[gentoo-commits] proj/hardened-gccpatchset:master commit in: gcc-4.7.0/piepatch/

[gentoo-commits] proj/hardened-gccpatchset:master commit in: gcc-4.7.0/piepatch/

[Magnus Granberg]

commit:     35e2816a265694c87af0133df7aa8c489e05f825
Author:     Magnus Granberg <zorry <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 17 17:41:53 2012 +0000
Commit:     Magnus Granberg <zorry <AT> gentoo <DOT> org>
CommitDate: Tue Jan 17 17:41:53 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-gccpatchset.git;a=commit;h=35e2816a

piepatch 0.5.1 for gcc 4.7

---
 gcc-4.7.0/piepatch/01_all_gcc47_configure.patch    |  389 ++++++++++++++++++++
 gcc-4.7.0/piepatch/02_all_gcc45_config.in.patch    |   32 ++
 gcc-4.7.0/piepatch/03_all_gcc47_Makefile.in.patch  |  130 +++++++
 gcc-4.7.0/piepatch/05_all_gcc47_gcc.c.patch        |   84 +++++
 gcc-4.7.0/piepatch/06_all_gcc45_esp.h.patch        |  153 ++++++++
 gcc-4.7.0/piepatch/10_all_gcc46_default-ssp.patch  |  130 +++++++
 .../piepatch/15_all_gcc44_decl-tls-model.patch     |   20 +
 .../piepatch/20_all_gcc46_config_crtbeginp.patch   |   36 ++
 gcc-4.7.0/piepatch/24_all_gcc44_invoke.texi.patch  |   44 +++
 .../33_all_gcc46_config_rs6000_linux64.h.patch     |   16 +
 gcc-4.7.0/piepatch/README                          |   18 +
 gcc-4.7.0/piepatch/README.Changelog                |  338 +++++++++++++++++
 gcc-4.7.0/piepatch/README.Gentoo.patches           |   28 ++
 gcc-4.7.0/piepatch/README.history                  |  286 ++++++++++++++
 14 files changed, 1704 insertions(+), 0 deletions(-)

diff --git a/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch b/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch
new file mode 100644
index 0000000..94958b1
--- /dev/null
+++ b/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch
@@ -0,0 +1,389 @@
+2012-01-07	Magnus Granberg		<zorry@gentoo.org>
+
+		* configure		Add --enable-esp.  Add-fno-stack-protector
+		to stage1_cflags.
+		* gcc/configure		Add --enable-esp. Check -z now, 
+		PIE, SSP and FORTIFY_SOURCES.
+		Define ENABLE_ESP.
+		Check if we support crtbeginP and define ENABLE_CRTBEGINP.
+
+--- a/configure	2011-12-22 21:51:34.700589641 +0100
++++ b/configure	2011-12-22 22:17:32.855636066 +0100
+@@ -671,6 +671,7 @@ LDFLAGS
+ CFLAGS
+ CC
+ EXTRA_CONFIGARGS_LIBJAVA
++enable_esp
+ target_subdir
+ host_subdir
+ build_subdir
+@@ -749,6 +750,7 @@ enable_ld
+ enable_libquadmath
+ enable_libquadmath_support
+ enable_libada
++enable_esp
+ enable_libssp
+ enable_static_libjava
+ enable_bootstrap
+@@ -1467,6 +1469,11 @@ Optional Features:
+   --disable-libquadmath-support
+                           disable libquadmath support for Fortran
+   --enable-libada         build libada directory
++  --enable-esp           Enable Stack protector, Position independent
++                          executable as default if we have suppot for it when
++                          compiling and link with -z relro and -z now as
++                          default. Linux targets supported i*86, x86_64,
++                          x86_x32, powerpc, powerpc64, ia64 and arm.
+   --enable-libssp         build libssp directory
+   --enable-static-libjava[=ARG]
+                           build static libjava [default=no]
+@@ -2985,6 +2992,24 @@ if test "${ENABLE_LIBADA}" != "yes" ; th
+   noconfigdirs="$noconfigdirs gnattools"
+ fi
+ 
++# Check whether --enable-esp was given and target have the support.
++# Check whether --enable-esp was given.
++if test "${enable_esp+set}" = set; then :
++  enableval=$enable_esp;
++  case $target in
++    i?86*-*-linux* | x86_64*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*)
++      enable_esp=yes
++      ;;
++    *)
++      { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: *** --enable-espf is not supported on this $target target." >&5
++$as_echo "$as_me: WARNING: *** --enable-espf is not supported on this $target target." >&2;}
++      ;;
++  esac
++
++fi
++
++
++
+ # Check whether --enable-libssp was given.
+ if test "${enable_libssp+set}" = set; then :
+   enableval=$enable_libssp; ENABLE_LIBSSP=$enableval
+@@ -14418,6 +14445,11 @@ rm -f core conftest.err conftest.$ac_obj
+   CFLAGS="$saved_CFLAGS"
+ fi
+ 
++# Disable -fstack-protector on stage1
++if test x$enable_esp = xyes; then
++  stage1_cflags="$stage1_cflags -fno-stack-protector"
++fi
++
+ 
+ 
+ # Enable --enable-checking in stage1 of the compiler.
+--- a/gcc/configure	2011-12-31 12:45:24.449810238 +0100
++++ b/gcc/configure	2011-12-31 00:43:40.000000000 +0100
+@@ -600,6 +600,8 @@ ac_includes_default="\
+ 
+ ac_subst_vars='LTLIBOBJS
+ LIBOBJS
++enable_esp
++enable_crtbeginP
+ enable_plugin
+ pluginlibs
+ CLOOGINC
+@@ -916,6 +917,7 @@ enable_version_specific_runtime_libs
+ enable_plugin
+ enable_libquadmath_support
+ with_linker_hash_style
++enable_esp
+ '
+       ac_precious_vars='build_alias
+ host_alias
+@@ -1629,6 +1631,11 @@ Optional Features:
+   --enable-plugin         enable plugin support
+   --disable-libquadmath-support
+                           disable libquadmath support for Fortran
++  --enable-esp           Enable Stack protector, Position independent
++                          executable and Fortify_sources as default if we have
++                          suppot for it when compiling and link -z now as
++                          default. Linux targets supported i*86, x86_64,
++                          x86_x32, powerpc, powerpc64, ia64 and arm
+ 
+ Optional Packages:
+   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+@@ -26575,6 +26582,28 @@ else
+   target_header_dir=${native_system_header_dir}
+ fi
+ 
++  { $as_echo "$as_me:${as_lineno-$LINENO}: checking linker -z now support" >&5
++$as_echo_n "checking linker -z now support... " >&6; }
++if test "${gcc_cv_ld_now+set}" = set; then :
++  $as_echo_n "(cached) " >&6
++else
++  gcc_cv_ld_now=no
++  if test $in_tree_ld = yes ; then
++    if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \
++      && test $in_tree_ld_is_elf = yes; then
++        gcc_cv_ld_now=yes
++    fi
++  elif test x$gcc_cv_ld != x; then
++    # Check if linker supports -z now options
++    if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then
++      gcc_cv_ld_now=yes
++    fi
++  fi
++
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_ld_now" >&5
++$as_echo "$gcc_cv_ld_now" >&6; }
++
+ # Test for stack protector support in target C library.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking __stack_chk_fail in target C library" >&5
+ $as_echo_n "checking __stack_chk_fail in target C library... " >&6; }
+@@ -27290,6 +27319,252 @@ _ACEOF
+ 
+ fi
+ 
++# --------------
++# Espf checks
++# --------------
++
++# Check whether --enable-esp was given and target have the support.
++# Check whether --enable-esp was given.
++if test "${enable_esp+set}" = set; then :
++  enableval=$enable_esp; set_enable_esp=$enableval
++else
++  set_enable_esp=no
++fi
++
++if test $set_enable_esp = yes ; then
++  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $target support esp" >&5
++$as_echo_n "checking if $target support esp... " >&6; }
++if test x"$set_enable_esp" = x"yes" ; then
++  case "$target" in
++    i?86*-*-linux* | x86_64*-*-linux* |  x86_x32*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*)
++      enable_esp=yes
++
++$as_echo "#define ENABLE_ESP 1" >>confdefs.h
++
++      ;;
++    *)
++      enable_esp=no
++      ;;
++  esac
++else
++ enable_esp=no
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_esp" >&5
++$as_echo "$enable_esp" >&6; }
++fi
++
++if test $enable_esp = yes ; then
++
++# Check for FORTIFY_SOURCES support in target C library.
++  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FORTIFY_SOURCES support  in target C library" >&5
++$as_echo_n "checking for _FORTIFY_SOURCES support  in target C library... " >&6; }
++if test "${gcc_cv_libc_provides_fortify+set}" = set; then :
++  $as_echo_n "(cached) " >&6
++else
++  gcc_cv_libc_provides_fortify=no
++    case "$target" in
++      *-*-linux*)
++        # glibc 2.8 and later provides _FORTIFY_SOURCES.
++        if test -f $target_header_dir/features.h; then
++          if $EGREP '^[ 	]*#[ 	]*define[ 	]+__GLIBC__[ 	]+2' \
++	    $target_header_dir/features.h > /dev/null \
++	    && $EGREP '^[ 	]*#[ 	]*define[ 	]+__GLIBC_MINOR__[ 	]+([1-9][0-9]|[8-9])' \
++	    $target_header_dir/features.h > /dev/null; then
++	      gcc_cv_libc_provides_fortify=yes
++          elif $EGREP '^[ 	]*#[ 	]*define[ 	]+__UCLIBC__[ 	]' \
++	    $target_header_dir/features.h > /dev/null ; then
++            gcc_cv_libc_provides_fortify=no
++	  fi
++        fi
++        ;;
++      *) gcc_cv_libc_provides_fortify=no ;;
++    esac
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_libc_provides_fortify" >&5
++$as_echo "$gcc_cv_libc_provides_fortify" >&6; }
++
++  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can default to use -fPIE and link with -pie" >&5
++$as_echo_n "checking if we can default to use -fPIE and link with -pie... " >&6; }
++  if test x"$gcc_cv_ld_pie" = x"yes"; then
++    saved_LDFLAGS="$LDFLAGS"
++    saved_CFLAGS="$CFLAGS"
++    CFLAGS="$CFLAGS -fPIE -Werror"
++    LDFLAGS="$LDFLAGS -fPIE -pie"
++    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++int
++main ()
++{
++
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
++$as_echo "yes" >&6; }; enable_espf_pie=yes
++else
++  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }; enable_espf_pie=no
++fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext conftest.$ac_ext
++    LDFLAGS="$saved_LDFLAGS"
++    CFLAGS="$saved_CFLAGS"
++  else
++    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++    enable_espf_pie=no
++  fi
++
++  if test $enable_espf_pie = yes ; then
++
++$as_echo "#define ENABLE_ESPF_PIE 1" >>confdefs.h
++
++  fi
++
++  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can default to use -fstack-protector-all" >&5
++$as_echo_n "checking if we can default to use -fstack-protector-all... " >&6; }
++  if test x"$gcc_cv_libc_provides_ssp" = x"yes" && test x"$set_have_as_tls" = x"yes" ; then
++    saved_CFLAGS="$CFLAGS"
++    CFLAGS="$CFLAGS -O2 -fstack-protector-all -Werror"
++    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++int
++main ()
++{
++
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
++$as_echo "yes" >&6; }; enable_espf_ssp=yes
++else
++  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }; enable_espf_ssp=no
++fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext conftest.$ac_ext
++    CFLAGS="$saved_CFLAGS"
++  else
++    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++    enable_espf_ssp=no
++  fi
++  if test x"$enable_espf_ssp" = x"yes" ; then
++
++$as_echo "#define ENABLE_ESPF_SSP 1" >>confdefs.h
++
++  fi
++
++  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the compiler default to use -D_FORTIFY_SOURCES" >&5
++$as_echo_n "checking if the compiler default to use -D_FORTIFY_SOURCES... " >&6; }
++  if test x"$gcc_cv_libc_provides_fortify" = x"yes"; then
++    saved_CFLAGS="$CFLAGS"
++    saved_CPPFLAGS="$CPPFLAGS"
++    CFLAGS="$CFLAGS -O2 -Werror -Wall"
++    CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCES=2"
++    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++      #include <sys/types.h>
++      #include <sys/stat.h>
++      #include <fcntl.h>
++
++int
++main ()
++{
++
++      open ("/tmp/foo", O_WRONLY | O_CREAT);
++
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }; enable_espf_fortify=no
++else
++  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
++$as_echo "yes" >&6; }; enable_espf_fortify=yes
++fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext conftest.$ac_ext
++    CFLAGS="$saved_CFLAGS"
++    CPPFLAGS="$saved_CPPFLAGS"
++  else
++    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++    enable_espf_fortify=no
++  fi
++  if test x"$enable_espf_fortify" = x"yes" ; then
++
++$as_echo "#define ENABLE_ESPF_FORTIFY 1" >>confdefs.h
++
++  fi
++
++  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the compiler default to use -z now to the linker" >&5
++$as_echo_n "checking if the compiler default to use -z now to the linker... " >&6; }
++    if test x"$gcc_cv_ld_now" = x"yes"; then
++      saved_LDFLAGS="$LDFLAGS"
++      saved_CFLAGS="$CFLAGS"
++      CFLAGS="$CFLAGS -Werror"
++      LDFLAGS="$LDFLAGS -Wl,-z,now"
++      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++int
++main ()
++{
++
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
++$as_echo "yes" >&6; }; enable_espf_now=yes
++else
++  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }; enable_espf_now=no
++fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext conftest.$ac_ext
++      LDFLAGS="$saved_LDFLAGS"
++      CFLAGS="$saved_CFLAGS"
++    else
++      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++      enable_espf_now=no
++    fi
++    if test x"$enable_espf_now" = x"yes" ; then
++
++$as_echo "#define ENABLE_ESPF_NOW 1" >>confdefs.h
++
++    fi
++
++  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crtbeginP.o support" >&5
++$as_echo_n "checking for crtbeginP.o support... " >&6; }
++    case "$target" in
++      ia64*-*-linux*)
++        enable_crtbeginP=no ;;
++      *-*-linux*)
++        if test x"$gcc_cv_ld_pie" = x"yes" && test x"$lt_cv_prog_compiler_static_works" = x"yes"; then
++          enable_crtbeginP=yes
++$as_echo "#define ENABLE_CRTBEGINP 1" >>confdefs.h
++        else
++          enable_crtbeginP=no
++        fi ;;
++      *) enable_crtbeginP=no ;;
++    esac
++  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_crtbeginP" >&5
++$as_echo "$enable_crtbeginP" >&6; }
++fi
++
+ # Configure the subdirectories
+ # AC_CONFIG_SUBDIRS($subdirs)
+ 

