1 |
commit: 750927c7e75c0a24fe7c625afc4a240d29aebc3c |
2 |
Author: Magnus Granberg <zorry <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Jul 30 21:04:46 2012 +0000 |
4 |
Commit: Magnus Granberg <zorry <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Jul 30 21:04:46 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-gccpatchset.git;a=commit;h=750927c7 |
7 |
|
8 |
updated upstream patches with doc and some testsuite fixes |
9 |
|
10 |
--- |
11 |
upstream/Makefile.in.patch | 10 ++++ |
12 |
upstream/Wformat.patch | 45 ++++++-------------- |
13 |
upstream/config_all.patch | 6 +- |
14 |
upstream/gcc_doc.patch | 99 ++++++++++++++++++++++++++++++++++++++++++++ |
15 |
upstream/testsuite.patch | 35 +++++++++++++++ |
16 |
5 files changed, 161 insertions(+), 34 deletions(-) |
17 |
|
18 |
diff --git a/upstream/Makefile.in.patch b/upstream/Makefile.in.patch |
19 |
index cc7d0f0..9b3c173 100644 |
20 |
--- a/upstream/Makefile.in.patch |
21 |
+++ b/upstream/Makefile.in.patch |
22 |
@@ -68,6 +68,16 @@ |
23 |
|
24 |
mv tmp-libgcc.mvars libgcc.mvars |
25 |
|
26 |
+@@ -4893,6 +4903,9 @@ site.exp: ./config.status Makefile |
27 |
+ @if test "@enable_lto@" = "yes" ; then \ |
28 |
+ echo "set ENABLE_LTO 1" >> ./site.tmp; \ |
29 |
+ fi |
30 |
++ @if test "@enable_espf@" = "yes" ; then \ |
31 |
++ echo "set ENABLE_ESPF 1" >> ./site.tmp; \ |
32 |
++ fi |
33 |
+ # If newlib has been configured, we need to pass -B to gcc so it can find |
34 |
+ # newlib's crt0.o if it exists. This will cause a "path prefix not used" |
35 |
+ # message if it doesn't, but the testsuite is supposed to ignore the message - |
36 |
--- a/libgcc/Makefile.in 2011-11-22 04:01:02.000000000 +0100 |
37 |
+++ b/libgcc/Makefile.in 2012-06-29 00:15:04.534016511 +0200 |
38 |
@@ -275,11 +275,16 @@ override CFLAGS := $(filter-out -fprofil |
39 |
|
40 |
diff --git a/upstream/Wformat.patch b/upstream/Wformat.patch |
41 |
index be0b07a..99bfcf5 100644 |
42 |
--- a/upstream/Wformat.patch |
43 |
+++ b/upstream/Wformat.patch |
44 |
@@ -1,6 +1,6 @@ |
45 |
--- a/gcc/c-family/c-common.c 2012-02-13 21:12:54.000000000 +0100 |
46 |
-+++ b/gcc/c-family/c-common.c 2012-07-09 23:17:18.375234684 +0200 |
47 |
-@@ -202,7 +202,19 @@ int warn_unknown_pragmas; /* Tri state v |
48 |
++++ b/gcc/c-family/c-common.c 2012-07-28 00:04:05.351725091 +0200 |
49 |
+@@ -202,7 +202,11 @@ int warn_unknown_pragmas; /* Tri state v |
50 |
/* Warn about format/argument anomalies in calls to formatted I/O functions |
51 |
(*printf, *scanf, strftime, strfmon, etc.). */ |
52 |
|
53 |
@@ -9,37 +9,20 @@ |
54 |
+#else |
55 |
int warn_format; |
56 |
+#endif |
57 |
-+ |
58 |
-+/* Warn about possible security problems with format functions. */ |
59 |
-+ |
60 |
-+#ifdef ENABLE_ESPF |
61 |
-+int warn_format_security = 1; |
62 |
-+#else |
63 |
-+int warn_format_security; |
64 |
-+#endif |
65 |
|
66 |
/* C/ObjC language option variables. */ |
67 |
|
68 |
---- a/gcc/c-family/c-common.h 2011-12-20 21:44:13.000000000 +0100 |
69 |
-+++ b/gcc/c-family/c-common.h 2012-07-09 23:16:33.355233344 +0200 |
70 |
-@@ -594,6 +594,9 @@ extern int warn_unknown_pragmas; /* Tri |
71 |
- |
72 |
- extern int warn_format; |
73 |
- |
74 |
