| 1 |
commit: 9f286ca40bcefa89d281475687529dfc081856cf |
| 2 |
Author: Magnus Granberg <zorry <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun Apr 8 12:36:28 2012 +0000 |
| 4 |
Commit: Magnus Granberg <zorry <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Apr 8 12:36:28 2012 +0000 |
| 6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-gccpatchset.git;a=commit;h=9f286ca4 |
| 7 |
|
| 8 |
Updated configure.ac patch for upstream |
| 9 |
|
| 10 |
--- |
| 11 |
upstream/configure.ac.patch | 233 +++++++++++++++++++++---------------------- |
| 12 |
1 files changed, 115 insertions(+), 118 deletions(-) |
| 13 |
|
| 14 |
diff --git a/upstream/configure.ac.patch b/upstream/configure.ac.patch |
| 15 |
index b08edcc..86bab05 100644 |
| 16 |
--- a/upstream/configure.ac.patch |
| 17 |
+++ b/upstream/configure.ac.patch |
| 18 |
@@ -1,25 +1,18 @@ |
| 19 |
-2011-06-24 Magnus Granberg <zorry@g.o> |
| 20 |
- |
| 21 |
- * configure Add --enable-espf. Add -fno-stack-protector |
| 22 |
- to stage1_cflags. |
| 23 |
- * gcc/configure.ac Add --enable-espf and checks for it. |
| 24 |
- |
| 25 |
---- a/configure.ac 2011-04-18 23:27:00.000000000 +0200 |
| 26 |
-+++ b/configure.ac 2011-04-27 12:47:11.351473240 +0200 |
| 27 |
-@@ -419,6 +419,25 @@ |
| 28 |
+--- a/configure.ac 2011-11-29 22:36:43.000000000 +0100 |
| 29 |
++++ b/configure.ac 2011-12-07 23:29:26.125712475 +0100 |
| 30 |
+@@ -419,6 +419,24 @@ if test "${ENABLE_LIBADA}" != "yes" ; th |
| 31 |
noconfigdirs="$noconfigdirs gnattools" |
| 32 |
fi |
| 33 |
|
| 34 |
+# Check whether --enable-espf was given and target have the support. |
| 35 |
+AC_ARG_ENABLE([espf], |
| 36 |
+[AS_HELP_STRING([--enable-espf], |
| 37 |
-+ [Enable Stack protector, Position independent executable and |
| 38 |
-+ Fortify_sources as default if we have suppot for it when compiling |
| 39 |
-+ and link with -z relro and -z now as default. |
| 40 |
-+ Linux targets supported x86_64.])], |
| 41 |
++ [Enable Stack protector, Position independent executable as |
| 42 |
++ default if we have suppot for it when compiling. |
| 43 |
++ Linux targets supported i*86, x86_64 and x86_x32.])], |
| 44 |
+[ |
| 45 |
+ case $target in |
| 46 |
-+ i?86*-*-linux* | x86_64*-*-linux* | x86_x32*-*-linux | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*) |
| 47 |
++ i?86*-*-linux* | x86_??*-*-linux*) |
| 48 |
+ enable_espf=yes |
| 49 |
+ ;; |
| 50 |
+ *) |
| 51 |
@@ -32,23 +25,25 @@ |
| 52 |
AC_ARG_ENABLE(libssp, |
| 53 |
[AS_HELP_STRING([--enable-libssp], [build libssp directory])], |
| 54 |
ENABLE_LIBSSP=$enableval, |
| 55 |
-@@ -3152,6 +3171,10 @@ |
| 56 |
- esac ;; |
| 57 |
- esac |
| 58 |
+@@ -3211,6 +3230,11 @@ if test "$GCC" = yes -a "$ENABLE_BUILD_W |
| 59 |
+ CFLAGS="$saved_CFLAGS" |
| 60 |
+ fi |