diff --git a/gcc-4.7.0/piepatch/02_all_gcc45_config.in.patch b/gcc-4.7.0/piepatch/02_all_gcc45_config.in.patch
new file mode 100644
index 0000000..489658f
--- /dev/null
+++ b/gcc-4.7.0/piepatch/02_all_gcc45_config.in.patch
@@ -0,0 +1,32 @@
+2011-12-05	Magnus Granberg		<zorry@gentoo.org>
+
+		* gcc/config.in	Add ENABLE_CRTBEGINP and ENABLE_ESP
+
+--- gcc/config.in	2009-04-21 11:08:08.000000000 +0200
++++ gcc/config.in	2009-05-12 00:10:08.000000000 +0200
+@@ -46,6 +46,12 @@
+ #endif
+ 
+ 
++/* Define to 1 to enable crtbeginP.o. */
++#ifndef USED_FOR_TARGET
++#undef ENABLE_CRTBEGINP
++#endif
++
++
+ /* Define to 1 to specify that we are using the BID decimal floating point
+    format instead of DPD */
+ #ifndef USED_FOR_TARGET
+@@ -65,6 +65,12 @@
+ #endif
+ 
+ 
++/* Define to 1 to enable esp. */
++#ifndef USED_FOR_TARGET
++#undef ENABLE_ESP
++#endif
++
++
+ /* Define to 1 to enable fixed-point arithmetic extension to C. */
+ #ifndef USED_FOR_TARGET
+ #undef ENABLE_FIXED_POINT