-+/* Warn about possible security problems with format functions. */ |
75 |
+--- a/gcc/c-family/c-format.c 2011-06-07 23:52:46.000000000 +0200 |
76 |
++++ b/gcc/c-family/c-format.c 2012-07-28 00:43:00.612794680 +0200 |
77 |
+@@ -52,6 +52,11 @@ set_Wformat (int setting) |
78 |
+ /* Make sure not to disable -Wnonnull if -Wformat=0 is specified. */ |
79 |
+ if (setting) |
80 |
+ warn_nonnull = setting; |
81 |
+ |
82 |
-+extern int warn_format_security; |
83 |
- |
84 |
- /* C/ObjC language option variables. */ |
85 |
- |
86 |
---- a/gcc/c-family/c.opt 2012-02-06 11:31:18.000000000 +0100 |
87 |
-+++ b/gcc/c-family/c.opt 2012-07-09 22:07:11.449109322 +0200 |
88 |
-@@ -392,7 +392,7 @@ C ObjC C++ ObjC++ Var(warn_format_contai |
89 |
- Warn about format strings that contain NUL bytes |
90 |
- |
91 |
- Wformat-security |
92 |
--C ObjC C++ ObjC++ Var(warn_format_security) Warning |
93 |
-+C ObjC C++ ObjC++ Warning |
94 |
- Warn about possible security problems with format functions |
95 |
++#ifdef ENABLE_ESPF |
96 |
++ if (setting == 1) |
97 |
++ warn_format_security = 1; |
98 |
++#endif |
99 |
+ } |
100 |
|
101 |
- Wformat-y2k |
102 |
+ |
103 |
|
104 |
diff --git a/upstream/config_all.patch b/upstream/config_all.patch |
105 |
index f7c8e9b..aa16b1b 100644 |
106 |
--- a/upstream/config_all.patch |
107 |
+++ b/upstream/config_all.patch |
108 |
@@ -1,9 +1,9 @@ |
109 |
--- a/gcc/config/linux.h 2011-07-07 17:38:34.000000000 +0200 |
110 |
+++ b/gcc/config/linux.h 2012-07-09 14:24:08.599281404 +0200 |
111 |
@@ -104,3 +104,31 @@ see the files COPYING3 and COPYING.RUNTI |
112 |
- /* Whether we have sincos that follows the GNU extension. */ |
113 |
- #undef TARGET_HAS_SINCOS |
114 |
- #define TARGET_HAS_SINCOS (OPTION_GLIBC || OPTION_BIONIC) |
115 |
+ /* Whether we have Bionic libc runtime */ |
116 |
+ #undef TARGET_HAS_BIONIC |
117 |
+ #define TARGET_HAS_BIONIC (OPTION_BIONIC) |
118 |
+ |
119 |
+#ifdef ENABLE_ESPF |
120 |
+#ifdef ENABLE_ESPF_PIE |
121 |
|
122 |
diff --git a/upstream/gcc_doc.patch b/upstream/gcc_doc.patch |
123 |
new file mode 100644 |
124 |
index 0000000..ba76d17 |
125 |
--- /dev/null |
126 |
+++ b/upstream/gcc_doc.patch |
127 |
@@ -0,0 +1,99 @@ |
128 |
+--- a/gcc/doc/invoke.texi 2012-03-01 10:57:59.000000000 +0100 |
129 |
++++ b/gcc/doc/invoke.texi 2012-07-30 00:57:03.766847851 +0200 |
130 |
+@@ -3216,6 +3216,10 @@ aspects of format checking, the options |
131 |
+ @option{-Wformat-nonliteral}, @option{-Wformat-security}, and |
132 |
+ @option{-Wformat=2} are available, but are not included in @option{-Wall}. |
133 |
+ |
134 |
++NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}is |
135 |
++this option enabled by default for C, C++, ObjC, ObjC++. |
136 |
++To disable, use @option{-Wformat=0}. |
137 |
++ |
138 |
+ @item -Wformat-y2k |
139 |
+ @opindex Wformat-y2k |
140 |
+ @opindex Wno-format-y2k |
141 |
+@@ -3269,6 +3273,12 @@ currently a subset of what @option{-Wfor |
142 |
+ in future warnings may be added to @option{-Wformat-security} that are not |
143 |
+ included in @option{-Wformat-nonliteral}.) |
144 |
+ |
145 |
++NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]} is |
146 |
