From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 15F21139085 for ; Sun, 25 Dec 2016 22:20:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 407E521C04E; Sun, 25 Dec 2016 22:20:44 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0E89821C04E for ; Sun, 25 Dec 2016 22:20:44 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id C17583411D7 for ; Sun, 25 Dec 2016 22:20:42 +0000 (UTC) Received: by oystercatcher.gentoo.org (Postfix, from userid 2266) id 664E824E2; Sun, 25 Dec 2016 22:20:41 +0000 (UTC) From: "Magnus Granberg (zorry)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, zorry@gentoo.org Subject: [gentoo-commits] gentoo commit in src/patchsets/gcc/6.3.0/gentoo: 10_all_default-fortify-source.patch 11_all_default-warn-format-security.patch 12_all_default-warn-trampolines.patch 13_all_default-ssp-fix.patch 25_all_alpha-mieee-default.patch 29_all_arm_armv4t-default.patch 34_all_ia64_note.GNU-stack.patch 42_all_superh_default-multilib.patch 50_all_libiberty-asprintf.patch 51_all_libiberty-pic.patch 54_all_nopie-all-flags.patch 55_all_extra-options.patch 90_all_pr55930-dependency-tracking.patch README.history X-VCS-Repository: gentoo X-VCS-Files: 10_all_default-fortify-source.patch 11_all_default-warn-format-security.patch 12_all_default-warn-trampolines.patch 13_all_default-ssp-fix.patch 25_all_alpha-mieee-default.patch 29_all_arm_armv4t-default.patch 34_all_ia64_note.GNU-stack.patch 42_all_superh_default-multilib.patch 50_all_libiberty-asprintf.patch 51_all_libiberty-pic.patch 54_all_nopie-all-flags.patch 55_all_extra-options.patch 90_all_pr55930-dependency-tracking.patch README.history X-VCS-Directories: src/patchsets/gcc/6.3.0/gentoo X-VCS-Committer: zorry X-VCS-Committer-Name: Magnus Granberg Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Message-Id: <20161225222041.664E824E2@oystercatcher.gentoo.org> Date: Sun, 25 Dec 2016 22:20:41 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 03db0722-8ce4-40ae-aba1-c8a6a996926d X-Archives-Hash: eab876307b61deec549e0c3897a41a33 zorry 16/12/25 22:20:41 Added: 10_all_default-fortify-source.patch 11_all_default-warn-format-security.patch 12_all_default-warn-trampolines.patch 13_all_default-ssp-fix.patch 25_all_alpha-mieee-default.patch 29_all_arm_armv4t-default.patch 34_all_ia64_note.GNU-stack.patch 42_all_superh_default-multilib.patch 50_all_libiberty-asprintf.patch 51_all_libiberty-pic.patch 54_all_nopie-all-flags.patch 55_all_extra-options.patch 90_all_pr55930-dependency-tracking.patch README.history Log: add gcc-6.3 patchset Revision Changes Path 1.1 src/patchsets/gcc/6.3.0/gentoo/10_all_default-fortify-source.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/10_all_default-fortify-source.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/10_all_default-fortify-source.patch?rev=1.1&content-type=text/plain Index: 10_all_default-fortify-source.patch =================================================================== Enable -D_FORTIFY_SOURCE=2 by default. --- a/gcc/c-family/c-cppbuiltin.c +++ b/gcc/c-family/c-cppbuiltin.c @@ -951,6 +951,9 @@ c_cpp_builtins (cpp_reader *pfile) builtin_define_with_value ("__REGISTER_PREFIX__", REGISTER_PREFIX, 0); builtin_define_with_value ("__USER_LABEL_PREFIX__", user_label_prefix, 0); + /* Fortify Source enabled by default w/optimization. */ + cpp_define (pfile, "_FORTIFY_SOURCE=((defined __OPTIMIZE__ && __OPTIMIZE__ > 0) ? 