| 61 |
|
| 62 |
+# Disable -fstack-protector on stage1 |
| 63 |
+if test x$enable_espf = xyes; then |
| 64 |
+ stage1_cflags="$stage1_cflags -fno-stack-protector" |
| 65 |
+fi |
| 66 |
- # This is aimed to mimic bootstrap with a non-GCC compiler to catch problems. |
| 67 |
- if test "$GCC" = yes -a "$ENABLE_BUILD_WITH_CXX" != yes; then |
| 68 |
- saved_CFLAGS="$CFLAGS" |
| 69 |
---- a/gcc/configure.ac 2011-04-13 19:12:53.000000000 +0200 |
| 70 |
-+++ b/gcc/configure.ac 2011-06-24 03:17:07.448179335 +0200 |
| 71 |
-@@ -4515,6 +4515,145 @@ |
| 72 |
- AC_SUBST(MAINT)dnl |
| 73 |
++ |
| 74 |
+ AC_SUBST(stage1_cflags) |
| 75 |
+ |
| 76 |
+ # Enable --enable-checking in stage1 of the compiler. |
| 77 |
+--- a/gcc/configure.ac 2011-11-18 11:52:32.000000000 +0100 |
| 78 |
++++ b/gcc/configure.ac 2012-04-04 16:18:00.269968226 +0200 |
| 79 |
+@@ -5130,6 +5146,148 @@ if test x"${LINKER_HASH_STYLE}" != x; th |
| 80 |
+ [The linker hash style]) |
| 81 |
+ fi |
| 82 |
|
| 83 |
- # -------------- |
| 84 |
++# -------------- |
| 85 |
+# Espf checks |
| 86 |
+# -------------- |
| 87 |
+ |
| 88 |
@@ -56,16 +51,15 @@ |
| 89 |
+AC_ARG_ENABLE([espf], |
| 90 |
+[AS_HELP_STRING([--enable-espf], |
| 91 |
+ [Enable Stack protector, Position independent executable and |
| 92 |
-+ Fortify_sources as default if we have suppot for it when compiling |
| 93 |
-+ and link with -z relro and -z now as default. |
| 94 |
-+ Linux targets supported x86_64])], |
| 95 |
++ Fortify_sources as default if we have suppot for it when compiling. |
| 96 |
++ Linux targets supported i*86, x86_64, and x86_x32.])], |
| 97 |
+ set_enable_espf=$enableval, |
| 98 |
+ set_enable_espf=no) |
| 99 |
+if test $set_enable_espf = yes ; then |
| 100 |
+ AC_MSG_CHECKING(if $target support espf) |
| 101 |
+if test $set_enable_espf = yes ; then |
| 102 |
+ case "$target" in |
| 103 |
-+ ?86-*-linux* | x86_64-*-linux*) |
| 104 |
++ i?86*-*-linux* | x86_??*-*-linux*) |
| 105 |
+ enable_espf=yes |
| 106 |
+ AC_DEFINE(ENABLE_ESPF, 1, |
| 107 |
+ [Define if your target support espf and you have enable it.]) |
| 108 |
@@ -82,112 +76,115 @@ |
| 109 |
+AC_SUBST([enable_espf]) |
| 110 |
+if test $enable_espf = yes ; then |
| 111 |
+ |
| 112 |
-+ AC_CACHE_CHECK(linker -z relro support, |
| 113 |
-+ gcc_cv_ld_relro, |
| 114 |
-+ [gcc_cv_ld_relro=no |
| 115 |
-+ if test $in_tree_ld = yes ; then |
| 116 |
-+ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \ |
| 117 |
-+ && test $in_tree_ld_is_elf = yes; then |
| 118 |
-+ gcc_cv_ld_relro=yes |
| 119 |
-+ fi |
| 120 |
-+ elif test x$gcc_cv_ld != x; then |
| 121 |
-+ # Check if linker supports -z relro options |
| 122 |
-+ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then |
| 123 |
-+ gcc_cv_ld_relro=yes |
| 124 |
-+ fi |
| 125 |
