1 |
zorry 18/05/02 22:52:30 |
2 |
|
3 |
Modified: 13_all_default-ssp-fix.patch README.history |
4 |
Added: 35_all_i386_libgcc_note.GNU-stack.patch |
5 |
55_all_extra-options.patch |
6 |
Log: |
7 |
Add more patches for gcc 8.1.0 patchset 1.1 |
8 |
|
9 |
Revision Changes Path |
10 |
1.2 src/patchsets/gcc/8.1.0/gentoo/13_all_default-ssp-fix.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/13_all_default-ssp-fix.patch?rev=1.2&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/13_all_default-ssp-fix.patch?rev=1.2&content-type=text/plain |
14 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/13_all_default-ssp-fix.patch?r1=1.1&r2=1.2 |
15 |
|
16 |
Index: 13_all_default-ssp-fix.patch |
17 |
=================================================================== |
18 |
RCS file: /var/cvsroot/gentoo/src/patchsets/gcc/8.1.0/gentoo/13_all_default-ssp-fix.patch,v |
19 |
retrieving revision 1.1 |
20 |
retrieving revision 1.2 |
21 |
diff -u -r1.1 -r1.2 |
22 |
--- 13_all_default-ssp-fix.patch 2 May 2018 22:17:17 -0000 1.1 |
23 |
+++ 13_all_default-ssp-fix.patch 2 May 2018 22:52:30 -0000 1.2 |
24 |
@@ -1,48 +1,32 @@ |
25 |
-We disable ssp on -nostdlib and -ffreestanding as we did on older gcc |
26 |
-and change the buffer size. |
27 |
+Disable ssp on -nostdlib, -nodefaultlibs and -ffreestanding |
28 |
+Change the buffer size. |
29 |
|
30 |
---- a/gcc/c-family/c-opts.c |
31 |
-+++ b/gcc/c-family/c-opts.c |
32 |
-@@ -450,7 +450,14 @@ |
33 |
+--- a/gcc/gcc.c 2017-07-04 09:15:57.740793000 +0200 |
34 |
++++ b/gcc/gcc.c 2018-03-02 13:58:44.387741114 +0100 |
35 |
+@@ -857,6 +857,12 @@ proper position among the other output f |
36 |
+ #define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G" |
37 |
+ #endif |
38 |
|
39 |
- case OPT_ffreestanding: |
40 |
- value = !value; |
41 |
-+ if (global_options.x_flag_stack_protect == -1) |
42 |
-+ global_options.x_flag_stack_protect = 0; |
43 |
- /* Fall through. */ |
44 |
++#ifdef ENABLE_DEFAULT_SSP |
45 |
++#define NO_SSP_SPEC "%{nostdlib|nodefaultlibs|ffreestanding:-fno-stack-protector} " |
46 |
++#else |
47 |
++#define NO_SSP_SPEC "" |
48 |
++#endif |
49 |
+ |
50 |
-+ case OPT_nostdlib: |
51 |
-+ if (global_options.x_flag_stack_protect == -1) |
52 |
-+ global_options.x_flag_stack_protect = 0; |
53 |
-+ |
54 |
- case OPT_fhosted: |
55 |
- flag_hosted = value; |
56 |
- flag_no_builtin = !value; |
57 |
---- a/gcc/c-family/c.opt |
58 |
-+++ b/gcc/c-family/c.opt |
59 |
-@@ -1647,6 +1647,10 @@ nostdinc++ |
60 |
- C++ ObjC++ |
61 |
- Do not search standard system include directories for C++. |
62 |
- |
63 |
-+nostdlib |
64 |
-+C ObjC C++ ObjC++ |
65 |
-+; Documented in common.opt |
66 |
-+ |
67 |
- o |
68 |
- C ObjC C++ ObjC++ Joined Separate |
69 |
- ; Documented in common.opt |
70 |
---- a/gcc/gcc.c |
71 |
-+++ b/gcc/gcc.c |
72 |
-@@ -1145,6 +1145,7 @@ |
73 |
+ #ifndef LINK_SSP_SPEC |
74 |
+ #ifdef TARGET_LIBC_PROVIDES_SSP |
75 |
+ #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \ |
76 |
+@@ -1131,7 +1148,7 @@ static const char *cc1_options = |
77 |
+ %{-version:--version}\ |
78 |
%{-help=*:--help=%*}\ |
79 |
%{!fsyntax-only:%{S:%W{o*}%{!o*:-o %b.s}}}\ |