2 : 0)"); + /* Misc. */ if (flag_gnu89_inline) cpp_define (pfile, "__GNUC_GNU_INLINE__"); 1.1 src/patchsets/gcc/6.3.0/gentoo/11_all_default-warn-format-security.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/11_all_default-warn-format-security.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/11_all_default-warn-format-security.patch?rev=1.1&content-type=text/plain Index: 11_all_default-warn-format-security.patch =================================================================== Enable -Wformat and -Wformat-security by default. --- a/gcc/c-family/c.opt 2016-03-23 18:51:56.000000000 +0100 +++ b/gcc/c-family/c.opt 2016-04-28 23:45:54.063351272 +0200 @@ -459,7 +459,7 @@ C ObjC C++ ObjC++ Var(warn_format_nonlit Warn about format strings that are not literals. Wformat-security -C ObjC C++ ObjC++ Var(warn_format_security) Warning LangEnabledBy(C ObjC C++ ObjC++,Wformat=, warn_format >= 2, 0) +C ObjC C++ ObjC++ Var(warn_format_security) Init(1) Warning LangEnabledBy(C ObjC C++ ObjC++,Wformat=, warn_format >= 2, 0) Warn about possible security problems with format functions. Wformat-signedness @@ -475,7 +475,7 @@ C ObjC C++ ObjC++ Var(warn_format_zero_l Warn about zero-length formats. Wformat= -C ObjC C++ ObjC++ Joined RejectNegative UInteger Var(warn_format) Warning LangEnabledBy(C ObjC C++ ObjC++,Wall, 1, 0) +C ObjC C++ ObjC++ Joined RejectNegative UInteger Var(warn_format) Init(1) Warning LangEnabledBy(C ObjC C++ ObjC++,Wall, 1, 0) Warn about printf/scanf/strftime/strfmon format string anomalies. Wignored-qualifiers 1.1 src/patchsets/gcc/6.3.0/gentoo/12_all_default-warn-trampolines.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/12_all_default-warn-trampolines.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/12_all_default-warn-trampolines.patch?rev=1.1&content-type=text/plain Index: 12_all_default-warn-trampolines.patch =================================================================== Enable -Wtrampolines by default. --- a/gcc/common.opt +++ b/gcc/common.opt @@ -712,7 +712,7 @@ Common Var(warn_system_headers) Warning Do not suppress warnings from system headers. Wtrampolines -Common Var(warn_trampolines) Warning +Common Var(warn_trampolines) Init(1) Warning Warn whenever a trampoline is generated. Wtype-limits 1.1 src/patchsets/gcc/6.3.0/gentoo/13_all_default-ssp-fix.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/13_all_default-ssp-fix.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/13_all_default-ssp-fix.patch?rev=1.1&content-type=text/plain Index: 13_all_default-ssp-fix.patch =================================================================== We disable ssp on -nostdlib and -ffreestanding as we did on older gcc and change the buffer size. --- a/gcc/c-family/c-opts.c 2016-03-08 23:30:44.000000000 +0100 +++ b/gcc/c-family/c-opts.c 2016-09-18 18:42:10.231644014 +0200 @@ -436,7 +436,15 @@ c_common_handle_option (size_t scode, co case OPT_ffreestanding: value = !value; + if (global_options.x_flag_stack_protect == -1) + global_options.x_flag_stack_protect = 0; /* Fall through.... */ + + case