1 |
commit: 10c0905feadc59bdd449f189df75c9093a27e038 |
2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Dec 7 19:22:40 2021 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Dec 7 20:06:20 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/gcc-patches.git/commit/?id=10c0905f |
7 |
|
8 |
11.3.0: update CET patch to disable on 32-bit / missing CMOV |
9 |
|
10 |
Bug: https://bugs.gentoo.org/828081 |
11 |
Bug: https://bugs.gentoo.org/827880 |
12 |
Bug: https://bugs.gentoo.org/827905 |
13 |
Bug: https://bugs.gentoo.org/777117 |
14 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
15 |
|
16 |
11.3.0/gentoo/26_all_enable-cet.patch | 19 ++++++++++--------- |
17 |
11.3.0/gentoo/README.history | 2 +- |
18 |
2 files changed, 11 insertions(+), 10 deletions(-) |
19 |
|
20 |
diff --git a/11.3.0/gentoo/26_all_enable-cet.patch b/11.3.0/gentoo/26_all_enable-cet.patch |
21 |
index 77678a9..a054e62 100644 |
22 |
--- a/11.3.0/gentoo/26_all_enable-cet.patch |
23 |
+++ b/11.3.0/gentoo/26_all_enable-cet.patch |
24 |
@@ -1,6 +1,6 @@ |
25 |
-From c1f37f6e3a4fcdefb6b3dfc3d84fc42920a70c00 Mon Sep 17 00:00:00 2001 |
26 |
+From 18c6426f4e0a4fb7ecd1c2dc16d77e85118f9495 Mon Sep 17 00:00:00 2001 |
27 |
From: Sam James <sam@g.o> |
28 |
-Date: Sat, 27 Nov 2021 19:16:02 +0000 |
29 |
+Date: Tue, 7 Dec 2021 19:16:15 +0000 |
30 |
Subject: [PATCH] Enable CET (-fcf-protection=full) by default |
31 |
|
32 |
Needs: |
33 |
@@ -18,7 +18,7 @@ Needs: |
34 |
5 files changed, 23 insertions(+), 2 deletions(-) |
35 |
|
36 |
diff --git a/gcc/common.opt b/gcc/common.opt |
37 |
-index a88778b4e..4993a7ec3 100644 |
38 |
+index a88778b..4993a7e 100644 |
39 |
--- a/gcc/common.opt |
40 |
+++ b/gcc/common.opt |
41 |
@@ -1783,7 +1783,7 @@ fcf-protection |
42 |
@@ -31,14 +31,14 @@ index a88778b4e..4993a7ec3 100644 |
43 |
instructions have valid targets. |
44 |
|
45 |
diff --git a/gcc/config/i386/i386-options.c b/gcc/config/i386/i386-options.c |
46 |
-index 18d2c0b9f..4fb76f2a1 100644 |
47 |
+index 19632b5..3f45d50 100644 |
48 |
--- a/gcc/config/i386/i386-options.c |
49 |
+++ b/gcc/config/i386/i386-options.c |
50 |
-@@ -3037,6 +3037,11 @@ ix86_option_override_internal (bool main_args_p, |
51 |
+@@ -3049,6 +3049,11 @@ ix86_option_override_internal (bool main_args_p, |
52 |
= build_target_option_node (opts, opts_set); |
53 |
} |
54 |
|
55 |
-+ if (flag_cf_protection == CF_UNSET) |
56 |
++ if ((flag_cf_protection == CF_UNSET) && TARGET_64BIT && TARGET_CMOV) |
57 |
+ { |
58 |
+ flag_cf_protection = DEFAULT_FLAG_CF; |
59 |
+ } |
60 |
@@ -47,7 +47,7 @@ index 18d2c0b9f..4fb76f2a1 100644 |
61 |
{ |
62 |
if ((opts->x_flag_cf_protection & CF_BRANCH) == CF_BRANCH |
63 |
diff --git a/gcc/defaults.h b/gcc/defaults.h |
64 |
-index 0f6cd78c5..5694412b7 100644 |
65 |
+index 0f6cd78..5694412 100644 |
66 |
--- a/gcc/defaults.h |
67 |
+++ b/gcc/defaults.h |
68 |
@@ -1463,6 +1463,19 @@ see the files COPYING3 and COPYING.RUNTIME respectively. If not, see |
69 |
@@ -71,7 +71,7 @@ index 0f6cd78c5..5694412b7 100644 |
70 |
vtable entries. Setting this nonzero tells the compiler to use |
71 |
function descriptors instead. The value of this macro says how |
72 |
diff --git a/gcc/flag-types.h b/gcc/flag-types.h |
73 |
-index a038c8fb7..61be0b128 100644 |
74 |
+index a038c8f..61be0b1 100644 |
75 |
--- a/gcc/flag-types.h |
76 |
+++ b/gcc/flag-types.h |
77 |
@@ -389,6 +389,7 @@ enum gfc_convert |
78 |
@@ -83,7 +83,7 @@ index a038c8fb7..61be0b128 100644 |
79 |
CF_BRANCH = 1 << 0, |
80 |
CF_RETURN = 1 << 1, |
81 |
diff --git a/gcc/toplev.c b/gcc/toplev.c |
82 |
-index ea0a2a1b0..d110c84ee 100644 |
83 |
+index ea0a2a1..bac60eb 100644 |
84 |
--- a/gcc/toplev.c |
85 |
+++ b/gcc/toplev.c |
86 |
@@ -1297,7 +1297,9 @@ process_options (void) |
87 |
@@ -99,3 +99,4 @@ index ea0a2a1b0..d110c84ee 100644 |
88 |
if (flag_cf_protection == CF_FULL) |
89 |
-- |
90 |
2.34.1 |
91 |
+ |
92 |
|
93 |
diff --git a/11.3.0/gentoo/README.history b/11.3.0/gentoo/README.history |
94 |
index 2fe9c27..24c19ac 100644 |
95 |
--- a/11.3.0/gentoo/README.history |
96 |
+++ b/11.3.0/gentoo/README.history |
97 |
@@ -1,4 +1,4 @@ |
98 |
-0 27 November 2021 |
99 |
+1 7 December 2021 |
100 |
+ 01_all_default-fortify-source.patch |
101 |
+ 02_all_default-warn-format-security.patch |
102 |
+ 03_all_default-warn-trampolines.patch |