-+ fi |
| 126 |
-+ ]) |
| 127 |
-+ |
| 128 |
-+ AC_CACHE_CHECK(linker -z now support, |
| 129 |
-+ gcc_cv_ld_now, |
| 130 |
-+ [gcc_cv_ld_now=no |
| 131 |
-+ if test $in_tree_ld = yes ; then |
| 132 |
-+ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \ |
| 133 |
-+ && test $in_tree_ld_is_elf = yes; then |
| 134 |
-+ gcc_cv_ld_now=yes |
| 135 |
-+ fi |
| 136 |
-+ elif test x$gcc_cv_ld != x; then |
| 137 |
-+ # Check if linker supports -z now options |
| 138 |
-+ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then |
| 139 |
-+ gcc_cv_ld_now=yes |
| 140 |
-+ fi |
| 141 |
-+ fi |
| 142 |
-+ ]) |
| 143 |
-+ |
| 144 |
+# Check for FORTIFY_SOURCES support in target C library. |
| 145 |
-+AC_CACHE_CHECK(for _FORTIFY_SOURCES support in target C library, |
| 146 |
-+ gcc_cv_libc_provides_fortify, |
| 147 |
-+ [gcc_cv_libc_provides_fortify=no |
| 148 |
++ AC_CACHE_CHECK(for _FORTIFY_SOURCES support in target C library, |
| 149 |
++ gcc_cv_libc_provides_fortify, |
| 150 |
++ [gcc_cv_libc_provides_fortify=no |
| 151 |
+ case "$target" in |
| 152 |
-+ *-*-linux*) |
| 153 |
-+ [# glibc 2.8 and later provides _FORTIFY_SOURCES. |
| 154 |
-+ if test -f $target_header_dir/features.h; then |
| 155 |
-+ if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \ |
| 156 |
-+ $target_header_dir/features.h > /dev/null \ |
| 157 |
-+ && $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]|[8-9])' \ |
| 158 |
++ *-*-linux*) |
| 159 |
++ [# glibc 2.8 and later provides _FORTIFY_SOURCES. |
| 160 |
++ # uClibc 0.9.32 and later provides _FORTIFY_SOURCES. |
| 161 |
++ if test -f $target_header_dir/features.h; then |
| 162 |
++ if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \ |
| 163 |
++ $target_header_dir/features.h > /dev/null \ |
| 164 |
++ && $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]|[8-9])' \ |
| 165 |
++ $target_header_dir/features.h > /dev/null; then |
| 166 |
++ gcc_cv_libc_provides_fortify=yes |
| 167 |
++ elif $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]+1' \ |
| 168 |
+ $target_header_dir/features.h > /dev/null; then |
| 169 |
-+ gcc_cv_libc_provides_fortify=yes |
| 170 |
-+ elif $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]' \ |
| 171 |
-+ $target_header_dir/features.h > /dev/null ; then |
| 172 |
-+ gcc_cv_libc_provides_fortify=no |
| 173 |
-+ fi |
| 174 |
-+ fi] |
| 175 |
-+ ;; |
| 176 |
-+ *) gcc_cv_libc_provides_fortify=no ;; |
| 177 |
++ if test -f $target_header_dir/bits/uClibc_config.h && \ |
| 178 |
++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_SUBLEVEL__[ ]+([3-9][2-9]|[4-9][0-9])' \ |
| 179 |
++ $target_header_dir/bits/uClibc_config.h > /dev/null; then |
| 180 |
++ gcc_cv_libc_provides_fortify=yes |
| 181 |
++ else |
| 182 |
++ gcc_cv_libc_provides_fortify=no |