diff --git a/gcc-4.7.0/piepatch/03_all_gcc47_Makefile.in.patch b/gcc-4.7.0/piepatch/03_all_gcc47_Makefile.in.patch
new file mode 100644
index 0000000..9f6c520
--- /dev/null
+++ b/gcc-4.7.0/piepatch/03_all_gcc47_Makefile.in.patch
@@ -0,0 +1,130 @@
+2012-01-17	Magnus Granberg		<zorry@gentoo.org>
+
+		* Makefile.in	We add -fno-stack-protector to BOOT_CFLAGS, LIBCFLAGS and
+			LIBCXXFLAGS if enable_esp yes.
+		* gcc/Makefile.in	Add -fno-PIE. to ALL_CFLAGS and
+			ALL_CXXFLAGS if enable_esp yes.
+			Echo enable_esp and enable_crtbeginP to tmp-libgcc.mvars.
+		* libgcc/Makefile.in	Add crtbeginP.o to EXTRA_PARTS if enable_crtbeginP yes
+			We add new file crtbeginP.o if enable_crtbeginP yes
+			Add -fno-PIE. to CRTSTUFF_CFLAGS.
+
+--- a/Makefile.in	2010-01-22 08:35:38.000000000 -0500
++++ b/Makefile.in	2010-02-07 15:10:59.000000000 -0500
+@@ -350,9 +350,17 @@
+ BUILD_PREFIX = @BUILD_PREFIX@
+ BUILD_PREFIX_1 = @BUILD_PREFIX_1@
+ 
++# Some stuff don't compile with SSP
++enable_esp = @enable_esp@
++ifeq ($(enable_esp),yes)
++ESP_NOSSP_CFLAGS = -fno-stack-protector
++else
++ESP_NOSSP_CFLAGS=
++endif
++
+ # Flags to pass to stage2 and later makes.  They are defined
+ # here so that they can be overridden by Makefile fragments.
+-BOOT_CFLAGS= -g -O2
++BOOT_CFLAGS= -g -O2 $(ESP_NOSSP_CFLAGS)
+ BOOT_LDFLAGS=
+ BOOT_ADAFLAGS=-gnatpg -gnata
+ 
+@@ -403,9 +403,9 @@
+ 
+ CFLAGS = @CFLAGS@
+ LDFLAGS = @LDFLAGS@
+-LIBCFLAGS = $(CFLAGS)
++LIBCFLAGS = $(CFLAGS) $(ESP_NOSSP_CFLAGS)
+ CXXFLAGS = @CXXFLAGS@
+-LIBCXXFLAGS = $(CXXFLAGS) -fno-implicit-templates
++LIBCXXFLAGS = $(CXXFLAGS) -fno-implicit-templates $(ESP_NOSSP_CFLAGS)
+ GOCFLAGS = $(CFLAGS)
+ 
+ TFLAGS =
+--- a/gcc/Makefile.in	2011-11-09 02:20:14.000000000 +0100
++++ b/gcc/Makefile.in	2011-12-24 22:28:08.864804375 +0100
+@@ -247,6 +247,14 @@ LINKER_FLAGS = $(CFLAGS)
+ endif
+ endif
+ 
++# We don't want to compile the compiler with -fPIE, it make PCH fail.
++enable_esp = @enable_esp@
++ifeq ($(enable_esp),yes)
++ESP_NOPIE_CFLAGS = -fno-PIE
++else
++ESP_NOPIE_CFLAGS=
++endif
++
+ # -------------------------------------------
+ # Programs which operate on the build machine
+ # -------------------------------------------
+@@ -974,12 +982,13 @@ INTERNAL_CFLAGS = -DIN_GCC @CROSS@
+ 
+ # This is the variable actually used when we compile. If you change this,
+ # you probably want to update BUILD_CFLAGS in configure.ac
+-ALL_CFLAGS = $(T_CFLAGS) $(CFLAGS-$@) \
++ALL_CFLAGS = $(ESP_NOPIE_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) \
+   $(CFLAGS) $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(WARN_CFLAGS) @DEFS@
+ 
+ # The C++ version.
+-ALL_CXXFLAGS = $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) $(INTERNAL_CFLAGS) \
+-  $(COVERAGE_FLAGS) $(NOEXCEPTION_FLAGS) $(WARN_CXXFLAGS) @DEFS@
++ALL_CXXFLAGS = $(ESP_NOPIE_CFLAGS) $(T_CFLAGS) $(CFLAGS-$@) $(CXXFLAGS) \
++  $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(NOEXCEPTION_FLAGS) \
++  $(WARN_CXXFLAGS) @DEFS@
+ 
+ # Likewise.  Put INCLUDES at the beginning: this way, if some autoconf macro
+ # puts -I options in CPPFLAGS, our include files in the srcdir will always
+@@ -1814,6 +1823,8 @@ libgcc.mvars: config.status Makefile spe
+ 	echo GCC_CFLAGS = '$(GCC_CFLAGS)' >> tmp-libgcc.mvars
+ 	echo INHIBIT_LIBC_CFLAGS = '$(INHIBIT_LIBC_CFLAGS)' >> tmp-libgcc.mvars
+ 	echo TARGET_SYSTEM_ROOT = '$(TARGET_SYSTEM_ROOT)' >> tmp-libgcc.mvars
++	echo enable_esp = '$(enable_esp)' >> tmp-libgcc.mvars
++	echo enable_crtbeginP = '@enable_crtbeginP@' >> tmp-libgcc.mvars
+ 
+ 	mv tmp-libgcc.mvars libgcc.mvars
+ 
+--- a/libgcc/Makefile.in	2011-11-22 04:01:02.000000000 +0100
++++ b/libgcc/Makefile.in	2011-12-25 15:18:22.449610631 +0100
+@@ -219,6 +219,17 @@ else
+ DECNUMINC =
+ endif
+ 
++ifeq ($(enable_esp),yes)
++ESP_NOPIE_CFLAGS = -fno-PIE
++else
++ESP_NOPIE_CFLAGS=
++endif
++
++# We add crtbeginP.o to the EXTRA_PARTS list if enable_crtbeginP = yes
++ifeq ($(enable_crtbeginP),yes)
++EXTRA_PARTS += crtbeginP.o
++endif
++
+ # Options to use when compiling libgcc2.a.
+ #
+ LIBGCC2_DEBUG_CFLAGS = -g
+@@ -279,7 +290,7 @@ INTERNAL_CFLAGS = $(CFLAGS) $(LIBGCC2_CF
+ CRTSTUFF_CFLAGS = -O2 $(GCC_CFLAGS) $(INCLUDES) $(MULTILIB_CFLAGS) -g0 \
+   -finhibit-size-directive -fno-inline -fno-exceptions \
+   -fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \
+-  -fno-stack-protector \
++  -fno-stack-protector $(ESP_NOPIE_CFLAGS) \
+   $(INHIBIT_LIBC_CFLAGS)
+ 
+ # Extra flags to use when compiling crt{begin,end}.o.
+@@ -966,6 +977,13 @@ crtendS$(objext): $(srcdir)/crtstuff.c
+ # This is a version of crtbegin for -static links.
+ crtbeginT$(objext): $(srcdir)/crtstuff.c
+ 	$(crt_compile) $(CRTSTUFF_T_CFLAGS) -c $< -DCRT_BEGIN -DCRTSTUFFT_O
++
++# This is a version of crtbegin for -static -fPIE links.
++ifeq ($(enable_crtbeginP),yes)
++crtbeginP$(objext): $(srcdir)/crtstuff.c
++	$(crt_compile) $(CRTSTUFF_T_CFLAGS_S) \
++	  -c $< -DCRT_BEGIN -DCRTSTUFFT_O -DCRTSTUFFS_O
++endif
+ endif
+ 
+ ifeq ($(CUSTOM_CRTIN),)

diff --git a/gcc-4.7.0/piepatch/05_all_gcc47_gcc.c.patch b/gcc-4.7.0/piepatch/05_all_gcc47_gcc.c.patch
new file mode 100644
index 0000000..ca03258
--- /dev/null
+++ b/gcc-4.7.0/piepatch/05_all_gcc47_gcc.c.patch
@@ -0,0 +1,84 @@
+2012-01-15	Magnus Granberg		<zorry@gentoo.org>
+
+		* gcc/gcc.c								include esp.h
+		static const char *cc1_spec 			We set that in esp.h if ENABLE_ESP.
+		#ifdef EXTRA_SPECS:						Add ESP_EXTRA_SPECS
+		main():									Add do_self_spec esp_command_options_spec()
+
+--- gcc/gcc.c	2010-01-21 10:29:30.000000000 -0500
++++ gcc/gcc.c	2010-01-29 23:29:16.000000000 -0500
+@@ -44,6 +44,7 @@
+ #include "opts.h"
+ #include "params.h"
+ #include "vec.h"
++#include "esp.h" /* for --enable-esp support */
+ #include "filenames.h"
+ 
+ /* By default there is no special suffix for target executables.  */
+@@ -822,7 +823,9 @@
+ 
+ static const char *asm_debug;
+ static const char *cpp_spec = CPP_SPEC;
++#ifndef ENABLE_ESP
+ static const char *cc1_spec = CC1_SPEC;
++#endif
+ static const char *cc1plus_spec = CC1PLUS_SPEC;
+ static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
+ static const char *link_ssp_spec = LINK_SSP_SPEC;
+@@ -1699,18 +1705,23 @@
+   INIT_STATIC_SPEC ("sysroot_hdrs_suffix_spec",	&sysroot_hdrs_suffix_spec),
+ };
+ 
+-#ifdef EXTRA_SPECS		/* additional specs needed */
++/* EXTRA_SPECS needs to be defined  */
++#ifndef EXTRA_SPECS
++#define EXTRA_SPECS
++#endif
++
++/* EXTRA_SPECS and ESP_EXTRA_SPECS add additional specs */
+ /* Structure to keep track of just the first two args of a spec_list.
+-   That is all that the EXTRA_SPECS macro gives us.  */
++   That is all that the EXTRA_SPECS and ESP_EXTRA_SPECS macro gives us.  */
+ struct spec_list_1
+ {
+   const char *const name;
+   const char *const ptr;
+ };
+ 
+-static const struct spec_list_1 extra_specs_1[] = { EXTRA_SPECS };
++/* ESP_EXTRA_SPECS before EXTRA_SPECS  */
++static const struct spec_list_1 extra_specs_1[] = { ESP_EXTRA_SPECS, EXTRA_SPECS };
+ static struct spec_list *extra_specs = (struct spec_list *) 0;
+-#endif
+ 
+ /* List of dynamically allocates specs that have been defined so far.  */
+ 
+@@ -1798,7 +1809,6 @@
+   if (verbose_flag)
+     notice ("Using built-in specs.\n");
+ 
+-#ifdef EXTRA_SPECS
+   extra_specs = XCNEWVEC (struct spec_list, ARRAY_SIZE (extra_specs_1));
+ 
+   for (i = ARRAY_SIZE (extra_specs_1) - 1; i >= 0; i--)
+@@ -1811,7 +1821,6 @@
+       sl->ptr_spec = &sl->ptr;
+       next = sl;
+     }
+-#endif
+ 
+   for (i = ARRAY_SIZE (static_specs) - 1; i >= 0; i--)
+     {
+@@ -7096,6 +7123,12 @@
+     gcc_exec_prefix = concat (gcc_exec_prefix, spec_machine, dir_separator_str,
+ 			      spec_version, dir_separator_str, NULL);
+ 
++#ifdef ENABLE_ESP
++  /* Process ESP_COMMAND_OPTIONS_SPEC, adding any new options to the end
++     of the command line.  */
++  do_self_spec (esp_command_options_spec);
++#endif
++
+   /* Now we have the specs.
+      Set the `valid' bits for switches that match anything in any spec.  */
+ 

