[gentoo-commits] proj/hardened-gccpatchset:master commit in: upstream/

["Magnus Granberg" <zorry@gentoo.org>]

commit:     750927c7e75c0a24fe7c625afc4a240d29aebc3c
Author:     Magnus Granberg <zorry <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 30 21:04:46 2012 +0000
Commit:     Magnus Granberg <zorry <AT> gentoo <DOT> org>
CommitDate: Mon Jul 30 21:04:46 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-gccpatchset.git;a=commit;h=750927c7

updated upstream patches with doc and some testsuite fixes

---
 upstream/Makefile.in.patch |   10 ++++
 upstream/Wformat.patch     |   45 ++++++--------------
 upstream/config_all.patch  |    6 +-
 upstream/gcc_doc.patch     |   99 ++++++++++++++++++++++++++++++++++++++++++++
 upstream/testsuite.patch   |   35 +++++++++++++++
 5 files changed, 161 insertions(+), 34 deletions(-)

diff --git a/upstream/Makefile.in.patch b/upstream/Makefile.in.patch
index cc7d0f0..9b3c173 100644
--- a/upstream/Makefile.in.patch
+++ b/upstream/Makefile.in.patch
@@ -68,6 +68,16 @@
  
  	mv tmp-libgcc.mvars libgcc.mvars
  
+@@ -4893,6 +4903,9 @@ site.exp: ./config.status Makefile
+ 	@if test "@enable_lto@" = "yes" ; then \
+ 	  echo "set ENABLE_LTO 1" >> ./site.tmp; \
+ 	fi
++	@if test "@enable_espf@" = "yes" ; then \
++	  echo "set ENABLE_ESPF 1" >> ./site.tmp; \
++	fi
+ # If newlib has been configured, we need to pass -B to gcc so it can find
+ # newlib's crt0.o if it exists.  This will cause a "path prefix not used"
+ # message if it doesn't, but the testsuite is supposed to ignore the message -
 --- a/libgcc/Makefile.in	2011-11-22 04:01:02.000000000 +0100
 +++ b/libgcc/Makefile.in	2012-06-29 00:15:04.534016511 +0200
 @@ -275,11 +275,16 @@ override CFLAGS := $(filter-out -fprofil

diff --git a/upstream/Wformat.patch b/upstream/Wformat.patch
index be0b07a..99bfcf5 100644
--- a/upstream/Wformat.patch
+++ b/upstream/Wformat.patch
@@ -1,6 +1,6 @@
 --- a/gcc/c-family/c-common.c	2012-02-13 21:12:54.000000000 +0100
-+++ b/gcc/c-family/c-common.c	2012-07-09 23:17:18.375234684 +0200
-@@ -202,7 +202,19 @@ int warn_unknown_pragmas; /* Tri state v
++++ b/gcc/c-family/c-common.c	2012-07-28 00:04:05.351725091 +0200
+@@ -202,7 +202,11 @@ int warn_unknown_pragmas; /* Tri state v
  /* Warn about format/argument anomalies in calls to formatted I/O functions
     (*printf, *scanf, strftime, strfmon, etc.).  */
  
@@ -9,37 +9,20 @@
 +#else
  int warn_format;
 +#endif
-+
-+/* Warn about possible security problems with format functions.  */
-+
-+#ifdef ENABLE_ESPF
-+int warn_format_security = 1;
-+#else
-+int warn_format_security;
-+#endif
  
  /* C/ObjC language option variables.  */
  
---- a/gcc/c-family/c-common.h	2011-12-20 21:44:13.000000000 +0100
-+++ b/gcc/c-family/c-common.h	2012-07-09 23:16:33.355233344 +0200
-@@ -594,6 +594,9 @@ extern int warn_unknown_pragmas; /* Tri
- 
- extern int warn_format;
- 
-+/* Warn about possible security problems with format functions.  */
+--- a/gcc/c-family/c-format.c	2011-06-07 23:52:46.000000000 +0200
++++ b/gcc/c-family/c-format.c	2012-07-28 00:43:00.612794680 +0200
+@@ -52,6 +52,11 @@ set_Wformat (int setting)
+   /* Make sure not to disable -Wnonnull if -Wformat=0 is specified.  */
+   if (setting)
+     warn_nonnull = setting;
 +
-+extern int warn_format_security;
- 
- /* C/ObjC language option variables.  */
- 
---- a/gcc/c-family/c.opt	2012-02-06 11:31:18.000000000 +0100
-+++ b/gcc/c-family/c.opt	2012-07-09 22:07:11.449109322 +0200
-@@ -392,7 +392,7 @@ C ObjC C++ ObjC++ Var(warn_format_contai
- Warn about format strings that contain NUL bytes
- 
- Wformat-security
--C ObjC C++ ObjC++ Var(warn_format_security) Warning
-+C ObjC C++ ObjC++ Warning
- Warn about possible security problems with format functions
++#ifdef ENABLE_ESPF
++  if (setting == 1)
++    warn_format_security = 1;
++#endif
+ }
  