OPT_nostdlib: + if (global_options.x_flag_stack_protect == -1) + global_options.x_flag_stack_protect = 0; + /* Fall through.... */ + case OPT_fhosted: flag_hosted = value; flag_no_builtin = !value; --- a/gcc/c-family/c.opt 2016-03-23 18:51:56.000000000 +0100 +++ b/gcc/c-family/c.opt 2016-09-18 18:46:17.071649782 +0200 @@ -1647,6 +1647,10 @@ nostdinc++ C++ ObjC++ Do not search standard system include directories for C++. +nostdlib +C ObjC C++ ObjC++ +; Documented in common.opt + o C ObjC C++ ObjC++ Joined Separate ; Documented in common.opt --- a/gcc/gcc.c 2016-02-19 23:18:38.000000000 +0100 +++ b/gcc/gcc.c 2016-09-18 18:47:35.621651618 +0200 @@ -1132,6 +1143,7 @@ static const char *cc1_options = %{-help=*:--help=%*}\ %{!fsyntax-only:%{S:%W{o*}%{!o*:-o %b.s}}}\ %{fsyntax-only:-o %j} %{-param*}\ + %{nostdlib:-nostdlib}\ %{coverage:-fprofile-arcs -ftest-coverage}"; static const char *asm_options = --- a/gcc/params.def 2016-03-30 09:47:40.000000000 +0200 +++ b/gcc/params.def 2016-09-19 12:56:58.443179039 +0200 @@ -673,7 +673,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT, DEFPARAM (PARAM_SSP_BUFFER_SIZE, "ssp-buffer-size", "The lower bound for a buffer to be considered for stack smashing protection.", - 8, 1, 0) + 4, 1, 0) DEFPARAM (PARAM_MIN_SIZE_FOR_STACK_SHARING, "min-size-for-stack-sharing", 1.1 src/patchsets/gcc/6.3.0/gentoo/25_all_alpha-mieee-default.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/25_all_alpha-mieee-default.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/25_all_alpha-mieee-default.patch?rev=1.1&content-type=text/plain Index: 25_all_alpha-mieee-default.patch =================================================================== Set the default behavior on alpha to use -mieee since the large majority of time we want this (bad/weird things can happen with packages built without it). To satisfy those people who may not want -mieee forced on them all the time, we also provide -mno-ieee. Patch by Mike Frysinger Note: upstream doesn't want to take this due to long standing behavior, and because it'd make behavior across OS's inconsistent: https://gcc.gnu.org/ml/gcc-patches/2003-07/msg02144.html This makes sense for upstream, but Gentoo is more concerned about packages behaving the same across arches under Linux. --- a/gcc/config/alpha/alpha.h +++ b/gcc/config/alpha/alpha.h @@ -96,6 +96,8 @@ along with GCC; see the file COPYING3. If not see while (0) #endif +#define CPP_SPEC "%{!no-ieee:-mieee}" + /* Run-time compilation parameters selecting different hardware subsets. */ /* Which processor to schedule for. The cpu attribute defines a list that --- a/gcc/config/alpha/alpha.opt +++ b/gcc/config/alpha/alpha.opt @@ -39,7 +39,7 @@ Target RejectNegative Mask(IEEE_CONFORMANT) Request IEEE-conformant math library routines (OSF/1). mieee -Target Report RejectNegative Mask(IEEE) +Target Report Mask(IEEE) Emit IEEE-conformant code, without inexact exceptions. mieee-with-inexact 1.1 src/patchsets/gcc/6.3.0/gentoo/29_all_arm_armv4t-default.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/29_all_arm_armv4t-default.