diff --git a/gcc-4.7.0/piepatch/06_all_gcc45_esp.h.patch b/gcc-4.7.0/piepatch/06_all_gcc45_esp.h.patch
new file mode 100644
index 0000000..c51e8b4
--- /dev/null
+++ b/gcc-4.7.0/piepatch/06_all_gcc45_esp.h.patch
@@ -0,0 +1,153 @@
+2011-12-05		Magnus Granberg		<zorry@gentoo.org>
+
+		* gcc/esp.h	New file to support --enable-esp
+		Version 20111205.1
+
+--- gcc/esp.h	2010-04-09 16:14:00.000000000 +0200
++++ gcc/esp.h	2010-04-29 21:30:47.000000000 +0200
+@@ -0,0 +1,145 @@
++/* License terms see GNU GENERAL PUBLIC LICENSE Version 3.
++ * Version 20111205.1
++ * Magnus Granberg (Zorry) <zorry@gentoo.org>  */
++#ifndef GCC_ESP_H
++#define GCC_ESP_H
++
++/*	This file will add -fstack-protector-all, -fPIE, -pie and -z now 
++	as default if the defines and the spec allow it.
++	Added a hack for gcc-specs-* in toolchain-funcs.eclass and _filter-hardened in flag-o-matic.eclass
++	to support older hardened GCC patches and we don't need to change the code on gcc-specs-* and _filter-hardened.
++	This will add some unsupported upstream commands options as -nopie and -nonow.
++	-D__KERNEL__ is added so we don't have -fPIE, -pie and -fstack-protector-all when building kernels.
++	ESP_CC1_SPEC is added to CC1_SPEC.
++	ESP_CC1_STRICT_OVERFLOW_SPEC is added so we don't disable the strict-overflow check.
++	ESP_LINK_PIE_CHECK_SPEC check for -pie, -p, -pg, -profile and -static.
++	ENABLE_CRTBEGINP add support for crtbeginP.o, build -static with -fPIE or -fpie.
++*/
++#ifdef ENABLE_ESP
++	
++	/* Hack to support gcc-specs-* in toolchain-funcs.eclass and _filter-hardened in flag-o-matic.eclass  */
++	#define ESP_CC1_SPEC " %(esp_cc1_ssp) %(esp_cc1_pie) %(esp_cc1_strict_overflow)"
++	#if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP )
++		#define ESP_CC1_SSP_SPEC "%{!fno-stack-protector: %{!fno-stack-protector-all: }}"
++	#else
++		#define ESP_CC1_SSP_SPEC ""
++	#endif
++	#if defined ( EFAULT_PIE ) || defined ( EFAULT_PIE_SSP )
++		#define ESP_CC1_PIE_SPEC "%{!nopie: }"
++	#else
++		#define ESP_CC1_PIE_SPEC ""
++	#endif
++	#define ESP_CC1_STRICT_OVERFLOW_SPEC "%{!fstrict-overflow:%{!fno-strict-overflow: -fno-strict-overflow}}"
++
++	/*	ESP_LINK_SPEC is added to LINK_PIE_SPEC if esp is enable
++		-z now will be added if we don't have -vanilla spec. We do a -pie incompatible check
++		Don't remove the specs in the end  */
++	#define ESP_LINK_SPEC "%(esp_link_now) %(esp_link_pie_check) "
++	#define ESP_LINK_NOW_SPEC "%{!nonow:-z now}"
++
++	/*	We use ESP_COMMAND_OPTIONS_SPEC to add pie command-line options.  */
++	#define ESP_COMMAND_OPTIONS_SPEC "%{!D__KERNEL__:%{!nopie:%(esp_options_pie) %(esp_link_pie)}}"
++	
++	/*	ESP_OPTIONS_SPEC is added to the compiler spec in gcc/gcc.c  */
++	#define ESP_OPTIONS_SPEC "%(esp_options_ssp)"
++
++	/*	ESP_CPP_OPTIONS_SPEC is added to the cpp_options spec in gcc/gcc.c  
++		For precompiling headers.  */
++	#define ESP_CPP_OPTIONS_SPEC "%(esp_options_ssp)"
++
++	/*  This will add -fstack-protector-all if we don't have -nostdlib -nodefaultlibs -fno-stack-protector -fstack-protector
++		-fstack-protector-all and we have EFAULT_SSP or EFAULT_PIE_SSP defined.  */
++	#if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP )
++		#define ESP_OPTIONS_SSP_SPEC \
++			"%{!D__KERNEL__:%{!nostdlib:%{!nodefaultlibs: %{!fno-stack-protector: \
++			%{!fstack-protector:%{!fstack-protector-all:-fstack-protector-all}}}}}}"
++	#else
++		#define ESP_OPTIONS_SSP_SPEC ""
++	#endif
++
++	/* If EFAULT_PIE or EFAULT_PIE_SSP is defined we will add -fPIE -pie  */
++	#if defined ( EFAULT_PIE ) || defined ( EFAULT_PIE_SSP )
++
++		/*  This will add -fPIE if we don't have -pie -fpic -fPIC -fpie -fPIE -fno-pic -fno-PIC -fno-pie -fno-PIE -shared -static
++			-nostdlib -nostartfiles.  */
++		/*  With ENABLE_CRTBEGINP we don't need to check for -static  */
++		#ifdef ENABLE_CRTBEGINP
++			#define ESP_OPTIONS_PIE_SPEC \
++				"%{!pie: %{!fpic:%{!fPIC:%{!fpie:%{!fPIE: %{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE: \
++				%{!shared: %{!nostdlib: %{!nostartfiles:-fPIE}} } }}}} }}}} }"
++		#else
++			#define ESP_OPTIONS_PIE_SPEC \
++				"%{!pie: %{!fpic:%{!fPIC:%{!fpie:%{!fPIE: %{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE: \
++				%{!shared: %{!static: %{!nostdlib: %{!nostartfiles:-fPIE}} } }}}} }}}} }}"
++		#endif
++
++		/*  This will add -pie if we don't have -pie -A -fno-pic -fno-PIC -fno-pie -fno-PIE -shared -static -r -nostdlib 
++			-nostartfiles  */
++		/*  With ENABLE_CRTBEGINP we don't need to check for -static
++			and we add -pie only to get the start and endfiles. -pie will not go to the linker. */
++		#ifdef ENABLE_CRTBEGINP
++			#define ESP_LINK_PIE_SPEC \
++				"%{!pie:%{!A:%{!fno-pie:%{!fno-PIE:%{!fno-pic:%{!fno-PIC:%{!shared:%{!r: \
++				%{!nostdlib:%{!nostartfiles:-pie}}}}}}}}}}"
++		#else
++			#define ESP_LINK_PIE_SPEC \
++				"%{!pie:%{!A:%{!fno-pie:%{!fno-PIE:%{!fno-pic:%{!fno-PIC:%{!shared:%{!static:%{!r: \
++				%{!nostdlib:%{!nostartfiles:-pie}}}}}}}}}}}"
++		#endif
++		
++		/*  This will check if -pie is set when (-static) -pg -p -profile. If set it will make gcc print out
++			"-pie and (static)|pg|p|profile are incompatible when linking"  */
++		/*  With ENABLE_CRTBEGINP we don't need to check for -static  */
++		#ifdef ENABLE_CRTBEGINP
++			#define ESP_LINK_PIE_CHECK_SPEC \
++				"%{pie:%{pg|p|profile:%e-pie and -pg|p|profile are incompatible when linking}}"
++		#else
++			#define ESP_LINK_PIE_CHECK_SPEC \
++				"%{pie:%{static|pg|p|profile:%e-pie and -static|pg|p|profile are incompatible when linking}}"
++		#endif
++
++		/*  We don't pass -pie to the linker when -static.  */
++		#ifdef ENABLE_CRTBEGINP
++			#define LINK_PIE_SPEC "%{!static:%{pie:-pie}} %(esp_link)"
++		#else
++			#define LINK_PIE_SPEC "%{pie:-pie} %(esp_link)"
++		#endif
++
++	#else
++		#define ESP_OPTIONS_PIE_SPEC ""
++		#define ESP_LINK_PIE_CHECK_SPEC ""
++		#define ESP_LINK_PIE_SPEC ""
++		#define LINK_PIE_SPEC "%{pie:-pie} %(esp_link)"
++	#endif
++
++	/*  We add extra spec name's to the EXTRA_SPECS list  */
++	#define ESP_EXTRA_SPECS \
++		{ "esp_cc1",								ESP_CC1_SPEC },					\
++		{ "esp_cc1_pie",							ESP_CC1_PIE_SPEC },				\
++		{ "esp_cc1_ssp",							ESP_CC1_SSP_SPEC },				\
++		{ "esp_cc1_strict_overflow",				ESP_CC1_STRICT_OVERFLOW_SPEC },	\
++		{ "esp_link",								ESP_LINK_SPEC },				\
++		{ "esp_link_now",							ESP_LINK_NOW_SPEC },			\
++		{ "esp_link_pie",							ESP_LINK_PIE_SPEC },			\
++		{ "esp_link_pie_check",						ESP_LINK_PIE_CHECK_SPEC },		\
++		{ "esp_command_options",					ESP_COMMAND_OPTIONS_SPEC },		\
++		{ "esp_cpp_options",						ESP_CPP_OPTIONS_SPEC },			\
++		{ "esp_options",							ESP_OPTIONS_SPEC },				\
++		{ "esp_options_pie",						ESP_OPTIONS_PIE_SPEC },			\
++		{ "esp_options_ssp",						ESP_OPTIONS_SSP_SPEC }
++
++	static const char *esp_command_options_spec = ESP_COMMAND_OPTIONS_SPEC;
++	static const char *cc1_spec = CC1_SPEC ESP_CC1_SPEC;
++
++#else /* If not ESP_ENABLE defined do this.  */
++
++	#define ESP_OPTIONS_SPEC ""
++	#define ESP_CPP_OPTIONS_SPEC ""
++
++	/*  We add extra spec name's to the EXTRA_SPECS list  */
++	#define ESP_EXTRA_SPECS \
++		{ "esp_options",				ESP_OPTIONS_SPEC },			\
++		{ "esp_cpp_options",			ESP_CPP_OPTIONS_SPEC }
++
++#endif
++#endif /* End GCC_ESP_H */