80 |
- %{fsyntax-only:-o %j} %{-param*}\ |
81 |
-+ %{nostdlib:-nostdlib}\ |
82 |
+- %{fsyntax-only:-o %j} %{-param*}\ |
83 |
++ %{fsyntax-only:-o %j} %{-param*} " NO_SSP_SPEC "\ |
84 |
%{coverage:-fprofile-arcs -ftest-coverage}\ |
85 |
%{fprofile-arcs|fprofile-generate*|coverage:\ |
86 |
- %{!fprofile-update=single:\ |
87 |
---- a/gcc/params.def |
88 |
-+++ b/gcc/params.def |
89 |
+ %{!fprofile-update=singel:\ |
90 |
+--- a/gcc/params.def 2016-03-30 09:47:40.000000000 +0200 |
91 |
++++ b/gcc/params.def 2016-09-19 12:56:58.443179039 +0200 |
92 |
@@ -673,7 +673,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT, |
93 |
DEFPARAM (PARAM_SSP_BUFFER_SIZE, |
94 |
"ssp-buffer-size", |
95 |
|
96 |
|
97 |
|
98 |
1.2 src/patchsets/gcc/8.1.0/gentoo/README.history |
99 |
|
100 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/README.history?rev=1.2&view=markup |
101 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/README.history?rev=1.2&content-type=text/plain |
102 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/README.history?r1=1.1&r2=1.2 |
103 |
|
104 |
Index: README.history |
105 |
=================================================================== |
106 |
RCS file: /var/cvsroot/gentoo/src/patchsets/gcc/8.1.0/gentoo/README.history,v |
107 |
retrieving revision 1.1 |
108 |
retrieving revision 1.2 |
109 |
diff -u -r1.1 -r1.2 |
110 |
--- README.history 2 May 2018 22:17:17 -0000 1.1 |
111 |
+++ README.history 2 May 2018 22:52:30 -0000 1.2 |
112 |
@@ -1,4 +1,8 @@ |
113 |
-1.0 05 May 2018 |
114 |
+1.1 03 May 2018 |
115 |
+ U 13_all_default-ssp-fix.patch |
116 |
+ + 35_all_i386_libgcc_note.GNU-stack.patch |
117 |
+ + 55_all_extra-options.patch |
118 |
+1.0 03 May 2018 |
119 |
+ 92_all_sh-drop-sysroot-suffix.patch |
120 |
+ 10_all_default-fortify-source.patch |
121 |
+ 11_all_default-warn-format-security.patch |
122 |
|
123 |
|
124 |
|
125 |
1.1 src/patchsets/gcc/8.1.0/gentoo/35_all_i386_libgcc_note.GNU-stack.patch |
126 |
|
127 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/35_all_i386_libgcc_note.GNU-stack.patch?rev=1.1&view=markup |
128 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/35_all_i386_libgcc_note.GNU-stack.patch?rev=1.1&content-type=text/plain |
129 |
|
130 |
Index: 35_all_i386_libgcc_note.GNU-stack.patch |
131 |
=================================================================== |
132 |
--- a/libgcc/config/i386/resms64.h 2018-01-03 11:03:58.000000000 +0100 |
133 |
+++ b/libgcc/config/i386/resms64.h 2018-05-01 12:59:48.942833419 +0200 |
134 |
@@ -57,3 +57,6 @@ MS2SYSV_STUB_END(resms64_17) |
135 |
MS2SYSV_STUB_END(resms64_18) |
136 |
|
137 |
#endif /* __x86_64__ */ |
138 |
+#if defined(__linux__) && defined(__ELF__) |
139 |
+.section .note.GNU-stack,"",%progbits |
140 |
+#endif |
141 |
--- a/libgcc/config/i386/resms64f.h 2018-01-03 11:03:58.000000000 +0100 |
142 |
+++ b/libgcc/config/i386/resms64f.h 2018-05-01 13:00:23.422832853 +0200 |
143 |
@@ -55,3 +55,6 @@ MS2SYSV_STUB_END(resms64f_16) |
144 |
MS2SYSV_STUB_END(resms64f_17) |
145 |
|
146 |
#endif /* __x86_64__ */ |
147 |
+#if defined(__linux__) && defined(__ELF__) |