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/29_all_arm_armv4t-default.patch?rev=1.1&content-type=text/plain Index: 29_all_arm_armv4t-default.patch =================================================================== gcc defaults to armv5t for all targets even armv4t http://sourceware.org/ml/crossgcc/2008-05/msg00009.html --- a/gcc/config/arm/linux-eabi.h +++ b/gcc/config/arm/linux-eabi.h @@ -45,7 +45,7 @@ The ARM10TDMI core is the default for armv5t, so set SUBTARGET_CPU_DEFAULT to achieve this. */ #undef SUBTARGET_CPU_DEFAULT -#define SUBTARGET_CPU_DEFAULT TARGET_CPU_arm10tdmi +#define SUBTARGET_CPU_DEFAULT TARGET_CPU_arm9tdmi /* TARGET_BIG_ENDIAN_DEFAULT is set in config.gcc for big endian configurations. */ 1.1 src/patchsets/gcc/6.3.0/gentoo/34_all_ia64_note.GNU-stack.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/34_all_ia64_note.GNU-stack.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/34_all_ia64_note.GNU-stack.patch?rev=1.1&content-type=text/plain Index: 34_all_ia64_note.GNU-stack.patch =================================================================== http://gcc.gnu.org/PR21098 2004-09-20 Jakub Jelinek * config/rs6000/ppc-asm.h: Add .note.GNU-stack section also on ppc64-linux. * config/ia64/lib1funcs.asm: Add .note.GNU-stack section on ia64-linux. * config/ia64/crtbegin.asm: Likewise. * config/ia64/crtend.asm: Likewise. * config/ia64/crti.asm: Likewise. * config/ia64/crtn.asm: Likewise. 2004-05-14 Jakub Jelinek * config/ia64/linux.h (TARGET_ASM_FILE_END): Define. --- a/gcc/config/ia64/linux.h +++ b/gcc/config/ia64/linux.h @@ -24,6 +24,8 @@ a copy of the GCC Runtime Library Exception along with this program; see the files COPYING3 and COPYING.RUNTIME respectively. If not, see . */ +#define TARGET_ASM_FILE_END file_end_indicate_exec_stack + /* This is for -profile to use -lc_p instead of -lc. */ #undef CC1_SPEC #define CC1_SPEC "%{profile:-p} %{G*}" --- a/gcc/config/rs6000/ppc-asm.h +++ b/gcc/config/rs6000/ppc-asm.h @@ -352,7 +352,7 @@ GLUE(.L,name): \ #endif #endif -#if defined __linux__ && !defined __powerpc64__ +#if defined __linux__ .section .note.GNU-stack .previous #endif --- a/libgcc/config/ia64/crtbegin.S +++ b/libgcc/config/ia64/crtbegin.S @@ -252,3 +252,7 @@ __do_jv_register_classes: .weak __cxa_finalize #endif .weak _Jv_RegisterClasses + +#ifdef __linux__ +.section .note.GNU-stack; .previous +#endif --- a/libgcc/config/ia64/crtend.S +++ b/libgcc/config/ia64/crtend.S @@ -119,3 +119,6 @@ __do_global_ctors_aux: br.ret.sptk.many rp .endp __do_global_ctors_aux +#ifdef __linux__ +.section .note.GNU-stack; .previous +#endif --- a/libgcc/config/ia64/crti.S +++ b/libgcc/config/ia64/crti.S @@ -49,5 +49,8 @@ _fini: .save rp, r33 mov r33 = b0 .body +#ifdef __linux__ +.section .note.GNU-stack; .previous +#endif # end of crti.S --- a/libgcc/config/ia64/crtn.S +++ b/libgcc/config/ia64/crtn.S @@ -39,5 +39,8 @@ .restore sp mov r12 = r35 br.ret.sptk.many b0 +#ifdef __linux__ +.section .note.GNU-stack; .previous +#endif # end of crtn.S --- a/libgcc/config/ia64/lib1funcs.S +++ b/libgcc/config/ia64/lib1funcs.S @@ -793,3 +793,6 @@ __floattitf: .endp __floattitf #endif #endif +#ifdef __linux__ +.section .note.GNU-stack; .previous +#endif 1.1 src/patchsets/gcc/6.3.0/gentoo/42_all_superh_default-multilib.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/42_all_superh_default-multilib.