diff --git a/gcc-4.7.0/piepatch/10_all_gcc46_default-ssp.patch b/gcc-4.7.0/piepatch/10_all_gcc46_default-ssp.patch
new file mode 100644
index 0000000..ea4be77
--- /dev/null
+++ b/gcc-4.7.0/piepatch/10_all_gcc46_default-ssp.patch
@@ -0,0 +1,130 @@
+2011-03-05	Matthias Klose		<doko@ubuntu.com>, Kees Cook	<kees@outflux.net>,
+			Magnus Granberg	<zorry@gentoo.org>
+
+		* gcc/objc/lang-specs.h	compiler spec			Add %(esp_options)
+		* gcc/objcp/lang-specs.h	compiler spec			Add %(esp_options)
+		* gcc/gcc.c			*cpp_options			Add %(esp_cpp_options)
+		* gcc/gcc.c			default_compilers[]		Add %(esp_options)
+		* gcc/cp/lang-specs.h		compiler spec			Add %(esp_options)
+
+--- a/gcc/gcc.c.orig	2009-12-21
++++ b/gcc/gcc.c	2009-12-21
+@@ -740,7 +749,7 @@
+ static const char *cpp_options =
+ "%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\
+  %{f*} %{g*:%{!g0:%{g*} %{!fno-working-directory:-fworking-directory}}} %{O*}\
+- %{undef} %{save-temps*:-fpch-preprocess}";
++ %{undef} %{save-temps*:-fpch-preprocess} %(esp_cpp_options)";
+ 
+ /* This contains cpp options which are not passed when the preprocessor
+    output will be used by another program.  */
+@@ -914,9 +923,9 @@
+       %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \
+ 	  %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\
+ 	    cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \
+-	  %(cc1_options)}\
++	  %(cc1_options) %(esp_options)}\
+       %{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\
+-	  cc1 %(cpp_unique_options) %(cc1_options)}}}\
++	  cc1 %(cpp_unique_options) %(cc1_options) %(esp_options)}}}\
+       %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1},
+   {"-",
+    "%{!E:%e-E or -x required when input is from standard input}\
+@@ -953,7 +953,7 @@
+                     %W{o*:--output-pch=%*}}%V}}}}}}", 0, 0, 0},
+   {".i", "@cpp-output", 0, 0, 0},
+   {"@cpp-output",
+-   "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
++   "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %(esp_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+   {".s", "@assembler", 0, 0, 0},
+   {"@assembler",
+    "%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0},
+--- a/gcc/cp/lang-specs.h	2011-03-06 17:27:57.000000000 +0100
++++ b/gcc/cp/lang-specs.h	2011-03-26 13:30:40.312423000 +0100
+@@ -47,7 +47,7 @@
+ 		%(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\
+       cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\
+ 	      %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
+-	%(cc1_options) %2\
++	%(cc1_options) %(esp_options) %2\
+ 	%{!fsyntax-only:%{!fdump-ada-spec*:-o %g.s %{!o*:--output-pch=%i.gch}\
+         %W{o*:--output-pch=%*}}%V}}}}",
+      CPLUSPLUS_CPP_SPEC, 0, 0},
+@@ -58,7 +58,7 @@
+ 		%(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\
+       cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\
+ 	      %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
+-	%(cc1_options) %2\
++	%(cc1_options) %(esp_options) %2\
+        %{!fsyntax-only:%(invoke_as)}}}}",
+      CPLUSPLUS_CPP_SPEC, 0, 0},
+   {".ii", "@c++-cpp-output", 0, 0, 0},
+
+--- a/gcc/objcp/lang-specs.h	2011-03-06 17:27:57.000000000 +0100
++++ a/gcc/objcp/lang-specs.h	2011-03-26 14:19:12.596423000 +0100
+@@ -36,7 +36,7 @@
+ 		%(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
+       cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
+ 	      %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
+-	%(cc1_options) %2\
++	%(cc1_options) %(esp_options) %2\
+         -o %g.s %{!o*:--output-pch=%i.gch} %W{o*:--output-pch=%*}%V}}}",
+      CPLUSPLUS_CPP_SPEC, 0, 0},
+   {"@objective-c++",
+@@ -46,16 +46,16 @@
+ 		%(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
+       cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
+ 	      %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
+-	%(cc1_options) %2\
++	%(cc1_options) %(esp_options) %2\
+        %{!fsyntax-only:%(invoke_as)}}}}",
+      CPLUSPLUS_CPP_SPEC, 0, 0},
+   {".mii", "@objective-c++-cpp-output", 0, 0, 0},
+   {"@objective-c++-cpp-output",
+    "%{!M:%{!MM:%{!E:\
+-    cc1objplus -fpreprocessed %i %(cc1_options) %2\
++    cc1objplus -fpreprocessed %i %(cc1_options) %(esp_options) %2\
+     %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+   {"@objc++-cpp-output",
+    "%nobjc++-cpp-output is deprecated; please use objective-c++-cpp-output instead\n\
+     %{!M:%{!MM:%{!E:\
+-    cc1objplus -fpreprocessed %i %(cc1_options) %2\
++    cc1objplus -fpreprocessed %i %(cc1_options) %(esp_options) %2\
+     %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+--- a/gcc/objc/lang-specs.h	2011-03-06 17:27:57.000000000 +0100
++++ b/gcc/objc/lang-specs.h	2011-03-26 14:56:27.668423000 +0100
+@@ -30,9 +30,9 @@
+ 	%{traditional|traditional-cpp:\
+ %eGNU Objective C no longer supports traditional compilation}\
+ 	%{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
+-	    cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}\
++	    cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %(esp_options) %{print-objc-runtime-info} %{gen-decls}}\
+ 	%{!save-temps*:%{!no-integrated-cpp:\
+-	    cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}}\
++	    cc1obj %(cpp_unique_options) %(cc1_options) %(esp_options) %{print-objc-runtime-info} %{gen-decls}}}\
+         %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+   {"@objective-c-header",
+      "%{E|M|MM:cc1obj -E %{traditional|traditional-cpp:-traditional-cpp}\
+@@ -41,18 +41,18 @@
+ 	%{traditional|traditional-cpp:\
+ %eGNU Objective C no longer supports traditional compilation}\
+ 	%{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
+-	    cc1obj -fpreprocessed %b.mi %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
++	    cc1obj -fpreprocessed %b.mi %(cc1_options)%(esp_options)  %{print-objc-runtime-info} %{gen-decls}\
+                         -o %g.s %{!o*:--output-pch=%i.gch}\
+                         %W{o*:--output-pch=%*}%V}\
+ 	%{!save-temps*:%{!no-integrated-cpp:\
+-	    cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
++	    cc1obj %(cpp_unique_options) %(cc1_options) %(esp_options) %{print-objc-runtime-info} %{gen-decls}\
+                         -o %g.s %{!o*:--output-pch=%i.gch}\
+                         %W{o*:--output-pch=%*}%V}}}}}", 0, 0, 0},
+   {".mi", "@objective-c-cpp-output", 0, 0, 0},
+   {"@objective-c-cpp-output",
+-     "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
++     "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(esp_options) %{print-objc-runtime-info} %{gen-decls}\
+ 			     %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+   {"@objc-cpp-output",
+       "%nobjc-cpp-output is deprecated; please use objective-c-cpp-output instead\n\
+-       %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
++       %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(esp_options) %{print-objc-runtime-info} %{gen-decls}\
+ 			     %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},

diff --git a/gcc-4.7.0/piepatch/15_all_gcc44_decl-tls-model.patch b/gcc-4.7.0/piepatch/15_all_gcc44_decl-tls-model.patch
new file mode 100644
index 0000000..09438a0
--- /dev/null
+++ b/gcc-4.7.0/piepatch/15_all_gcc44_decl-tls-model.patch
@@ -0,0 +1,20 @@
+2009-06-13	Magnus Granberg		<zorry@ume.nu>
+		
+		b.g.o #232601
+		* gcc/varasm.c (decl_tls_model): Check flag_pic instead of flag_shlib.
+
+--- gcc/varasm.c	2009-03-17 21:18:21.000000000 +0100
++++ gcc/varasm.c	2009-04-29 03:10:09.000000000 +0200
+@@ -5607,7 +5607,11 @@
+   bool is_local;
+ 
+   is_local = targetm.binds_local_p (decl);
+-  if (!flag_shlib)
++  #ifdef ENABLE_ESP
++    if (!flag_pic)
++  #else
++    if (!flag_shlib)
++  #endif
+     {
+       if (is_local)
+ 	kind = TLS_MODEL_LOCAL_EXEC;

