1 |
commit: 9f286ca40bcefa89d281475687529dfc081856cf |
2 |
Author: Magnus Granberg <zorry <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Apr 8 12:36:28 2012 +0000 |
4 |
Commit: Magnus Granberg <zorry <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Apr 8 12:36:28 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-gccpatchset.git;a=commit;h=9f286ca4 |
7 |
|
8 |
Updated configure.ac patch for upstream |
9 |
|
10 |
--- |
11 |
upstream/configure.ac.patch | 233 +++++++++++++++++++++---------------------- |
12 |
1 files changed, 115 insertions(+), 118 deletions(-) |
13 |
|
14 |
diff --git a/upstream/configure.ac.patch b/upstream/configure.ac.patch |
15 |
index b08edcc..86bab05 100644 |
16 |
--- a/upstream/configure.ac.patch |
17 |
+++ b/upstream/configure.ac.patch |
18 |
@@ -1,25 +1,18 @@ |
19 |
-2011-06-24 Magnus Granberg <zorry@g.o> |
20 |
- |
21 |
- * configure Add --enable-espf. Add -fno-stack-protector |
22 |
- to stage1_cflags. |
23 |
- * gcc/configure.ac Add --enable-espf and checks for it. |
24 |
- |
25 |
---- a/configure.ac 2011-04-18 23:27:00.000000000 +0200 |
26 |
-+++ b/configure.ac 2011-04-27 12:47:11.351473240 +0200 |
27 |
-@@ -419,6 +419,25 @@ |
28 |
+--- a/configure.ac 2011-11-29 22:36:43.000000000 +0100 |
29 |
++++ b/configure.ac 2011-12-07 23:29:26.125712475 +0100 |
30 |
+@@ -419,6 +419,24 @@ if test "${ENABLE_LIBADA}" != "yes" ; th |
31 |
noconfigdirs="$noconfigdirs gnattools" |
32 |
fi |
33 |
|
34 |
+# Check whether --enable-espf was given and target have the support. |
35 |
+AC_ARG_ENABLE([espf], |
36 |
+[AS_HELP_STRING([--enable-espf], |
37 |
-+ [Enable Stack protector, Position independent executable and |
38 |
-+ Fortify_sources as default if we have suppot for it when compiling |
39 |
-+ and link with -z relro and -z now as default. |
40 |
-+ Linux targets supported x86_64.])], |
41 |
++ [Enable Stack protector, Position independent executable as |
42 |
++ default if we have suppot for it when compiling. |
43 |
++ Linux targets supported i*86, x86_64 and x86_x32.])], |
44 |
+[ |
45 |
+ case $target in |
46 |
-+ i?86*-*-linux* | x86_64*-*-linux* | x86_x32*-*-linux | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*) |
47 |
++ i?86*-*-linux* | x86_??*-*-linux*) |
48 |
+ enable_espf=yes |
49 |
+ ;; |
50 |
+ *) |
51 |
@@ -32,23 +25,25 @@ |
52 |
AC_ARG_ENABLE(libssp, |
53 |
[AS_HELP_STRING([--enable-libssp], [build libssp directory])], |
54 |
ENABLE_LIBSSP=$enableval, |
55 |
-@@ -3152,6 +3171,10 @@ |
56 |
- esac ;; |
57 |
- esac |
58 |
+@@ -3211,6 +3230,11 @@ if test "$GCC" = yes -a "$ENABLE_BUILD_W |
59 |
+ CFLAGS="$saved_CFLAGS" |
60 |
+ fi |
61 |
|
62 |
+# Disable -fstack-protector on stage1 |
63 |
+if test x$enable_espf = xyes; then |
64 |
+ stage1_cflags="$stage1_cflags -fno-stack-protector" |
65 |
+fi |
66 |
- # This is aimed to mimic bootstrap with a non-GCC compiler to catch problems. |
67 |
- if test "$GCC" = yes -a "$ENABLE_BUILD_WITH_CXX" != yes; then |
68 |
- saved_CFLAGS="$CFLAGS" |
69 |
---- a/gcc/configure.ac 2011-04-13 19:12:53.000000000 +0200 |
70 |
-+++ b/gcc/configure.ac 2011-06-24 03:17:07.448179335 +0200 |
71 |
-@@ -4515,6 +4515,145 @@ |
72 |
- AC_SUBST(MAINT)dnl |
73 |
++ |
74 |
+ AC_SUBST(stage1_cflags) |
75 |
+ |
76 |
+ # Enable --enable-checking in stage1 of the compiler. |