148 |
+.section .note.GNU-stack,"",%progbits |
149 |
+#endif |
150 |
--- a/libgcc/config/i386/resms64fx.h 2018-02-26 20:46:34.000000000 +0100 |
151 |
+++ b/libgcc/config/i386/resms64fx.h 2018-05-01 13:06:49.682826518 +0200 |
152 |
@@ -62,3 +62,6 @@ MS2SYSV_STUB_END(resms64fx_16) |
153 |
MS2SYSV_STUB_END(resms64fx_17) |
154 |
|
155 |
#endif /* __x86_64__ */ |
156 |
+#if defined(__linux__) && defined(__ELF__) |
157 |
+.section .note.GNU-stack,"",%progbits |
158 |
+#endif |
159 |
--- a/libgcc/config/i386/resms64x.h 2018-02-26 20:46:34.000000000 +0100 |
160 |
+++ b/libgcc/config/i386/resms64x.h 2018-05-01 13:07:21.702825993 +0200 |
161 |
@@ -63,3 +63,6 @@ MS2SYSV_STUB_END(resms64x_17) |
162 |
MS2SYSV_STUB_END(resms64x_18) |
163 |
|
164 |
#endif /* __x86_64__ */ |
165 |
+#if defined(__linux__) && defined(__ELF__) |
166 |
+.section .note.GNU-stack,"",%progbits |
167 |
+#endif |
168 |
--- a/libgcc/config/i386/savms64.h 2018-01-03 11:03:58.000000000 +0100 |
169 |
+++ b/libgcc/config/i386/savms64.h 2018-05-01 13:07:48.952825546 +0200 |
170 |
@@ -57,3 +57,6 @@ MS2SYSV_STUB_END(savms64_17) |
171 |
MS2SYSV_STUB_END(savms64_18) |
172 |
|
173 |
#endif /* __x86_64__ */ |
174 |
+#if defined(__linux__) && defined(__ELF__) |
175 |
+.section .note.GNU-stack,"",%progbits |
176 |
+#endif |
177 |
--- a/libgcc/config/i386/savms64f.h 2018-01-03 11:03:58.000000000 +0100 |
178 |
+++ b/libgcc/config/i386/savms64f.h 2018-05-01 13:08:30.082824871 +0200 |
179 |
@@ -55,3 +55,6 @@ MS2SYSV_STUB_END(savms64f_16) |
180 |
MS2SYSV_STUB_END(savms64f_17) |
181 |
|
182 |
#endif /* __x86_64__ */ |
183 |
+#if defined(__linux__) && defined(__ELF__) |
184 |
+.section .note.GNU-stack,"",%progbits |
185 |
+#endif |
186 |
|
187 |
|
188 |
|
189 |
1.1 src/patchsets/gcc/8.1.0/gentoo/55_all_extra-options.patch |
190 |
|
191 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/55_all_extra-options.patch?rev=1.1&view=markup |
192 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/55_all_extra-options.patch?rev=1.1&content-type=text/plain |
193 |
|
194 |
Index: 55_all_extra-options.patch |
195 |
=================================================================== |
196 |
On Hardened we add some options like -fstack-clash-protection and -z now |
197 |
|
198 |
--- a/gcc/common.opt 2018-03-28 16:51:09.000000000 +0200 |
199 |
+++ a/gcc/common.opt 2018-04-30 15:35:55.274096877 +0200 |
200 |
@@ -2367,7 +2367,7 @@ Common Alias(fstack-check=, specific, no |
201 |
Insert stack checking code into the program. Same as -fstack-check=specific. |
202 |
|
203 |
fstack-clash-protection |
204 |
-Common Report Var(flag_stack_clash_protection) Optimization |
205 |
+Common Report Var(flag_stack_clash_protection) Optimization Init(-1) |
206 |
Insert code to probe each page of stack space as it is allocated to protect |
207 |
from stack-clash style attacks. |
208 |
|
209 |
--- a/gcc/defaults.h 2018-01-03 11:03:58.000000000 +0100 |
210 |
+++ b/gcc/defaults.h 2018-05-01 12:41:29.522851451 +0200 |
211 |
@@ -1435,6 +1435,15 @@ see the files COPYING3 and COPYING.RUNTI |
212 |
#define STACK_CHECK_MAX_VAR_SIZE (STACK_CHECK_MAX_FRAME_SIZE / 100) |