diff --git a/gcc-4.7.0/piepatch/20_all_gcc46_config_crtbeginp.patch b/gcc-4.7.0/piepatch/20_all_gcc46_config_crtbeginp.patch
new file mode 100644
index 0000000..0e716b0
--- /dev/null
+++ b/gcc-4.7.0/piepatch/20_all_gcc46_config_crtbeginp.patch
@@ -0,0 +1,36 @@
+2011-03-05		Magnus Granberg		<zorry@gentoo.org>
+
+		* gcc/config/gnu-user.h			If ENABLE_CRTBEGINP, -static and -pie use crtbegineP.o.
+		* gcc/config/rs6000/sysv4.h		If ENABLE_CRTBEGINP, -static and -pie use crtbegineP.o.
+
+--- gcc/config/gnu-user.h	2009-04-10 01:23:07.000000000 +0200
++++ gcc/config/gnu-user.h	2009-09-08 04:08:06.000000000 +0200
+@@ -39,7 +39,11 @@
+    provides part of the support for getting C++ file-scope static
+    object constructed before entering `main'.  */
+    
+-#if defined HAVE_LD_PIE
++#if defined (HAVE_LD_PIE) && defined (ENABLE_CRTBEGINP)
++#define GNU_USER_TARGET_STARTFILE_SPEC \
++  "%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} crti.o%s \
++   %{static:%{pie:crtbeginP.o%s;:crtbeginT.o%s}} %{!static:%{shared|pie:crtbeginS.o%s;:crtbegin.o%s}}"
++#elif defined (HAVE_LD_PIE) && ! defined (ENABLE_CRTBEGINP)
+ #define GNU_USER_TARGET_STARTFILE_SPEC \
+   "%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} \
+    crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
+--- gcc/config/rs6000/sysv4.h	2009-04-10 01:23:07.000000000 +0200
++++ gcc/config/rs6000/sysv4.h	2009-09-08 04:41:50.000000000 +0200
+@@ -883,7 +883,12 @@
+ %{!mnewlib: %{pthread:-lpthread} %{shared:-lc} \
+ %{!shared: %{profile:-lc_p} %{!profile:-lc}}}"
+ 
+-#ifdef HAVE_LD_PIE
++#if defined (HAVE_LD_PIE) && defined (ENABLE_CRTBEGINP)
++#define STARTFILE_LINUX_SPEC "\
++%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} \
++%{mnewlib:ecrti.o%s;:crti.o%s} \
++%{static:%{pie:crtbeginP.o%s;:crtbeginT.o%s}} %{!static:%{shared|pie:crtbeginS.o%s;:crtbegin.o%s}}"
++#elif defined (HAVE_LD_PIE) && ! defined (ENABLE_CRTBEGINP)
+ #define	STARTFILE_LINUX_SPEC "\
+ %{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} \
+ %{mnewlib:ecrti.o%s;:crti.o%s} \

diff --git a/gcc-4.7.0/piepatch/24_all_gcc44_invoke.texi.patch b/gcc-4.7.0/piepatch/24_all_gcc44_invoke.texi.patch
new file mode 100644
index 0000000..15b3417
--- /dev/null
+++ b/gcc-4.7.0/piepatch/24_all_gcc44_invoke.texi.patch
@@ -0,0 +1,44 @@
+2009-09-11		Magnus Granberg		<zorry@gentoo.org>
+
+		* gcc/doc/invoke.texi	Add NOTES about -fstack-protector-all, -pie and
+		-fPIE/-fpie when --enable-esp is enable, this options is on by default.
+
+--- gcc/doc/invoke.texi	2009-04-01 09:18:47.000000000 +0200
++++ gcc/doc/invoke.texi	2009-06-18 14:08:38.000000000 +0200
+@@ -7134,6 +7134,11 @@
+ @opindex fstack-protector-all
+ Like @option{-fstack-protector} except that all functions are protected.
+ 
++NOTE: When --enable-esp this option is enabled by default 
++for C, C++, ObjC, ObjC++, if neither @option{-fno-stack-protector}
++or @option{-nostdlib} or @option{-nodefaultlibs} or 
++@option{-fstack-protector} are found.
++
+ @item -fsection-anchors
+ @opindex fsection-anchors
+ Try to reduce the number of symbolic address calculations by using
+@@ -7960,6 +7965,12 @@
+ that were used to generate code (@option{-fpie}, @option{-fPIE},
+ or model suboptions) when you specify this option.
+ 
++NOTE: When --enable-esp this option is enabled by default
++for C, C++, ObjC, ObjC++, if neither @option{-fno-pie} or @option{-fno-PIE}
++or @option{-fno-pic} or @option{-fno-PIC} or @option{-nostdlib} or
++@option{-nostartfiles} or @option{-shared} or @option{-pg} or @option{-p}
++are found.
++
+ @item -rdynamic
+ @opindex rdynamic
+ Pass the flag @option{-export-dynamic} to the ELF linker, on targets
+@@ -15889,6 +15910,11 @@
+ @code{__pie__} and @code{__PIE__}.  The macros have the value 1
+ for @option{-fpie} and 2 for @option{-fPIE}.
+ 
++NOTE: When --enable-esp this option is enabled by default
++for C, C++, ObjC, ObjC++, if neither @option{-fno-pie} or @option{-fno-PIE}
++or @option{-fno-pic} or @option{-fno-PIC} or @option{-nostdlib} or
++@option{-nostartfiles} or @option{-shared} are found.
++
+ @item -fno-jump-tables
+ @opindex fno-jump-tables
+ Do not use jump tables for switch statements even where it would be

diff --git a/gcc-4.7.0/piepatch/33_all_gcc46_config_rs6000_linux64.h.patch b/gcc-4.7.0/piepatch/33_all_gcc46_config_rs6000_linux64.h.patch
new file mode 100644
index 0000000..bfd7b75
--- /dev/null
+++ b/gcc-4.7.0/piepatch/33_all_gcc46_config_rs6000_linux64.h.patch
@@ -0,0 +1,16 @@
+2011-03-05		Peter S. Mazinger	<ps.m@gmx.net>, Magnus Granberg		<zorry@gentoo.org>
+
+		* gcc/config/rs6000/linux64.h	ASM_SPEC32 Change %{fpic:-K PIC} %{fPIC:-K PIC}
+		to %{fpic|fPIC|fpie|fPIE:-K PIC}
+
+--- gcc/config/rs6000/linux64.h.psm	2009-04-10 01:23:07.000000000 +0200
++++ gcc/config/rs6000/linux64.h	2009-09-23 12:34:26.000000000 +0200
+@@ -162,7 +162,7 @@
+ #endif
+ 
+ #define ASM_SPEC32 "-a32 \
+-%{mrelocatable} %{mrelocatable-lib} %{fpic:-K PIC} %{fPIC:-K PIC} \
++%{mrelocatable} %{mrelocatable-lib} %{fpic|fPIC|fpie|fPIE:-K PIC} \
+ %{memb} %{!memb: %{msdata=eabi: -memb}} \
+ %{!mlittle: %{!mlittle-endian: %{!mbig: %{!mbig-endian: \
+     %{mcall-freebsd: -mbig} \

diff --git a/gcc-4.7.0/piepatch/README b/gcc-4.7.0/piepatch/README
new file mode 100644
index 0000000..f322ab8
--- /dev/null
+++ b/gcc-4.7.0/piepatch/README
@@ -0,0 +1,18 @@
+This work started with bugs #94325 #100689 #106222 #149292 #149649 and the overlay on http://overlays.gentoo.org/dev/kevquinn.
+By Kevin K. Quinn, Peter S. Mazinger, Natanael Copa, Alexander Gabert, Solar, PaX Team, SpanKY and mentor.
+
+The work stalled. Some threads on the Gentoo forum started to do their own fixes to get it working.
+Xake started the thread where most of the new work is done: "How long until hardened and toolchain will produce a hardened gcc4?"
+http://forums.gentoo.org/viewtopic-t-668885.html. I joined the thread and started to code.
+
+We started with the pieworld code from kevquinn's overlay. The PIE and minispecs part hit the tree later on.
+With GCC 4.4.0 I was willing to do some code cleanup, use built-in specs and add it as --enable-esp in the
+configure command line.
+
+Thank you all:
+Kevin K. Quinn, Peter S. Mazinger, Natanael Copa, Alexander Gabert, Solar, PaX Team, SpanKY, Xake, Dwokfur,
+KernelOfTruth, SteveL, nixnut, Hopeless, forsaken1, XioXous, obrut<-, mv, qjim, Tommy[D], Genewb, radegand,
+unk, neuron, alexxy, hellboi64, likewhoa, g0rg0n, costel78, polsas, 7v5w7go9ub0o, uberpinguin, Naib, cilly,
+bonsaikitten, kerframil, agaffney, Gordon Malm, blueness, Matthias Klose, Kees Cook, mentor, Anarchy,
+devurandom and everyone else for helping to test, suggestions, fixes and anything else we have missed.
+/2009-00-09 Magnus Grenberg (Zorry) <zorry@ume.nu>

