From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SGrMX-0000Hu-Mk for garchives@archives.gentoo.org; Sun, 08 Apr 2012 12:36:57 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BD8D9E0824; Sun, 8 Apr 2012 12:36:50 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 76681E0824 for ; Sun, 8 Apr 2012 12:36:50 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 853261B40A0 for ; Sun, 8 Apr 2012 12:36:49 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 45ADFE5402 for ; Sun, 8 Apr 2012 12:36:48 +0000 (UTC) From: "Magnus Granberg" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Magnus Granberg" Message-ID: <1333888588.9f286ca40bcefa89d281475687529dfc081856cf.zorry@gentoo> Subject: [gentoo-commits] proj/hardened-gccpatchset:master commit in: upstream/ X-VCS-Repository: proj/hardened-gccpatchset X-VCS-Files: upstream/configure.ac.patch X-VCS-Directories: upstream/ X-VCS-Committer: zorry X-VCS-Committer-Name: Magnus Granberg X-VCS-Revision: 9f286ca40bcefa89d281475687529dfc081856cf X-VCS-Branch: master Date: Sun, 8 Apr 2012 12:36:48 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: f1ede0c2-2204-4a1d-b17e-641e272f175a X-Archives-Hash: b20ccafd4fe22886341798baf62520ab commit: 9f286ca40bcefa89d281475687529dfc081856cf Author: Magnus Granberg gentoo org> AuthorDate: Sun Apr 8 12:36:28 2012 +0000 Commit: Magnus Granberg gentoo org> CommitDate: Sun Apr 8 12:36:28 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-gccp= atchset.git;a=3Dcommit;h=3D9f286ca4 Updated configure.ac patch for upstream --- upstream/configure.ac.patch | 233 +++++++++++++++++++++----------------= ------ 1 files changed, 115 insertions(+), 118 deletions(-) diff --git a/upstream/configure.ac.patch b/upstream/configure.ac.patch index b08edcc..86bab05 100644 --- a/upstream/configure.ac.patch +++ b/upstream/configure.ac.patch @@ -1,25 +1,18 @@ -2011-06-24 Magnus Granberg - - * configure Add --enable-espf. Add -fno-stack-protector - to stage1_cflags. - * gcc/configure.ac Add --enable-espf and checks for it. - ---- a/configure.ac 2011-04-18 23:27:00.000000000 +0200 -+++ b/configure.ac 2011-04-27 12:47:11.351473240 +0200 -@@ -419,6 +419,25 @@ +--- a/configure.ac 2011-11-29 22:36:43.000000000 +0100 ++++ b/configure.ac 2011-12-07 23:29:26.125712475 +0100 +@@ -419,6 +419,24 @@ if test "${ENABLE_LIBADA}" !=3D "yes" ; th noconfigdirs=3D"$noconfigdirs gnattools" fi =20 +# Check whether --enable-espf was given and target have the support. +AC_ARG_ENABLE([espf], +[AS_HELP_STRING([--enable-espf], -+ [Enable Stack protector, Position independent executable and -+ Fortify_sources as default if we have suppot for it when compiling -+ and link with -z relro and -z now as default. -+ Linux targets supported x86_64.])], ++ [Enable Stack protector, Position independent executable as=20 ++ default if we have suppot for it when compiling. ++ Linux targets supported i*86, x86_64 and x86_x32.])], +[ + case $target in -+ i?86*-*-linux* | x86_64*-*-linux* | x86_x32*-*-linux | powerpc-*-li= nux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*) ++ i?86*-*-linux* | x86_??