++this option enabled by default for C, C++, ObjC, ObjC++. To disable, |
147 |
++use @option{-Wno-format-security}, or disable all format warnings |
148 |
++with @option{-Wformat=0}. To make format security warnings fatal, |
149 |
++specify @option{-Werror=format-security}. |
150 |
++ |
151 |
+ @item -Wformat=2 |
152 |
+ @opindex Wformat=2 |
153 |
+ @opindex Wno-format=2 |
154 |
+@@ -6229,6 +6239,13 @@ also turns on the following optimization |
155 |
+ Please note the warning under @option{-fgcse} about |
156 |
+ invoking @option{-O2} on programs that use computed gotos. |
157 |
+ |
158 |
++NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}, |
159 |
++@option{-D_FORTIFY_SOURCE=2} is set by default, and is activated |
160 |
++when @option{-O} is set to 2 or higher. This enables additional |
161 |
++compile-time and run-time checks for several libc functions. |
162 |
++To disable, specify either @option{-U_FORTIFY_SOURCE} or |
163 |
++@option{-D_FORTIFY_SOURCE=0}. |
164 |
++ |
165 |
+ @item -O3 |
166 |
+ @opindex O3 |
167 |
+ Optimize yet more. @option{-O3} turns on all optimizations specified |
168 |
+@@ -8475,6 +8492,12 @@ functions with buffers larger than 8 byt |
169 |
+ when a function is entered and then checked when the function exits. |
170 |
+ If a guard check fails, an error message is printed and the program exits. |
171 |
+ |
172 |
++NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{]} this option |
173 |
++is enabled by default for C, C++, ObjC, ObjC++, if none of |
174 |
++@option{-fno-stack-protector}, @option{-nostdlib}, |
175 |
++@option{-fno-stack-protector-all}, @option{nodefaultlibs}, |
176 |
++nor @option{-ffreestanding} are found. |
177 |
++ |
178 |
+ @item -fstack-protector-all |
179 |
+ @opindex fstack-protector-all |
180 |
+ Like @option{-fstack-protector} except that all functions are protected. |
181 |
+@@ -9457,6 +9480,12 @@ For predictable results, you must also s |
182 |
+ that were used to generate code (@option{-fpie}, @option{-fPIE}, |
183 |
+ or model suboptions) when you specify this option. |
184 |
+ |
185 |
++NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{]} this option is |
186 |
++enabled by default for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, |
187 |
++@option{-fno-pie}, @option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, |
188 |
++@option{-fno-pic}, @option{-nostdlib}, @option{-nostartfiles}, |
189 |
++@option{-shared}, @option{-nodefaultlibs}, nor @option{static} are found. |
190 |
++ |
191 |
+ @item -rdynamic |
192 |
+ @opindex rdynamic |
193 |
+ Pass the flag @option{-export-dynamic} to the ELF linker, on targets |
194 |
+@@ -19125,6 +19154,12 @@ used during linking. |
195 |
+ @code{__pie__} and @code{__PIE__}. The macros have the value 1 |
196 |
+ for @option{-fpie} and 2 for @option{-fPIE}. |
197 |
+ |
198 |
++NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{]} this option is |
199 |
++enabled by default for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE}, |
200 |
++@option{-fno-pie}, @option{-fPIC}, @option{-fpic}, @option{-fno-PIC}, |
201 |
++@option{-fno-pic}, @option{-nostdlib}, @option{-nostartfiles}, |
202 |