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/42_all_superh_default-multilib.patch?rev=1.1&content-type=text/plain Index: 42_all_superh_default-multilib.patch =================================================================== The gcc-3.x toolchains would contain all the targets by default. With gcc-4, you have to actually list out the multilibs you want or you will end up with just one when using targets like 'sh4-linux-gnu'. The resulting toolchain can't even build a kernel as the kernel needs to build with the nofpu flag to be sure that no fpu ops are generated. Here we restore the gcc-3.x behavior; the additional overhead of building all of these multilibs by default is negligible. https://bugs.gentoo.org/140205 https://bugs.gentoo.org/320251 --- a/gcc/config.gcc +++ b/gcc/config.gcc @@ -2455,7 +2455,7 @@ sh-*-symbianelf* | sh[12346l]*-*-symbianelf* | \ if test "$sh_multilibs" = "default" ; then case ${target} in sh64-superh-linux* | \ - sh[1234]*) sh_multilibs=${sh_cpu_target} ;; + sh[1234]*) sh_multilibs=$(echo $(sed -n '/^[[:space:]]*case ${sh_multilib} in/,/)/{s:case ${sh_multilib} in::;s: | *:,:g;s:[\\)]::g;p}' ${srcdir}/config.gcc) | sed 's: ::g') ;; sh64* | sh5*) sh_multilibs=m5-32media,m5-32media-nofpu,m5-compact,m5-compact-nofpu,m5-64media,m5-64media-nofpu ;; sh-superh-*) sh_multilibs=m4,m4-single,m4-single-only,m4-nofpu ;; sh*-*-linux*) sh_multilibs=m1,m3e,m4 ;; 1.1 src/patchsets/gcc/6.3.0/gentoo/50_all_libiberty-asprintf.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/50_all_libiberty-asprintf.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/50_all_libiberty-asprintf.patch?rev=1.1&content-type=text/plain Index: 50_all_libiberty-asprintf.patch =================================================================== 2008-07-25 Magnus Granberg * include/libiberty.h (asprintf): Don't declare if defined as a macro --- a/include/libiberty.h +++ b/include/libiberty.h @@ -609,8 +609,11 @@ extern int pwait (int, int *, int); /* Like sprintf but provides a pointer to malloc'd storage, which must be freed by the caller. */ +/* asprintf may be declared as a macro by glibc with __USE_FORTIFY_LEVEL. */ +#ifndef asprintf extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2; #endif +#endif #if !HAVE_DECL_VASPRINTF /* Like vsprintf but provides a pointer to malloc'd storage, which 1.1 src/patchsets/gcc/6.3.0/gentoo/51_all_libiberty-pic.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/51_all_libiberty-pic.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/51_all_libiberty-pic.patch?rev=1.1&content-type=text/plain Index: 51_all_libiberty-pic.patch =================================================================== --- a/libiberty/Makefile.in +++ b/libiberty/Makefile.in @@ -246,6 +246,7 @@ $(TARGETLIB): $(REQUIRED_OFILES) $(EXTRA_OFILES) $(LIBOBJS) $(AR) $(AR_FLAGS) $(TARGETLIB) \ $(REQUIRED_OFILES) $(EXTRA_OFILES) $(LIBOBJS); \ $(RANLIB) $(TARGETLIB); \ + cp $(TARGETLIB) ../ ; \ cd ..; \ else true; fi 1.1 src/patchsets/gcc/6.3.0/gentoo/54_all_nopie-all-flags.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/54_all_nopie-all-flags.