- Wformat-y2k
+ \f

diff --git a/upstream/config_all.patch b/upstream/config_all.patch
index f7c8e9b..aa16b1b 100644
--- a/upstream/config_all.patch
+++ b/upstream/config_all.patch
@@ -1,9 +1,9 @@
 --- a/gcc/config/linux.h	2011-07-07 17:38:34.000000000 +0200
 +++ b/gcc/config/linux.h	2012-07-09 14:24:08.599281404 +0200
 @@ -104,3 +104,31 @@ see the files COPYING3 and COPYING.RUNTI
- /* Whether we have sincos that follows the GNU extension.  */
- #undef TARGET_HAS_SINCOS
- #define TARGET_HAS_SINCOS (OPTION_GLIBC || OPTION_BIONIC)
+ /* Whether we have Bionic libc runtime */
+ #undef TARGET_HAS_BIONIC
+ #define TARGET_HAS_BIONIC (OPTION_BIONIC)
 +
 +#ifdef ENABLE_ESPF
 +#ifdef ENABLE_ESPF_PIE

diff --git a/upstream/gcc_doc.patch b/upstream/gcc_doc.patch
new file mode 100644
index 0000000..ba76d17
--- /dev/null
+++ b/upstream/gcc_doc.patch
@@ -0,0 +1,99 @@
+--- a/gcc/doc/invoke.texi	2012-03-01 10:57:59.000000000 +0100
++++ b/gcc/doc/invoke.texi	2012-07-30 00:57:03.766847851 +0200
+@@ -3216,6 +3216,10 @@ aspects of format checking, the options
+ @option{-Wformat-nonliteral}, @option{-Wformat-security}, and
+ @option{-Wformat=2} are available, but are not included in @option{-Wall}.
+ 
++NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]}is 
++this option enabled by default for C, C++, ObjC, ObjC++.
++To disable, use @option{-Wformat=0}.
++
+ @item -Wformat-y2k
+ @opindex Wformat-y2k
+ @opindex Wno-format-y2k
+@@ -3269,6 +3273,12 @@ currently a subset of what @option{-Wfor
+ in future warnings may be added to @option{-Wformat-security} that are not
+ included in @option{-Wformat-nonliteral}.)
+ 
++NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]} is
++this option enabled by default for C, C++, ObjC, ObjC++.  To disable,
++use @option{-Wno-format-security}, or disable all format warnings
++with @option{-Wformat=0}.  To make format security warnings fatal,
++specify @option{-Werror=format-security}.
++
+ @item -Wformat=2
+ @opindex Wformat=2
+ @opindex Wno-format=2
+@@ -6229,6 +6239,13 @@ also turns on the following optimization
+ Please note the warning under @option{-fgcse} about
+ invoking @option{-O2} on programs that use computed gotos.
+ 
++NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{|}pie@r{]},
++@option{-D_FORTIFY_SOURCE=2} is set by default, and is activated 
++when @option{-O} is set to 2 or higher. This enables additional 
++compile-time and run-time checks for several libc functions.
++To disable, specify either @option{-U_FORTIFY_SOURCE} or
++@option{-D_FORTIFY_SOURCE=0}.
++
+ @item -O3
+ @opindex O3
+ Optimize yet more.  @option{-O3} turns on all optimizations specified
+@@ -8475,6 +8492,12 @@ functions with buffers larger than 8 byt
+ when a function is entered and then checked when the function exits.
+ If a guard check fails, an error message is printed and the program exits.
+ 
++NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{]} this option
++is enabled by default for C, C++, ObjC, ObjC++, if none of 
++@option{-fno-stack-protector}, @option{-nostdlib}, 
++@option{-fno-stack-protector-all}, @option{nodefaultlibs}, 
++nor @option{-ffreestanding} are found.
++
+ @item -fstack-protector-all
+ @opindex fstack-protector-all
+ Like @option{-fstack-protector} except that all functions are protected.
+@@ -9457,6 +9480,12 @@ For predictable results, you must also s
+ that were used to generate code (@option{-fpie}, @option{-fPIE},
+ or model suboptions) when you specify this option.
+ 
++NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{]} this option is
++enabled by default for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE},
++@option{-fno-pie}, @option{-fPIC}, @option{-fpic}, @option{-fno-PIC},
++@option{-fno-pic}, @option{-nostdlib}, @option{-nostartfiles},
++@option{-shared}, @option{-nodefaultlibs}, nor @option{static} are found.
++
+ @item -rdynamic
+ @opindex rdynamic
+ Pass the flag @option{-export-dynamic} to the ELF linker, on targets
+@@ -19125,6 +19154,12 @@ used during linking.
+ @code{__pie__} and @code{__PIE__}.  The macros have the value 1
+ for @option{-fpie} and 2 for @option{-fPIE}.
+ 
++NOTE: With configure --enable-espf=@r{[}all@r{|}ssp@r{]} this option is
++enabled by default for C, C++, ObjC, ObjC++, if none of @option{-fno-PIE},
++@option{-fno-pie}, @option{-fPIC}, @option{-fpic}, @option{-fno-PIC},
++@option{-fno-pic}, @option{-nostdlib}, @option{-nostartfiles},
++@option{-shared}, @option{-nodefaultlibs}, nor @option{static} are found.
++
+ @item -fno-jump-tables
+ @opindex fno-jump-tables
+ Do not use jump tables for switch statements even where it would be
+--- a/gcc/doc/install.texi	2012-03-02 10:37:30.000000000 +0100
++++ b/gcc/doc/install.texi	2012-07-23 18:05:14.160784593 +0200
+@@ -1392,6 +1392,17 @@ do a @samp{make -C gcc gnatlib_and_tools
+ Specify that the run-time libraries for stack smashing protection
+ should not be built.
+ 
++@item --enable-espf=@var{list}
++Will turn on some compiler and preprosessor options as default.
++@option{-D_FORTIFY_SOURCE=2}, @option{-Wformat} and 
++@option{-Wformat-security} will be turn on as default and depend on
++if you use @samp{all} it will turn on @option{-fstack-protection}and
++@option{-fPIE} by default. if the support is there. If you use
++@samp{ssp} it will turn on @option{-fstack-protection} by default if the
++support is there. If you use @samp{pie} it will turn on @option{-fPIE}
++by default if the support is there. We only support x86-64-*-linux* as target
++for now.
++
+ @item --disable-libquadmath
+ Specify that the GCC quad-precision math library should not be built.
+ On some systems, the library is required to be linkable when building