77 |
+--- a/gcc/configure.ac 2011-11-18 11:52:32.000000000 +0100 |
78 |
++++ b/gcc/configure.ac 2012-04-04 16:18:00.269968226 +0200 |
79 |
+@@ -5130,6 +5146,148 @@ if test x"${LINKER_HASH_STYLE}" != x; th |
80 |
+ [The linker hash style]) |
81 |
+ fi |
82 |
|
83 |
- # -------------- |
84 |
++# -------------- |
85 |
+# Espf checks |
86 |
+# -------------- |
87 |
+ |
88 |
@@ -56,16 +51,15 @@ |
89 |
+AC_ARG_ENABLE([espf], |
90 |
+[AS_HELP_STRING([--enable-espf], |
91 |
+ [Enable Stack protector, Position independent executable and |
92 |
-+ Fortify_sources as default if we have suppot for it when compiling |
93 |
-+ and link with -z relro and -z now as default. |
94 |
-+ Linux targets supported x86_64])], |
95 |
++ Fortify_sources as default if we have suppot for it when compiling. |
96 |
++ Linux targets supported i*86, x86_64, and x86_x32.])], |
97 |
+ set_enable_espf=$enableval, |
98 |
+ set_enable_espf=no) |
99 |
+if test $set_enable_espf = yes ; then |
100 |
+ AC_MSG_CHECKING(if $target support espf) |
101 |
+if test $set_enable_espf = yes ; then |
102 |
+ case "$target" in |
103 |
-+ ?86-*-linux* | x86_64-*-linux*) |
104 |
++ i?86*-*-linux* | x86_??*-*-linux*) |
105 |
+ enable_espf=yes |
106 |
+ AC_DEFINE(ENABLE_ESPF, 1, |
107 |
+ [Define if your target support espf and you have enable it.]) |
108 |
@@ -82,112 +76,115 @@ |
109 |
+AC_SUBST([enable_espf]) |
110 |
+if test $enable_espf = yes ; then |
111 |
+ |
112 |
-+ AC_CACHE_CHECK(linker -z relro support, |
113 |
-+ gcc_cv_ld_relro, |
114 |
-+ [gcc_cv_ld_relro=no |
115 |
-+ if test $in_tree_ld = yes ; then |
116 |
-+ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \ |
117 |
-+ && test $in_tree_ld_is_elf = yes; then |
118 |
-+ gcc_cv_ld_relro=yes |
119 |
-+ fi |
120 |
-+ elif test x$gcc_cv_ld != x; then |
121 |
-+ # Check if linker supports -z relro options |
122 |
-+ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then |
123 |
-+ gcc_cv_ld_relro=yes |
124 |
-+ fi |
125 |
-+ fi |
126 |
-+ ]) |
127 |
-+ |
128 |
-+ AC_CACHE_CHECK(linker -z now support, |
129 |
-+ gcc_cv_ld_now, |
130 |
-+ [gcc_cv_ld_now=no |
131 |
-+ if test $in_tree_ld = yes ; then |
132 |
-+ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \ |
133 |
-+ && test $in_tree_ld_is_elf = yes; then |
134 |
-+ gcc_cv_ld_now=yes |
135 |
-+ fi |
136 |
-+ elif test x$gcc_cv_ld != x; then |
137 |
-+ # Check if linker supports -z now options |
138 |
-+ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then |
139 |
-+ gcc_cv_ld_now=yes |
140 |
-+ fi |
141 |
-+ fi |
142 |
-+ ]) |
143 |
-+ |
144 |
+# Check for FORTIFY_SOURCES support in target C library. |
145 |
-+AC_CACHE_CHECK(for _FORTIFY_SOURCES support in target C library, |
146 |
-+ gcc_cv_libc_provides_fortify, |
147 |
-+ [gcc_cv_libc_provides_fortify=no |
148 |
++ AC_CACHE_CHECK(for _FORTIFY_SOURCES support in target C library, |
149 |
++ gcc_cv_libc_provides_fortify, |
150 |
++ [gcc_cv_libc_provides_fortify=no |
151 |
+ case "$target" in |
152 |
-+ *-*-linux*) |
153 |
-+ [# glibc 2.8 and later provides _FORTIFY_SOURCES. |
154 |
-+ if test -f $target_header_dir/features.h; then |
155 |
-+ if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \ |
156 |
-+ $target_header_dir/features.h > /dev/null \ |
157 |
-+ && $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]|[8-9])' \ |