diff --git a/gcc-4.7.0/piepatch/README.Changelog b/gcc-4.7.0/piepatch/README.Changelog
new file mode 100644
index 0000000..d94d449
--- /dev/null
+++ b/gcc-4.7.0/piepatch/README.Changelog
@@ -0,0 +1,338 @@
+0.5.1 Magnus Granberg		<zorry@gentoo.org>
+
+		* configure					Bumped for 4.7.0 release
+		* gcc/configure				Bumped for 4.7.0 release and
+			added some checks.
+		* gcc/Makefile					Bumped for 4.7.0 release
+		* gcc/gcc.c					Bumped for 4.7.0 release
+		* libgcc/Makefile				Bumped for 4.7.0 release
+
+0.5.0 Magnus Granberg		<zorry@gentoo.org>
+
+		#393321
+		* gcc/Makefile.in			Rename crtbeginTS.o to crtbeginP.o
+		* gcc/config/gnu-user.h		Rename crtbeginTS.o to crtbeginP.o
+		* gcc/config/rs6000/sysv4.h	Rename crtbeginTS.o to crtbeginP.o
+		* gcc/esp.h				Rename crtbeginTS.o to crtbeginP.o
+		* gcc/configure			Rename crtbeginTS.o to crtbeginP.o
+		* gcc/config.in				Rename crtbeginTS.o to crtbeginP.o
+		* libgcc/Makefile.in			Rename crtbeginTS.o to crtbeginP.o
+
+0.4.9 Magnus Granberg		<zorry@gentoo.org>
+
+		#380823
+		* gcc/Makefile.in			added ESP_NOPIE_CFLAGS to ALL_CXXFLAGS
+
+0.4.8 Magnus Granberg		<zorry@gentoo.org>
+	      
+	      * gcc/objc/lang-specs.h		Bumped for gcc 4.6.0 release
+	      * gcc/objcp/lang-specs.h		Bumped for gcc 4.6.0 release
+	      * gcc/cp/lang-specs.h			Bumped for gcc 4.6.0 release
+
+0.4.7	Magnus Granberg		<zorry@gentoo.org>
+
+		* gcc/gcc.c					Add %(esp_options) and %(esp_cpp_options)
+		* gcc/esp.h					Use the esp.h patch from gcc-4.4 patchset
+		* gcc/config/rs6000/linux64.h	Bumed for >2011-02-26 snapshot
+		* gcc/objc/lang-specs.h		Add %(esp_options)
+		* gcc/objcp/lang-specs.h		Add %(esp_options)
+		* gcc/cp/lang-specs.h			Add %(esp_options)
+		* gcc/config/gnu-user.h		Add crtbeginTS.o support
+	      
+0.4.6	Magnus Granberg		<zorry@gentoo.org>
+
+		* Makefile.in				Bumped for gcc 4.6
+		* gcc/Makefile.in			Bumped for gcc 4.6
+		added ESP_NOPIE_CFLAGS to ALL_CFLAGS
+		remove any ESP_NOSSP_CFLAGS
+		remove any ESP_NOPIE_CFLAGS from crt* when not needed
+		* gcc/gcc.c				Bumped for gcc 4.6
+		moved espf_options_ssp  to espf_command_options_spec
+		* gcc/esp.h				Added espf_options_ssp to espf_cc1_command_spec
+		* gcc/config/rs6000/linux64.h	Bumped for gcc 4.6
+		* gcc/config/linux.h			Bumped for gcc 4.6
+
+0.4.5	Magnus Granberg		<zorry@gentoo.org>
+
+		* gcc/config/rs6000/sysv4.h		Fix a typo in the static spec rules
+
+0.4.4	Magnus Granberg		<zorry@gentoo.org>
+
+		* gcc/esp.h			Renamed ESP_CC1_STRICT_SPEC to  ESP_CC1_STRICT_OVERFLOW_SPEC
+		Renamed	ESP_OPTIONS_PIE_CHECK_SPEC to ESP_LINK_PIE_CHECK_SPEC
+
+0.4.3	Magnus Granberg		<zorry@gentoo.org>
+
+		#299061 b.g.o
+		* gcc/gcc.c			removed the pie incompatible specs rule call
+		* gcc/esp.h			Move the -pie incompatible check to esp_link
+		remove the -shared incompatible check
+
+0.4.2	Magnus granberg		<zorry@gentoo.org>
+
+		* configure			remove the changes from 0.4.1
+		* Makefile.in		remove the changes from 0.4.1 remove -fstack-protector check.
+		* gcc/configure		remove the changes from 0.4.1
+		* gcc/config.in		remove the changes from 0.4.1 remove HAVE_GCC_SSP
+		* gcc/Makefile		remove the changes from 0.4.1
+		* gcc/esp.h			change HAVE_GCC_LD_PIE to (EFAULT_PIE || EFAULT_PIE_SSP)
+		change HAVE_GCC_SSP to (EFAULT_SSP || EFAULT_PIE_SSP)
+		* libmudflap/Makefiles.in remove the changes from 0.4.1
+
+0.4.1	Magnus Granberg		<zorry@gentoo.org>
+
+		*configure						removed check for --enable-esp removed enable_esp
+		added check for --enable-esp=(no|all|nopie|nossp). added enable_esp_set
+		*Makefile.in					renamed enable_esp to enable_esp_set
+		*gcc/configure					removed check for --enable-esp removed enable_esp
+		added check for --enable-esp=(no|all|nopie|nossp). added enable_esp_set
+		added a -fPIE -pie check. change AC_COMPILE_IFELSE to AC_LINK_IFELSE in the
+		-fstack-protector check.
+		* gcc/config.in					Added HAVE_GCC_LD_PIE
+		*gcc/Makefile.in				renamed enable_esp to enable_esp_set
+		*gcc/esp.h						Renamed HAVE_LD_PIE to HAVE_GCC_LD_PIE
+		Added HAVE_GCC_LD_PIE to #define ESP_CC1_PIE_SPEC. Move ESP_COMMAND_OPTIONS_SPEC
+		* libmudflap/Makefiles.in		In enable_esp change ifeq to ifdef.
+
+		#293843 b.g.o
+		*gcc/esp.h						Added -nonow to the -z now specs.
+		
+0.4.0	Anthony G. Basile	<basile@opensource.dyc.edu>
+
+		rename espf to esp and change espf-patchset to piepatchset
+
+0.3.9	Magnus Granberg		<zorry@gentoo.org>
+
+		* gcc/configure					Added check for TLS on the target in the SSP check.
+
+		#149292 b.g.o
+		* gcc/config/i386/linux.h		Removed uclibc don't support TLS on stack-protector
+		* gcc/config/i386/linux64.h		Removed uclibc don't support TLS on stack-protector
+		* gcc/config/rs6000/linux.h		Removed uclibc don't support TLS on stack-protector
+		* gcc/config/i386/linux.h		Removed uclibc don't support TLS on stack-protector
+		* gcc/config/sparc/linux.h		Removed uclibc don't support TLS on stack-protector
+		* gcc/config/sparc/linux64.h	Removed uclibc don't support TLS on stack-protector
+
+0.3.8	Magnus Granberg		<zorry@gentoo.org>
+
+		* gcc/configure					Redone the -fstack-protector check.
+		* gcc/config.in					Added HAVE_GCC_SSP
+		* gcc/gcc.c						Removed code for espf_link_spec in X
+		* gcc/espf.h					Added ifdef HAVE_GCC_SSP, change code for espf_link_spec and link_pie_spec
+
+0.3.7_beta	Anthony G. Basile	<basile@opensource.dyc.edu>
+
+		* gcc/configure					Check if -fstack-protector is supported by gcc on ARCH
+		Updated AC_SUBST enable_espf
+		* gcc/Makefile.in				Remove the fix for $(out_object_file): ix86_split_to_parts() stack smashing attack b.g.o #149292.
+		* gcc/gcc.c						Updaded the .c .cc compiler specs.
+
+0.3.6	Magnus Granberg		<zorry@ume.nu>
+
+		* configure						Check --enable-espf change ppc* to powerpc*, powerpc64 and add ia64.
+		* gcc/configure					Don't check for -z,relro on ia64. Disable crtbeginTS for ia64.
+		* gcc/espf.h					ia64 don't support -fstack-protector*
+
+0.3.5	Maguns Granberg		<zorry@ume.nu>
+
+		* gcc/espf.h					Change the specs for crtbegin.TS.o.
+		* gcc/gcc.c						Rename espf_cc1_options to espf_options_pie_check.
+		* gcc/config/linux.h			Fix typos ENABLE_CRTBEGINS to ENABLE_CRTBEGINTS
+		* gcc/config/rs6000/linux64.h	ASM_SPEC32: %{fpic:-K PIC} %{fPIC:-K PIC} to
+		%{fpic|fPIC|fpie|fPIE:-K PIC}
+
+0.3.4	Magnus Granberg		<zorry@ume.nu>
+
+		* gcc/configure					Add crtbeginTS.o support.
+		* gcc/Makefile.in				Add crtbeginTS.o support.
+		* gcc/gcc.c						Add espf_cc1_options.
+		* gcc/espf.h					Added espf_cc1_options, crtbeginTS.o support,
+		espf_cc1_options and espf_cc1_strictoverflow.
+		* gcc/config.in					Add crtbeginTS.o support.
+		* gcc/config/linux.h			Add crtbeginTS.o support.
+		* gcc/config/rs6000/sysv4.h		Add crtbeginTS.o support.
+		* gcc/doc/invoke.texi			Add NOTES about -fstack-protector-all,
+		-pie and -fPIE.
+		* libgcc/Makefile.in			Add crtbeginTS.o support.
+
+0.3.3	Magnus Granberg		<zorry@ume.nu>
+
+		* gcc/opts.c		change #ifdef ENABLE_ESPF to #ifndef ENABLE_ESPF