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/54_all_nopie-all-flags.patch?rev=1.1&content-type=text/plain Index: 54_all_nopie-all-flags.patch =================================================================== We need to pass NO_PIE_CFLAGS to ALL_* so gcc don't fail when we compile it with older gcc and pie. --- a/gcc/Makefile.in 2015-06-25 19:18:12.000000000 +0200 +++ b/gcc/Makefile.in 2016-04-22 00:12:54.029178860 +0200 @@ -991,10 +991,10 @@ ALL_CXXFLAGS = $(T_CFLAGS) $(CFLAGS-$@) ALL_CPPFLAGS = $(INCLUDES) $(CPPFLAGS) # This is the variable to use when using $(COMPILER). -ALL_COMPILERFLAGS = $(ALL_CXXFLAGS) +ALL_COMPILERFLAGS = $(NO_PIE_CFLAGS) $(ALL_CXXFLAGS) # This is the variable to use when using $(LINKER). -ALL_LINKERFLAGS = $(ALL_CXXFLAGS) +ALL_LINKERFLAGS = $(NO_PIE_CFLAGS) $(ALL_CXXFLAGS) # Build and host support libraries. 1.1 src/patchsets/gcc/6.3.0/gentoo/55_all_extra-options.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/55_all_extra-options.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/6.3.0/gentoo/55_all_extra-options.patch?rev=1.1&content-type=text/plain Index: 55_all_extra-options.patch =================================================================== On Hardened we add or remove some options like -fstack-check, -fstack-protector-all, -fstrict_overflow and -z now --- a/libgcc/Makefile.in 2011-11-22 04:01:02.000000000 +0100 +++ b/libgcc/Makefile.in 2011-12-25 15:18:22.449610631 +0100 @@ -225,7 +225,7 @@ endif LIBGCC2_DEBUG_CFLAGS = -g LIBGCC2_CFLAGS = -O2 $(LIBGCC2_INCLUDES) $(GCC_CFLAGS) $(HOST_LIBGCC2_CFLAGS) \ $(LIBGCC2_DEBUG_CFLAGS) -DIN_LIBGCC2 \ - -fbuilding-libgcc -fno-stack-protector \ + -fbuilding-libgcc -fno-stack-protector -fstack-check=no \ $(INHIBIT_LIBC_CFLAGS) # Additional options to use when compiling libgcc2.a. @@ -279,7 +290,7 @@ INTERNAL_CFLAGS = $(CFLAGS) $(LIBGCC2_CF -finhibit-size-directive -fno-inline -fno-exceptions \ -fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \ -fbuilding-libgcc -fno-stack-protector $(FORCE_EXPLICIT_EH_REGISTRY) \ - $(INHIBIT_LIBC_CFLAGS) + -fstack-check=no $(INHIBIT_LIBC_CFLAGS) # Extra flags to use when compiling crt{begin,end}.o. CRTSTUFF_T_CFLAGS = --- a/gcc/defaults.h 2016-01-04 15:30:50.000000000 +0100 +++ b/gcc/defaults.h 2016-05-02 22:23:43.815707806 +0200 @@ -1398,8 +1398,12 @@ see the files COPYING3 and COPYING.RUNTI /* Default value for flag_stack_protect when flag_stack_protect is initialized to -1: --enable-default-ssp: Default flag_stack_protect to -fstack-protector-strong. --disable-default-ssp: Default flag_stack_protect to 0. + Hardened: Default flag_stack_protect to -fstack-protector-all. */ #ifdef ENABLE_DEFAULT_SSP +# ifdef EXTRA_OPTIONS +# define DEFAULT_FLAG_SSP 2 +# endif # ifndef DEFAULT_FLAG_SSP # define DEFAULT_FLAG_SSP 3 # endif --- a/gcc/gcc.c 2016-02-19 23:18:38.000000000 +0100 +++ b/gcc/gcc.c 2016-05-02 22:56:10.185721270 +0200 @@ -868,6 +868,13 @@ proper position among the other output f #endif #endif +#define STACK_CHECK_SPEC "%{fstack-check|fstack-check=*:;: -fstack-check} " +#ifdef EXTRA_OPTIONS +#define LINK_NOW_SPEC "%{!nonow:-z now} " +#else +#define LINK_NOW_SPEC "" +#endif + #ifdef ENABLE_DEFAULT_PIE #define NO_PIE_SPEC "no-pie|static" #define PIE_SPEC NO_PIE_SPEC "|r|shared:;" @@ -1013,7 +1020,7 @@ proper position among the other output f %(linker) " \ LINK_PLUGIN_SPEC \ "%{flto|flto=*:%