158 |
++ *-*-linux*) |
159 |
++ [# glibc 2.8 and later provides _FORTIFY_SOURCES. |
160 |
++ # uClibc 0.9.32 and later provides _FORTIFY_SOURCES. |
161 |
++ if test -f $target_header_dir/features.h; then |
162 |
++ if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \ |
163 |
++ $target_header_dir/features.h > /dev/null \ |
164 |
++ && $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]|[8-9])' \ |
165 |
++ $target_header_dir/features.h > /dev/null; then |
166 |
++ gcc_cv_libc_provides_fortify=yes |
167 |
++ elif $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]+1' \ |
168 |
+ $target_header_dir/features.h > /dev/null; then |
169 |
-+ gcc_cv_libc_provides_fortify=yes |
170 |
-+ elif $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]' \ |
171 |
-+ $target_header_dir/features.h > /dev/null ; then |
172 |
-+ gcc_cv_libc_provides_fortify=no |
173 |
-+ fi |
174 |
-+ fi] |
175 |
-+ ;; |
176 |
-+ *) gcc_cv_libc_provides_fortify=no ;; |
177 |
++ if test -f $target_header_dir/bits/uClibc_config.h && \ |
178 |
++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_SUBLEVEL__[ ]+([3-9][2-9]|[4-9][0-9])' \ |
179 |
++ $target_header_dir/bits/uClibc_config.h > /dev/null; then |
180 |
++ gcc_cv_libc_provides_fortify=yes |
181 |
++ else |
182 |
++ gcc_cv_libc_provides_fortify=no |
183 |
++ fi |
184 |
++ fi |
185 |
++ fi] |
186 |
++ ;; |
187 |
++ *) gcc_cv_libc_provides_fortify=no ;; |
188 |
+ esac]) |
189 |
+ |
190 |
-+ AC_MSG_CHECKING(if the compiler default to use -fPIE and link with -pie) |
191 |
-+ if test $set_enable_espf = yes && test x"$gcc_cv_ld_pie" = xyes; then |
192 |
-+ enable_espf_pie=yes |
193 |
++ AC_MSG_CHECKING(if we can default to use -fPIE and link with -pie) |
194 |
++ if test x$gcc_cv_ld_pie = xyes; then |
195 |
++ saved_LDFLAGS="$LDFLAGS" |
196 |
++ saved_CFLAGS="$CFLAGS" |
197 |
++ CFLAGS="$CFLAGS -fPIE -Werror" |
198 |
++ LDFLAGS="$LDFLAGS -fPIE -pie" |
199 |
++ AC_TRY_LINK(,, |
200 |
++ [AC_MSG_RESULT([yes]); enable_espf_pie=yes], |
201 |
++ [AC_MSG_RESULT([no]); enable_espf_pie=no]) |
202 |
++ LDFLAGS="$saved_LDFLAGS" |
203 |
++ CFLAGS="$saved_CFLAGS" |
204 |
++ else |
205 |
++ AC_MSG_RESULT([no]) |
206 |
++ enable_espf_pie=no |
207 |
++ fi |
208 |
++ |
209 |
++ if test $enable_espf_pie = yes ; then |
210 |
+ AC_DEFINE(ENABLE_ESPF_PIE, 1, |
211 |
+ [Define if your compiler will default to use -fPIE and link with -pie.]) |
212 |
++ fi |
213 |
++ |
214 |
++ AC_MSG_CHECKING(if we can default to use -fstack-protector) |
215 |
++ ssp_link_test=no |
216 |
++ if test x$gcc_cv_libc_provides_ssp = xyes && test x$set_have_as_tls = yes; then |
217 |
++ if $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]+1' \ |
218 |
++ $target_header_dir/features.h > /dev/null; then |
219 |
++ if test -f $target_header_dir/bits/uClibc_config.h && \ |
220 |
++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_SUBLEVEL__[ ]+([3-9][2-9]|[4-9][0-9])' \ |
221 |
++ $target_header_dir/bits/uClibc_config.h > /dev/null && \ |
222 |
++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_HAS_TLS__[ ]+1' \ |
223 |
++ $target_header_dir/bits/uClibc_config.h > /dev/null; then |
224 |
++ ssp_link_test=yes |
225 |
++ fi |
226 |
++ else |
227 |
++ ssp_link_test=yes |
228 |
++ fi |
229 |
++ fi |
230 |