| 183 |
++ fi |
| 184 |
++ fi |
| 185 |
++ fi] |
| 186 |
++ ;; |
| 187 |
++ *) gcc_cv_libc_provides_fortify=no ;; |
| 188 |
+ esac]) |
| 189 |
+ |
| 190 |
-+ AC_MSG_CHECKING(if the compiler default to use -fPIE and link with -pie) |
| 191 |
-+ if test $set_enable_espf = yes && test x"$gcc_cv_ld_pie" = xyes; then |
| 192 |
-+ enable_espf_pie=yes |
| 193 |
++ AC_MSG_CHECKING(if we can default to use -fPIE and link with -pie) |
| 194 |
++ if test x$gcc_cv_ld_pie = xyes; then |
| 195 |
++ saved_LDFLAGS="$LDFLAGS" |
| 196 |
++ saved_CFLAGS="$CFLAGS" |
| 197 |
++ CFLAGS="$CFLAGS -fPIE -Werror" |
| 198 |
++ LDFLAGS="$LDFLAGS -fPIE -pie" |
| 199 |
++ AC_TRY_LINK(,, |
| 200 |
++ [AC_MSG_RESULT([yes]); enable_espf_pie=yes], |
| 201 |
++ [AC_MSG_RESULT([no]); enable_espf_pie=no]) |
| 202 |
++ LDFLAGS="$saved_LDFLAGS" |
| 203 |
++ CFLAGS="$saved_CFLAGS" |
| 204 |
++ else |
| 205 |
++ AC_MSG_RESULT([no]) |
| 206 |
++ enable_espf_pie=no |
| 207 |
++ fi |
| 208 |
++ |
| 209 |
++ if test $enable_espf_pie = yes ; then |
| 210 |
+ AC_DEFINE(ENABLE_ESPF_PIE, 1, |
| 211 |
+ [Define if your compiler will default to use -fPIE and link with -pie.]) |
| 212 |
++ fi |
| 213 |
++ |
| 214 |
++ AC_MSG_CHECKING(if we can default to use -fstack-protector) |
| 215 |
++ ssp_link_test=no |
| 216 |
++ if test x$gcc_cv_libc_provides_ssp = xyes && test x$set_have_as_tls = yes; then |
| 217 |
++ if $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]+1' \ |
| 218 |
++ $target_header_dir/features.h > /dev/null; then |
| 219 |
++ if test -f $target_header_dir/bits/uClibc_config.h && \ |
| 220 |
++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_SUBLEVEL__[ ]+([3-9][2-9]|[4-9][0-9])' \ |
| 221 |
++ $target_header_dir/bits/uClibc_config.h > /dev/null && \ |
| 222 |
++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_HAS_TLS__[ ]+1' \ |
| 223 |
++ $target_header_dir/bits/uClibc_config.h > /dev/null; then |
| 224 |
++ ssp_link_test=yes |
| 225 |
++ fi |
| 226 |
++ else |
| 227 |
++ ssp_link_test=yes |
| 228 |
++ fi |
| 229 |
++ fi |
| 230 |
++ if test x$ssp_link_test=xyes ; then |
| 231 |
++ saved_CFLAGS="$CFLAGS" |
| 232 |
++ CFLAGS="$CFLAGS -O2 -fstack-protector -Werror" |
| 233 |
++ AC_TRY_LINK(,, |
| 234 |
++ [AC_MSG_RESULT([yes]); enable_espf_ssp=yes], |
| 235 |
++ [AC_MSG_RESULT([no]); enable_espf_ssp=no]) |
| 236 |
++ CFLAGS="$saved_CFLAGS" |
| 237 |
+ else |
| 238 |
-+ enable_espf_pie=no |
| 239 |
++ AC_MSG_RESULT([no]) |
| 240 |
++ enable_espf_ssp=no |
| 241 |
+ fi |
| 242 |
-+ AC_MSG_RESULT($enable_espf_pie) |
| 243 |
-+AC_MSG_CHECKING(if the compiler default to use -fstack-protector) |
| 244 |
-+ if test $set_enable_espf = yes && test x$gcc_cv_libc_provides_ssp = xyes \ |
| 245 |
-+ && test $set_have_as_tls = yes ; then |