diff --git a/upstream/testsuite.patch b/upstream/testsuite.patch
new file mode 100644
index 0000000..50d06e5
--- /dev/null
+++ b/upstream/testsuite.patch
@@ -0,0 +1,35 @@
+--- a/gcc/testsuite/lib/target-supports.exp	2012-02-22 12:00:21.000000000 +0100
++++ b/gcc/testsuite/lib/target-supports.exp	2012-07-27 19:19:30.849216278 +0200
+@@ -4419,6 +4419,14 @@ proc check_effective_target_lto { } {
+     return [info exists ENABLE_LTO]
+ }
+ 
++# Return 1 if the compiler has been configure with espf
++# (configure --enable-espf=(all|ssp|pie)) support.
++
++proc check_effective_target_espf { } {
++    global ENABLE_ESPF
++    return [info exists ENABLE_ESPF]
++}
++
+ # Return 1 if this target supports the -fsplit-stack option, 0
+ # otherwise.
+ 
+--- a/gcc/testsuite/gcc.c-torture/execute/vprintf-chk-1.x	2012-07-30 02:31:20.573793905 +0200
++++ b/gcc/testsuite/gcc.c-torture/execute/vprintf-chk-1.x	2012-07-27 21:47:01.574480025 +0200
+@@ -0,0 +1,6 @@
++load_lib target-supports.exp
++
++if [check_effective_target_espf] {
++        set additional_flags "-U_FORTIFY_SOURCE"
++}
++return 0
+--- a/gcc/testsuite/gcc.c-torture/execute/vfprintf-chk-1.x	2012-07-30 02:31:07.366794031 +0200
++++ b/gcc/testsuite/gcc.c-torture/execute/vfprintf-chk-1.x	2012-07-27 21:47:01.000000000 +0200
+@@ -0,0 +1,6 @@
++load_lib target-supports.exp
++
++if [check_effective_target_espf] {
++        set additional_flags "-U_FORTIFY_SOURCE"
++}
++return 0