213 |
#endif |
214 |
|
215 |
+/* Default value for flag_clash_protector when flag_clash_protector is |
216 |
+ initialized to -1. */ |
217 |
+#ifdef ENABLE_ESP |
218 |
+#define DEFAULT_FLAG_SCP 1 |
219 |
+#endif |
220 |
+#ifndef DEFAULT_FLAG_SCP |
221 |
+#define DEFAULT_FLAG_SCP 0 |
222 |
+#endif |
223 |
+ |
224 |
/* By default, the C++ compiler will use function addresses in the |
225 |
vtable entries. Setting this nonzero tells the compiler to use |
226 |
function descriptors instead. The value of this macro says how |
227 |
--- a/gcc/toplev.c 2018-02-13 17:18:37.000000000 +0100 |
228 |
+++ b/toplev.c 2018-04-30 16:46:37.244027303 +0200 |
229 |
@@ -1682,6 +1682,10 @@ process_options (void) |
230 |
|
231 |
/* -fstack-clash-protection is not currently supported on targets |
232 |
where the stack grows up. */ |
233 |
+ if (flag_stack_clash_protection == -1) |
234 |
+ { |
235 |
+ flag_stack_clash_protection = DEFAULT_FLAG_SCP; |
236 |
+ } |
237 |
if (flag_stack_clash_protection && !STACK_GROWS_DOWNWARD) |
238 |
{ |
239 |
warning_at (UNKNOWN_LOCATION, 0, |
240 |
|
241 |
--- a/libgcc/Makefile.in 2011-11-22 04:01:02.000000000 +0100 |
242 |
+++ b/libgcc/Makefile.in 2011-12-25 15:18:22.449610631 +0100 |
243 |
@@ -225,7 +225,7 @@ endif |
244 |
LIBGCC2_DEBUG_CFLAGS = -g |
245 |
LIBGCC2_CFLAGS = -O2 $(LIBGCC2_INCLUDES) $(GCC_CFLAGS) $(HOST_LIBGCC2_CFLAGS) \ |
246 |
$(LIBGCC2_DEBUG_CFLAGS) -DIN_LIBGCC2 \ |
247 |
- -fbuilding-libgcc -fno-stack-protector \ |
248 |
+ -fbuilding-libgcc -fno-stack-protector -fno-stack-clash-protection \ |
249 |
$(INHIBIT_LIBC_CFLAGS) |
250 |
|
251 |
# Additional options to use when compiling libgcc2.a. |
252 |
@@ -279,7 +290,7 @@ INTERNAL_CFLAGS = $(CFLAGS) $(LIBGCC2_CF |
253 |
-finhibit-size-directive -fno-inline -fno-exceptions \ |
254 |
-fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \ |
255 |
-fbuilding-libgcc -fno-stack-protector $(FORCE_EXPLICIT_EH_REGISTRY) \ |
256 |
- $(INHIBIT_LIBC_CFLAGS) |
257 |
+ -fno-stack-clash-protection $(INHIBIT_LIBC_CFLAGS) |
258 |
|
259 |
# Extra flags to use when compiling crt{begin,end}.o. |
260 |
CRTSTUFF_T_CFLAGS = |
261 |
--- a/gcc/gcc.c 2016-02-19 23:18:38.000000000 +0100 |
262 |
+++ b/gcc/gcc.c 2016-05-02 22:56:10.185721270 +0200 |
263 |
@@ -868,6 +868,12 @@ proper position among the other output f |
264 |
#endif |
265 |
#endif |
266 |
|
267 |
+#ifdef EXTRA_OPTIONS |
268 |
+#define LINK_NOW_SPEC "%{!nonow:-z now} " |
269 |
+#else |
270 |
+#define LINK_NOW_SPEC "" |
271 |
+#endif |
272 |
+ |
273 |
#ifdef ENABLE_DEFAULT_PIE |
274 |
#define NO_PIE_SPEC "no-pie|static" |
275 |
#define PIE_SPEC NO_PIE_SPEC "|r|shared:;" |
276 |
@@ -1013,7 +1020,7 @@ proper position among the other output f |
277 |
%(linker) " \ |
278 |
LINK_PLUGIN_SPEC \ |
279 |
"%{flto|flto=*:%<fcompare-debug*} \ |
280 |
- %{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC \ |
281 |
+ %{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC LINK_NOW_SPEC \ |
282 |
"%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \ |
283 |
"%X %{o*} %{e*} %{N} %{n} %{r}\ |
284 |
%{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}} \ |