable_default_pie == xyes ; then + AC_DEFINE(ENABLE_DEFAULT_PIE, 1, -+ [Define if your target support default-pie and you have enable it.]) ++ [Define if your target supports default PIE and it is enabled.]) +fi +AC_SUBST([enable_default_pie]) + diff --git a/upstream/gcc_doc.patch b/upstream/gcc_doc.patch index c3e876b..92d727e 100644 --- a/upstream/gcc_doc.patch +++ b/upstream/gcc_doc.patch @@ -60,8 +60,8 @@ or model suboptions) when you specify this option. +@emph{Note:} (existing style). -+With @option{--enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}} this option is -+enabled by default for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, ++With @option{--enable-pie-default} this option is enabled by default ++for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, +@option{-fno-pie}, @option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, +@option{-fno-pic}, @option{-nostdlib}, @option{-nostartfiles}, +@option{-shared}, @option{-nodefaultlibs}, nor @option{-static} are found. @@ -74,8 +74,8 @@ for @option{-fpie} and 2 for @option{-fPIE}. +@emph{Note:} (existing style). -+With @option{--enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}} this option is -+enabled by default for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, ++With @option{--enable-pie-default} this option is enabled by default ++for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, +@option{-fno-pie}, @option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, +@option{-fno-pic}, @option{-nostdlib}, @option{-nostartfiles}, +@option{-shared}, @option{-nodefaultlibs}, nor @option{-static} are found. diff --git a/upstream/testsuite-espf-fortify.patch b/upstream/testsuite-espf-fortify.patch index 82456cc..ec098e3 100644 --- a/upstream/testsuite-espf-fortify.patch +++ b/upstream/testsuite-espf-fortify.patch @@ -4,12 +4,12 @@ return [info exists ENABLE_LTO] } -+# Return 1 if the compiler has been configure with espf -+# (configure --enable-espf=(all|ssp|pie)) support. ++# Return 1 if the compiler has been configure with pie-default ++# (configure --enable-pie-default) support. + -+proc check_effective_target_espf { } { -+ global ENABLE_ESPF -+ return [info exists ENABLE_ESPF] ++proc check_effective_target_pie { } { ++ global ENABLE_PIE_DEFAULT ++ return [info exists ENABLE_PIE_DEFAULT] +} + # Return 1 if this target supports the -fsplit-stack option, 0 diff --git a/upstream/testsuite-espf-piessp.patch b/upstream/testsuite-espf-piessp.patch index 8991a69..000f683 100644 --- a/upstream/testsuite-espf-piessp.patch +++ b/upstream/testsuite-espf-piessp.patch @@ -4,7 +4,7 @@ /* { dg-do run } */ /* { dg-require-profiling "-p" } */ /* { dg-options "-O2 -p" } */ -+/* { dg-additional-options "-fno-PIE" { target espf } } */ ++/* { dg-additional-options "-fno-PIE" { target pie } } */ /* { dg-options "-O2 -p -static" { target hppa*-*-hpux* } } */ /* { dg-error "profiler" "No profiler support" { target xstormy16-*-* } 0 } */ /* { dg-message "" "consider using `-pg' instead of `-p' with gprof(1)" { target *-*-freebsd* } 0 } */ @@ -14,7 +14,7 @@ /* { dg-require-profiling "-pg" } */ /* { dg-options "-O2 -pg" } */ /* { dg-options "-O2 -pg -static" { target hppa*-*-hpux* } } */ -+/* { dg-additional-options "-fno-PIE" { target espf } } */ ++/* { dg-additional-options "-fno-PIE" { target pie } } */ /* { dg-error "profiler" "No profiler support" { target xstormy16-*-* } 0 } */ extern void abort (void); @@ -24,7 +24,7 @@ /* { dg-do run } */ /* { dg-options "-pg" } */ /* { dg-options "-pg -static" { target hppa*-*-hpux* } } */ -+/* { dg-additional-options "-fno-PIE" { target espf } } */ ++/* { dg-additional-options "-fno-PIE" { target pie } } */ /* { dg-require-profiling "-pg" } */ extern void abort(void); @@ -34,7 +34,7 @@ /* { dg-options "-O2 -pg" } */ /* { dg-options "-O2 -pg -mtune=core2" { target { i?86-*-* x86_64-*-* } } } */ /* { dg-options "-O2 -pg -static" { target hppa*-*-hpux* } } */ -+/* { dg-additional-options "-fno-PIE" { target espf } } */ ++/* { dg-additional-options "-fno-PIE" { target pie } } */ extern void abort (void); @@ -44,7 +44,7 @@ /* { dg-require-profiling "-pg" } */ /* { dg-options "-O2 -pg" } */ /* { dg-options "-O2 -pg -static" { target hppa*-*-hpux* } } */ -+/* { dg-additional-options "-fno-PIE" { target espf } } */ ++/* { dg-additional-options "-fno-PIE" { target pie } } */ extern char *strdup (const char *); @@ -54,7 +54,7 @@ defined for executables as well as shared libraries. */ /* { dg-skip-if "" { *-*-darwin* hppa*64*-*-* mips*-*-linux* mips*-*-irix* *-*-mingw* } { "*" } { "" } } */ /* { dg-options "-O2 -fno-common -fdump-tree-optimized" } */ -+/* { dg-skip-if "" { espf } { "*" } { "" } } */ */ ++/* { dg-skip-if "" { pie } { "*" } { "" } } */ */ const int conststaticvariable; @@ -82,7 +82,7 @@ // PR c++/34094 // { dg-do link { target { ! { *-*-darwin* *-*-hpux* *-*-solaris2.* alpha*-dec-osf* mips-sgi-irix* } } } } // { dg-options "-g" } -+// { dg-additional-options "-fno-PIE" { target espf } } ++// { dg-additional-options "-fno-PIE" { target pie } } namespace { struct c @@ -92,7 +92,7 @@ // { dg-require-profiling "-pg" } // { dg-options "-pg" } // { dg-options "-pg -static" { target hppa*-*-hpux* } } -+// { dg-additional-options "-fno-PIE" { target espf } } ++// { dg-additional-options "-fno-PIE" { target pie } } // GROUPS passed profiling #include <stdio.h> main() |