++ if test x$ssp_link_test=xyes ; then |
231 |
++ saved_CFLAGS="$CFLAGS" |
232 |
++ CFLAGS="$CFLAGS -O2 -fstack-protector -Werror" |
233 |
++ AC_TRY_LINK(,, |
234 |
++ [AC_MSG_RESULT([yes]); enable_espf_ssp=yes], |
235 |
++ [AC_MSG_RESULT([no]); enable_espf_ssp=no]) |
236 |
++ CFLAGS="$saved_CFLAGS" |
237 |
+ else |
238 |
-+ enable_espf_pie=no |
239 |
++ AC_MSG_RESULT([no]) |
240 |
++ enable_espf_ssp=no |
241 |
+ fi |
242 |
-+ AC_MSG_RESULT($enable_espf_pie) |
243 |
-+AC_MSG_CHECKING(if the compiler default to use -fstack-protector) |
244 |
-+ if test $set_enable_espf = yes && test x$gcc_cv_libc_provides_ssp = xyes \ |
245 |
-+ && test $set_have_as_tls = yes ; then |
246 |
-+ enable_espf_ssp=yes |
247 |
++ if test $enable_espf_ssp = yes ; then |
248 |
+ AC_DEFINE(ENABLE_ESPF_SSP, 1, |
249 |
+ [Define if your compiler will default to use -fstack-protector.]) |
250 |
-+ else |
251 |
-+ enable_espf_ssp=no |
252 |
+ fi |
253 |
-+ AC_MSG_RESULT($enable_espf_ssp) |
254 |
+ |
255 |
-+AC_MSG_CHECKING(if the compiler default to use -D_FORTIFY_SOURCES=2) |
256 |
-+ if test $set_enable_espf = yes && test x$gcc_cv_libc_provides_fortify = xyes; then |
257 |
-+ enable_espf_fortify=yes |
258 |
++ AC_MSG_CHECKING(if we can default to use -D_FORTIFY_SOURCES=2) |
259 |
++ if test x$gcc_cv_libc_provides_fortify = xyes; then |
260 |
++ saved_CFLAGS="$CFLAGS" |
261 |
++ saved_CPPFLAGS="$CPPFLAGS" |
262 |
++ CFLAGS="$CFLAGS -O2 -Werror" |
263 |
++ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCES=2" |
264 |
++ AC_TRY_LINK([ |
265 |
++ #include <sys/types.h> |
266 |
++ #include <sys/stat.h> |
267 |
++ #include <fcntl.h> |
268 |
++ ],[ |
269 |
++ open ("/tmp/foo", O_WRONLY | O_CREAT); |
270 |
++ ], |
271 |
++ [AC_MSG_RESULT([no]); enable_espf_fortify=no], |
272 |
++ [AC_MSG_RESULT([yes]); enable_espf_fortify=yes]) |
273 |
++ CFLAGS="$saved_CFLAGS" |
274 |
++ CPPFLAGS="$saved_CPPFLAGS" |
275 |
++ else |
276 |
++ [AC_MSG_RESULT([no]); enable_espf_fortify=no] |
277 |
++ fi |
278 |
++ if test x$enable_espf_fortify = xyes ; then |
279 |
+ AC_DEFINE(ENABLE_ESPF_FORTIFY, 1, |
280 |
+ [Define if your compiler will default to use -D_FORTIFY_SOURCES=2.]) |
281 |
-+ else |
282 |
-+ enable_espf_fortify=no |
283 |
+ fi |
284 |
-+ AC_MSG_RESULT($enable_espf_fortify) |
285 |
+ |
286 |
-+ AC_MSG_CHECKING(if the compiler will pass -z relro to the linker) |
287 |
-+ if test $set_enable_espf = yes && test x$gcc_cv_ld_relro = xyes; then |
288 |
-+ enable_espf_relro=yes |
289 |
-+ AC_DEFINE(ENABLE_ESPF_RELRO, 1, |
290 |
-+ [Define if your compiler will pass -z relro to the linker.]) |
291 |
-+ else |
292 |
-+ enable_espf_relro=no |
293 |
-+ fi |
294 |
-+ AC_MSG_RESULT($enable_espf_relro) |
295 |
-+ |
296 |
-+ AC_MSG_CHECKING(if the compiler will pass -z now to the linker) |
297 |
-+ if test $set_enable_espf = yes && test x$gcc_cv_ld_now = xyes; then |
298 |
-+ enable_espf_now=yes |
299 |
-+ AC_DEFINE(ENABLE_ESPF_NOW, 1, |
300 |
-+ [Define if your compiler will pass -z now to the linker.]) |
301 |
-+ else |
302 |
-+ enable_espf_now=no |
303 |
-+ fi |
304 |
-+ AC_MSG_RESULT($enable_espf_now) |
305 |
+fi |
306 |
+ |
307 |
-+# -------------- |
308 |
- # Language hooks |
309 |
- # -------------- |
310 |
+ # Configure the subdirectories |
311 |
+ # AC_CONFIG_SUBDIRS($subdirs) |