++@option{-shared}, @option{-nodefaultlibs}, nor @option{static} are found. |
203 |
++ |
204 |
+ @item -fno-jump-tables |
205 |
+ @opindex fno-jump-tables |
206 |
+ Do not use jump tables for switch statements even where it would be |
207 |
+--- a/gcc/doc/install.texi 2012-03-02 10:37:30.000000000 +0100 |
208 |
++++ b/gcc/doc/install.texi 2012-07-23 18:05:14.160784593 +0200 |
209 |
+@@ -1392,6 +1392,17 @@ do a @samp{make -C gcc gnatlib_and_tools |
210 |
+ Specify that the run-time libraries for stack smashing protection |
211 |
+ should not be built. |
212 |
+ |
213 |
++@item --enable-espf=@var{list} |
214 |
++Will turn on some compiler and preprosessor options as default. |
215 |
++@option{-D_FORTIFY_SOURCE=2}, @option{-Wformat} and |
216 |
++@option{-Wformat-security} will be turn on as default and depend on |
217 |
++if you use @samp{all} it will turn on @option{-fstack-protection}and |
218 |
++@option{-fPIE} by default. if the support is there. If you use |
219 |
++@samp{ssp} it will turn on @option{-fstack-protection} by default if the |
220 |
++support is there. If you use @samp{pie} it will turn on @option{-fPIE} |
221 |
++by default if the support is there. We only support x86-64-*-linux* as target |
222 |
++for now. |
223 |
++ |
224 |
+ @item --disable-libquadmath |
225 |
+ Specify that the GCC quad-precision math library should not be built. |
226 |
+ On some systems, the library is required to be linkable when building |
227 |
|
228 |
diff --git a/upstream/testsuite.patch b/upstream/testsuite.patch |
229 |
new file mode 100644 |
230 |
index 0000000..50d06e5 |
231 |
--- /dev/null |
232 |
+++ b/upstream/testsuite.patch |
233 |
@@ -0,0 +1,35 @@ |
234 |
+--- a/gcc/testsuite/lib/target-supports.exp 2012-02-22 12:00:21.000000000 +0100 |
235 |
++++ b/gcc/testsuite/lib/target-supports.exp 2012-07-27 19:19:30.849216278 +0200 |
236 |
+@@ -4419,6 +4419,14 @@ proc check_effective_target_lto { } { |
237 |
+ return [info exists ENABLE_LTO] |
238 |
+ } |
239 |
+ |
240 |
++# Return 1 if the compiler has been configure with espf |
241 |
++# (configure --enable-espf=(all|ssp|pie)) support. |
242 |
++ |
243 |
++proc check_effective_target_espf { } { |
244 |
++ global ENABLE_ESPF |
245 |
++ return [info exists ENABLE_ESPF] |
246 |
++} |
247 |
++ |
248 |
+ # Return 1 if this target supports the -fsplit-stack option, 0 |
249 |
+ # otherwise. |
250 |
+ |
251 |
+--- a/gcc/testsuite/gcc.c-torture/execute/vprintf-chk-1.x 2012-07-30 02:31:20.573793905 +0200 |
252 |
++++ b/gcc/testsuite/gcc.c-torture/execute/vprintf-chk-1.x 2012-07-27 21:47:01.574480025 +0200 |
253 |
+@@ -0,0 +1,6 @@ |
254 |
++load_lib target-supports.exp |
255 |
++ |
256 |
++if [check_effective_target_espf] { |
257 |
++ set additional_flags "-U_FORTIFY_SOURCE" |
258 |
++} |
259 |
++return 0 |
260 |
+--- a/gcc/testsuite/gcc.c-torture/execute/vfprintf-chk-1.x 2012-07-30 02:31:07.366794031 +0200 |
261 |
++++ b/gcc/testsuite/gcc.c-torture/execute/vfprintf-chk-1.x 2012-07-27 21:47:01.000000000 +0200 |
262 |
+@@ -0,0 +1,6 @@ |
263 |
++load_lib target-supports.exp |
264 |
++ |
265 |
++if [check_effective_target_espf] { |
266 |
++ set additional_flags "-U_FORTIFY_SOURCE" |
267 |
++} |
268 |
++return 0 |