*-*-linux*) + enable_espf=3Dyes + ;; + *) @@ -32,23 +25,25 @@ AC_ARG_ENABLE(libssp, [AS_HELP_STRING([--enable-libssp], [build libssp directory])], ENABLE_LIBSSP=3D$enableval, -@@ -3152,6 +3171,10 @@ - esac ;; - esac +@@ -3211,6 +3230,11 @@ if test "$GCC" =3D yes -a "$ENABLE_BUILD_W + CFLAGS=3D"$saved_CFLAGS" + fi =20 +# Disable -fstack-protector on stage1 +if test x$enable_espf =3D xyes; then + stage1_cflags=3D"$stage1_cflags -fno-stack-protector" +fi - # This is aimed to mimic bootstrap with a non-GCC compiler to catch pro= blems. - if test "$GCC" =3D yes -a "$ENABLE_BUILD_WITH_CXX" !=3D yes; then - saved_CFLAGS=3D"$CFLAGS" ---- a/gcc/configure.ac 2011-04-13 19:12:53.000000000 +0200 -+++ b/gcc/configure.ac 2011-06-24 03:17:07.448179335 +0200 -@@ -4515,6 +4515,145 @@ - AC_SUBST(MAINT)dnl ++ + AC_SUBST(stage1_cflags) +=20 + # Enable --enable-checking in stage1 of the compiler. +--- a/gcc/configure.ac 2011-11-18 11:52:32.000000000 +0100 ++++ b/gcc/configure.ac 2012-04-04 16:18:00.269968226 +0200 +@@ -5130,6 +5146,148 @@ if test x"${LINKER_HASH_STYLE}" !=3D x; th + [The linker hash style]) + fi =20 - # -------------- ++# -------------- +# Espf checks +# -------------- + @@ -56,16 +51,15 @@ +AC_ARG_ENABLE([espf], +[AS_HELP_STRING([--enable-espf], + [Enable Stack protector, Position independent executable and -+ Fortify_sources as default if we have suppot for it when compiling -+ and link with -z relro and -z now as default. -+ Linux targets supported x86_64])], ++ Fortify_sources as default if we have suppot for it when compiling. ++ Linux targets supported i*86, x86_64, and x86_x32.])], + set_enable_espf=3D$enableval, + set_enable_espf=3Dno) +if test $set_enable_espf =3D yes ; then + AC_MSG_CHECKING(if $target support espf) +if test $set_enable_espf =3D yes ; then + case "$target" in -+ ?86-*-linux* | x86_64-*-linux*) ++ i?86*-*-linux* | x86_??*-*-linux*) + enable_espf=3Dyes + AC_DEFINE(ENABLE_ESPF, 1, + [Define if your target support espf and you have enable it.]) @@ -82,112 +76,115 @@ +AC_SUBST([enable_espf]) +if test $enable_espf =3D yes ; then + -+ AC_CACHE_CHECK(linker -z relro support, -+ gcc_cv_ld_relro, -+ [gcc_cv_ld_relro=3Dno -+ if test $in_tree_ld =3D yes ; then -+ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_ver= sion" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \ -+ && test $in_tree_ld_is_elf =3D yes; then -+ gcc_cv_ld_relro=3Dyes -+ fi -+ elif test x$gcc_cv_ld !=3D x; then -+ # Check if linker supports -z relro options -+ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then -+ gcc_cv_ld_relro=3Dyes -+ fi -+ fi -+ ]) -+ -+ AC_CACHE_CHECK(linker -z now support, -+ gcc_cv_ld_now, -+ [gcc_cv_ld_now=3Dno -+ if test $in_tree_ld =3D yes ; then -+ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_ver= sion" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \ -+ && test $in_tree_ld_is_elf =3D yes; then -+ gcc_cv_ld_now=3Dyes -+ fi -+ elif test x$gcc_cv_ld !