| 246 |
-+ enable_espf_ssp=yes |
| 247 |
++ if test $enable_espf_ssp = yes ; then |
| 248 |
+ AC_DEFINE(ENABLE_ESPF_SSP, 1, |
| 249 |
+ [Define if your compiler will default to use -fstack-protector.]) |
| 250 |
-+ else |
| 251 |
-+ enable_espf_ssp=no |
| 252 |
+ fi |
| 253 |
-+ AC_MSG_RESULT($enable_espf_ssp) |
| 254 |
+ |
| 255 |
-+AC_MSG_CHECKING(if the compiler default to use -D_FORTIFY_SOURCES=2) |
| 256 |
-+ if test $set_enable_espf = yes && test x$gcc_cv_libc_provides_fortify = xyes; then |
| 257 |
-+ enable_espf_fortify=yes |
| 258 |
++ AC_MSG_CHECKING(if we can default to use -D_FORTIFY_SOURCES=2) |
| 259 |
++ if test x$gcc_cv_libc_provides_fortify = xyes; then |
| 260 |
++ saved_CFLAGS="$CFLAGS" |
| 261 |
++ saved_CPPFLAGS="$CPPFLAGS" |
| 262 |
++ CFLAGS="$CFLAGS -O2 -Werror" |
| 263 |
++ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCES=2" |
| 264 |
++ AC_TRY_LINK([ |
| 265 |
++ #include <sys/types.h> |
| 266 |
++ #include <sys/stat.h> |
| 267 |
++ #include <fcntl.h> |
| 268 |
++ ],[ |
| 269 |
++ open ("/tmp/foo", O_WRONLY | O_CREAT); |
| 270 |
++ ], |
| 271 |
++ [AC_MSG_RESULT([no]); enable_espf_fortify=no], |
| 272 |
++ [AC_MSG_RESULT([yes]); enable_espf_fortify=yes]) |
| 273 |
++ CFLAGS="$saved_CFLAGS" |
| 274 |
++ CPPFLAGS="$saved_CPPFLAGS" |
| 275 |
++ else |
| 276 |
++ [AC_MSG_RESULT([no]); enable_espf_fortify=no] |
| 277 |
++ fi |
| 278 |
++ if test x$enable_espf_fortify = xyes ; then |
| 279 |
+ AC_DEFINE(ENABLE_ESPF_FORTIFY, 1, |
| 280 |
+ [Define if your compiler will default to use -D_FORTIFY_SOURCES=2.]) |
| 281 |
-+ else |
| 282 |
-+ enable_espf_fortify=no |
| 283 |
+ fi |
| 284 |
-+ AC_MSG_RESULT($enable_espf_fortify) |
| 285 |
+ |
| 286 |
-+ AC_MSG_CHECKING(if the compiler will pass -z relro to the linker) |
| 287 |
-+ if test $set_enable_espf = yes && test x$gcc_cv_ld_relro = xyes; then |
| 288 |
-+ enable_espf_relro=yes |
| 289 |
-+ AC_DEFINE(ENABLE_ESPF_RELRO, 1, |
| 290 |
-+ [Define if your compiler will pass -z relro to the linker.]) |
| 291 |
-+ else |
| 292 |
-+ enable_espf_relro=no |
| 293 |
-+ fi |
| 294 |
-+ AC_MSG_RESULT($enable_espf_relro) |
| 295 |
-+ |
| 296 |
-+ AC_MSG_CHECKING(if the compiler will pass -z now to the linker) |
| 297 |
-+ if test $set_enable_espf = yes && test x$gcc_cv_ld_now = xyes; then |
| 298 |
-+ enable_espf_now=yes |
| 299 |
-+ AC_DEFINE(ENABLE_ESPF_NOW, 1, |
| 300 |
-+ [Define if your compiler will pass -z now to the linker.]) |
| 301 |
-+ else |
| 302 |
-+ enable_espf_now=no |
| 303 |
-+ fi |
| 304 |
-+ AC_MSG_RESULT($enable_espf_now) |
| 305 |
+fi |
| 306 |
+ |
| 307 |
-+# -------------- |
| 308 |
- # Language hooks |
| 309 |
- # -------------- |
| 310 |
+ # Configure the subdirectories |
| 311 |
+ # AC_CONFIG_SUBDIRS($subdirs) |
Archives