=3D x; then -+ # Check if linker supports -z now options -+ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then -+ gcc_cv_ld_now=3Dyes -+ fi -+ fi -+ ]) -+ +# Check for FORTIFY_SOURCES support in target C library. -+AC_CACHE_CHECK(for _FORTIFY_SOURCES support in target C library, -+ gcc_cv_libc_provides_fortify, -+ [gcc_cv_libc_provides_fortify=3Dno ++ AC_CACHE_CHECK(for _FORTIFY_SOURCES support in target C library, ++ gcc_cv_libc_provides_fortify,=20 ++ [gcc_cv_libc_provides_fortify=3Dno + case "$target" in -+ *-*-linux*) -+ [# glibc 2.8 and later provides _FORTIFY_SOURCES. -+ if test -f $target_header_dir/features.h; then -+ if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \ -+ $target_header_dir/features.h > /dev/null \ -+ && $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]= |[8-9])' \ ++ *-*-linux*) ++ [# glibc 2.8 and later provides _FORTIFY_SOURCES. ++ # uClibc 0.9.32 and later provides _FORTIFY_SOURCES. ++ if test -f $target_header_dir/features.h; then ++ if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \ ++ $target_header_dir/features.h > /dev/null \ ++ && $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]|= [8-9])' \ ++ $target_header_dir/features.h > /dev/null; then ++ gcc_cv_libc_provides_fortify=3Dyes ++ elif $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]+1' \ + $target_header_dir/features.h > /dev/null; then -+ gcc_cv_libc_provides_fortify=3Dyes -+ elif $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]' \ -+ $target_header_dir/features.h > /dev/null ; then -+ gcc_cv_libc_provides_fortify=3Dno -+ fi -+ fi] -+ ;; -+ *) gcc_cv_libc_provides_fortify=3Dno ;; ++ if test -f $target_header_dir/bits/uClibc_config.h && \ ++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_SUBLEVEL__[ ]+([3-9][2= -9]|[4-9][0-9])' \ ++ $target_header_dir/bits/uClibc_config.h > /dev/null; then ++ gcc_cv_libc_provides_fortify=3Dyes ++ else ++ gcc_cv_libc_provides_fortify=3Dno ++ fi ++ fi ++ fi] ++ ;; ++ *) gcc_cv_libc_provides_fortify=3Dno ;; + esac]) + -+ AC_MSG_CHECKING(if the compiler default to use -fPIE and link with -p= ie) -+ if test $set_enable_espf =3D yes && test x"$gcc_cv_ld_pie" =3D xyes; = then -+ enable_espf_pie=3Dyes ++ AC_MSG_CHECKING(if we can default to use -fPIE and link with -pie) ++ if test x$gcc_cv_ld_pie =3D xyes; then ++ saved_LDFLAGS=3D"$LDFLAGS" ++ saved_CFLAGS=3D"$CFLAGS" ++ CFLAGS=3D"$CFLAGS -fPIE -Werror" ++ LDFLAGS=3D"$LDFLAGS -fPIE -pie" ++ AC_TRY_LINK(,, ++ [AC_MSG_RESULT([yes]); enable_espf_pie=3Dyes], ++ [AC_MSG_RESULT([no]); enable_espf_pie=3Dno]) ++ LDFLAGS=3D"$saved_LDFLAGS" ++ CFLAGS=3D"$saved_CFLAGS" ++ else ++ AC_MSG_RESULT([no]) ++ enable_espf_pie=3Dno ++ fi ++ ++ if test $enable_espf_pie =3D yes ; then + AC_DEFINE(ENABLE_ESPF_PIE, 1, + [Define if your compiler will default to use -fPIE and link with = -pie.]) ++ fi ++ ++ AC_MSG_CHECKING(if we can default to use -fstack-protector) ++ ssp_link_test=3Dno ++ if test x$gcc_cv_libc_provides_ssp =3D xyes && test x$set_have_as_tls= =3D yes; then ++ if $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]+1' \ ++ $target_header_dir/features.h > /dev/null; then ++ if test -f $target_header_dir/bits/uClibc_config.h && \ ++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_SUBLEVEL__[ ]+([3-9][2-9]|[4= -9][0-9])' \ ++ $target_header_dir/bits/uClibc_config.h > /dev/null && \ ++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_HAS_TLS__[ ]+1' \ ++ $target_header_dir/bits/uClibc_config.h > /dev/null; then ++ ssp_link_test=3Dyes ++ fi ++ else ++ ssp_link_test=3Dyes ++ fi ++ fi ++ if test x$ssp_link_test=3Dxyes ; then ++ saved_CFLAGS=3D"$CFLAGS" ++ CFLAGS=3D"$CFLAGS -O2 -fstack-protector -Werror" ++ AC_TRY_LINK(,, ++ [AC_MSG_RESULT([yes]); enable_espf_ssp=3Dyes], ++ [AC_MSG_RESULT([no]); enable_espf_ssp=3Dno]) ++ CFLAGS=3D"$saved_CFLAGS" + else -+ enable_espf_pie=3Dno ++ AC_MSG_RESULT([no]) ++ enable_espf_ssp=3Dno + fi -+ AC_MSG_RESULT($enable_espf_pie) -+AC_MSG_CHECKING(if the compiler default to use -fstack-protector) -+ if test $set_enable_espf =3D yes && test x$gcc_cv_libc_provides_ssp =3D= xyes \ -+ && test $set_have_as_tls =3D yes ; then -+ enable_espf_ssp=3Dyes ++ if test $enable_espf_ssp =3D yes ; then + AC_DEFINE(ENABLE_ESPF_SSP, 1, + [Define if your compiler will default to use -fstack-protector.]) -+ else -+ enable_espf_ssp=3Dno + fi -+ AC_MSG_RESULT($enable_espf_ssp) + -+AC_MSG_CHECKING(if the compiler default to use -D_FORTIFY_SOURCES=3D2) -+ if test $set_enable_espf =3D yes && test x$gcc_cv_libc_provides_forti= fy =3D xyes; then -+ enable_espf_fortify=3Dyes ++ AC_MSG_CHECKING(if we can default to use -D_FORTIFY_SOURCES=3D2) ++ if test x$gcc_cv_libc_provides_fortify =3D xyes; then ++ saved_CFLAGS=3D"$CFLAGS" ++ saved_CPPFLAGS=3D"$CPPFLAGS" ++ CFLAGS=3D"$CFLAGS -O2 -Werror" ++ CPPFLAGS=3D"$CPPFLAGS -D_FORTIFY_SOURCES=3D2" ++ AC_TRY_LINK([ ++ #include ++ #include ++ #include ++ ],[ ++ open ("/tmp/foo", O_WRONLY | O_CREAT); ++ ], ++ [AC_MSG_RESULT([no]); enable_espf_fortify=3Dno], ++ [AC_MSG_RESULT([yes]); enable_espf_fortify=3Dyes]) ++ CFLAGS=3D"$saved_CFLAGS" ++ CPPFLAGS=3D"$saved_CPPFLAGS" ++ else ++ [AC_MSG_RESULT([no]); enable_espf_fortify=3Dno] ++ fi ++ if test x$enable_espf_fortify =3D xyes ; then + AC_DEFINE(ENABLE_ESPF_FORTIFY, 1, + [Define if your compiler will default to use -D_FORTIFY_SOURCES=3D= 2.]) -+ else -+ enable_espf_fortify=3Dno + fi -+ AC_MSG_RESULT($enable_espf_fortify) + -+ AC_MSG_CHECKING(if the compiler will pass -z relro to the linker) -+ if test $set_enable_espf =3D yes && test x$gcc_cv_ld_relro =3D xyes= ; then -+ enable_espf_relro=3Dyes -+ AC_DEFINE(ENABLE_ESPF_RELRO, 1, -+ [Define if your compiler will pass -z relro to the linker.]) -+ else -+ enable_espf_relro=3Dno -+ fi -+ AC_MSG_RESULT($enable_espf_relro) -+ -+ AC_MSG_CHECKING(if the compiler will pass -z now to the linker) -+ if test $set_enable_espf =3D yes && test x$gcc_cv_ld_now =3D xyes; = then -+ enable_espf_now=3Dyes -+ AC_DEFINE(ENABLE_ESPF_NOW, 1, -+ [Define if your compiler will pass -z now to the linker.]) -+ else -+ enable_espf_now=3Dno -+ fi -+ AC_MSG_RESULT($enable_espf_now) +fi + -+# -------------- - # Language hooks - # -------------- + # Configure the subdirectories + # AC_CONFIG_SUBDIRS($subdirs) =20