+
+0.3.2	Magnus Granberg		<zorry@ume.nu>
+
+		* gcc/opts.c		disable flag_delete_null_pointer_checks >= -O2
+		* gcc/espf.h		add ESPF_CC1_SSP_SPEC and ESPF_CC1_PIE_SPEC to fix bugs on -vanilla spec
+
+		#149292 b.g.o
+		* gcc/config/i386/linux.h		uclibc don't support TLS on stack-protector
+		* gcc/config/i386/linux64.h		uclibc don't support TLS on stack-protector
+		* gcc/config/rs6000/linux.h		uclibc don't support TLS on stack-protector
+		* gcc/config/i386/linux.h		uclibc don't support TLS on stack-protector
+		* gcc/config/sparc/linux.h		uclibc don't support TLS on stack-protector
+		* gcc/config/sparc/linux64.h	uclibc don't support TLS on stack-protector
+
+0.3.1	Magnus Granberg		<zorry@ume.nu>
+
+		* gcc/cp/Make-lang.in	cc1plus: pch test fail when cc1plus is compile with -fPIE.
+		* gcc/configure			fix --enable-espf when USE"-hardened"
+
+4.4.1-espf-0.3.0	Magnus Granberg		<zorry@ume.nu>
+
+		* gcc/espf.h	add ESPF_LINK_SPEC ESPF_LINK_NOW_SPEC
+		* gcc/gcc.c		move	do_self_spec (espf_command_options_spec)
+		do_spec_1()		add espf_link_spec
+
+0.3.0	Magnus Granberg		<zorry@ume.nu>
+
+		* gcc/objc/lang-specs.h		Add %(espf_options)
+		* gcc/objcp/lang-specs.h	Add %(espf_options)
+		* gcc/cp/lang-specs.h		Add %(espf_options)
+		* gcc/config.in				removed ENABLE_LIBSSP
+		* Makefile.in	We add -fno-stack-protector to
+		BOOT_CFLAGS, LIBCFLAGS and LIBCXXFLAGS
+		cc1: pch.exp test fail when cc1 is compile with -fPIE
+		* libmudflap/Makefiles.in	Add -fno-stack-protector -U_FORTIFY_SOURCE
+		to AM_CFLAGS
+		* configure		add --enable-espf
+		add -fno-stack-protector to stage1_cflags
+		add targes ppc* arm sparc*
+		* gcc/configure		change code for check --enable-espf
+		* libmudflap/configure add enable_espf
+		* gcc/espf.h	ESPF_CC1_OPTIONS_SPEC renamed to ESPF_OPTIONS_SPEC
+		add ESPF_CPP_OPTIONS_SPEC ESPF_COMMAND_OPTIONS_SPEC
+		ESPF_CC1_OPTIONS_SSP_SPEC renamed to ESPF_OPTIONS_SSP_SPEC
+		ESPF_COMPILER_COMMAND_PIE_SPEC renamed to ESPF_OPTIONS_PIE_SPEC
+		ESPF_LINK_COMMAND_PIE_SPEC renamed to ESPF_LINK_PIE_SPEC
+		add !p !pg to ESPF_LINK_PIE_SPEC
+		removed ESPF_LINK_SPEC ESPF_CC1_OPTIONS_PIE_INCOMPATIBLE_SPEC
+		* gcc/gcc.c		cpp_options		add %(espf_cpp_options)
+		compiler spec	add %(espf_options)
+		change code for ESPF_EXTRA_SPECS
+		process_command():			Check for lazy, or now
+		do_spec_1():				Add -z now and -z relro
+		main()						add do_self_spec (espf_command_options_spec)
+		removed do_self_spec (espf_cc1_command_spec) do_self_spec (espf_link_command_spec)
+
+0.2.9	Magnus Granberg		<zorry@ume.nu>
+
+		* gcc/espf.h		add ESPF_COMPILER_COMMAND_PIE_SPEC
+		add ESPF_LINK_COMMAND_PIE_SPEC
+		change ESPF_COMPILER_COMMAND_SPEC ESPF_LINK_COMMAND_SPEC
+
+0.2.8	Magnus Granberg		<zorry@ume.nu>
+
+		* gcc/configure				removed check crtbeginTS.o
+		* gcc/espf.h	added notes
+		add ESPF_CC1_SPEC
+		removed ESPF_CPP_UNIQUE_OPTIONS espf_override_options()
+		* gcc/gcc.c					cc1_spec	Set it to CC1_SPEC if ! ENABLE_ESPF
+		* gcc/toplev.c				removed ESPF_OVERRIDE_OPTIONS
+
+0.2.7	Magnus Granberg		<zorry@ume.nu>
+
+		* gcc/opts.c	(decode_options):		Remove flag_strict_overflow as opt2
+		* gcc/config.in				removed HAVE_CRTBEGINTS
+		* gcc/Makefile				removed crtbeginTS.o
+		* libgcc/Makefile.in		removed crtbeginTS.o
+		* gcc/config/i386/i386.h	removed espf_override_options ESPF_EXTRA_SPECS
+		* gcc/config/linux.h		remoevd crtbeginTS.o
+		* gcc/espf.h		ESPF_CC1_OPTIONS_PIE_SPEC renamed to ESPF_CC1_COMMAND_SPEC
+		* gcc/gcc.c					add ESPF_EXTRA_SPECS
+		main()			add do_self_spec (espf_cc1_command_spec)
+
+0.2.6	Magnus Granberg		<zorry@ume.nu>
+
+		* gcc/config/i386/i386.h	add espf_override_options() to OVERRIDE_OPTIONS
+		* gcc/espf.h				add espf_override_options()
+		* gcc/toplev.c				add ESPF_OVERRIDE_OPTIONS
+
+0.2.5	Magnus Granberg		<zorry@ume.nu>
+
+		* gcc/config/i386/i386.h	removed espf_cc1
+		* gcc/config/i386/linux.h	removed espf_cc1 %(crtend_gen)
+		* gcc/config/i386/x86-64.h  removed espf_cc1 %(crtend_gen)
+		* gcc/config/linux.h  		removed espf_cc1 %(crtfile_gen) 
+		%(crtbegin_t_gen) %(crtend_gen)
+		add crtbeginTS.o
+		* gcc/config.in				removed TARGET_LIBC_PROVIDES_PIE
+		add HAVE_CRTBEGINTS
+		* gcc/Makefile.in	add ESPF_NOPIE_CFLAGS ESPF_NOSSP_CFLAGS to
+		CRTSTUFF_T_CFLAGS 
+		add ESPF_NOSSP_CFLAGS to CRTSTUFF_T_CFLAGS_S
+		* espf.h	ESPF_CC1_SPEC renamed to ESPF_CC1_OPTIONS_SPEC
+		add ESPF_LINK_SPEC
+		ESPF_CC1_SSP_SPEC renamed to ESPF_CC1_OPTIONS_SSP_SPEC
+		ESPF_CC1_PIE_SPEC renamed to ESPF_CC1_OPTIONS_PIE_SPEC
+		ESPF_CC1_OPTIONS_SPEC renamed to ESPF_CC1_OPTIONS_PIE_INCOMPATIBLE_SPEC
+		LINK_PIE_SPEC renamed to ESPF_LINK_COMMAND_SPEC
+		removed ESPF_CC1_STRICT_SPEC CRTFILE_GEN_SPEC CRTBEGIN_GEN_SPEC
+		CRTBEGIN_T_GEN_SPEC CRTEND_GEN_SPEC
+		* gcc/configure 	remove TARGET_LIBC_PROVIDES_PIE
+		define HAVE_CRTBEGINTS
+		* gcc/gcc.c			LINK_COMMAND_SPEC add %(espf_link)
+		main()			add do_self_spec (espf_link_command_spec)
+
+0.2.4	Magnus Granberg		<zorry@ume.nu>
+
+		libgcc/Makefile.in clean specs
+
+0.2.3	Magnus Granberg		<zorry@ume.nu>
+
+		*gcc/espf.h			add ESPF_CC1_STRICT_SPEC
+
+0.2.2	Magnus Granberg		<zorry@ume.nu>
+
+		* gcc/config/i386/i386.h 	Add espf_cc1
+		Add ESPF_EXTRA_SPECS
+		* gcc/config/i386/linux.h	Add espf_cc1
+		* gcc/config/i386/x86-64.h  Add espf_cc1
+		* gcc/config/linux.h  Add espf_cc1
+		* gcc/Makefile.in	add crtbeginTS.o to EXTRA_PARTS list
+		* libgcc/Makefile.in	add crtbeginTS.o to EXTRA_PARTS list
+		* gcc/configure 	add define ENABLE_LIBSSP
+		* gcc/gcc.c  %(fortify_default) renamed to %(espf_cpp_unique_options)
+		%(pie_incompatible) renamed to %(espf_cc1_options)
+		removed ESPF_EXTRA_SPECS
+		* gcc/espf.h	ESPF_DEFAULT_SPEC renamed to ESPF_CC1_SPEC
+		SSP_DEFAULT_SPEC renamed to ESPF_CC1_SSP_SPEC
+		FORTIFY_DEFAULT_SPEC renamed to ESPF_CPP_UNIQUE_OPTIONS
+		PIE_DEFAULT_SPEC renamed to ESPF_CC1_PIE_SPEC
+		PIE_INCOMPATIBLE_SPEC renamed to ESPF_CC1_OPTIONS_SPEC
+		add new CRTFILE_GEN_SPEC CRTBEGIN_T_GEN_SPEC CRTEND_GEN_SPEC if !
+		TARGET_LIBC_PROVIDES_PIE
+
+4.4.0-espf-0.2.1	Magnus Granberg		<zorry@ume.nu>
+
+		* gcc/gcc.c		include:	espf.h
+		cc1_spec 	= CC1_SPEC if not ENABLE_ESPF
+		cpp_unique_options			add %(fortify_default)
+		cc1_options					add %(pie_incompatible)
+		EXTRA_SPECS					add ESPF_EXTRA_SPECS
+		* libgcc/Makefile.in		add crtbeginTs.o
+		gcc/Makefile.in				add ESPF_NOPIE_CFLAGS and ESPF_NOSSP_CFLAGS
+		LIBGCC2_CFLAGS				add ESPF_NOSSP_CFLAGS
+		CRTSTUFF_CFLAGS				add ESPF_NOPIE_CFLAGS and ESPF_NOSSP_CFLAGS
+		crtbegin*					add crtbeginTS
+		$(out_object_file): ix86_split_to_parts() stack smashing attack b.g.o #149292
+		* libgcc/configure			add enable_espf
+		* gcc/config/linux.h		add %(crtfile_gen) %(crtbegin_t_gen) %(crtend_gen)
+		* gcc/config/i386/linux.h	add %(crtend_gen)
+		* gcc/config/i386/linux64.h	add %(crtend_gen)
+		* gcc/config.gcc	extra_parts		add crtbeginTS.o
+		* libgcc/config.host	extra_parts		add crtbeginTS.o
+		* gcc/configure		check -z relro
+		check -z now
+		check FORTIFY_SOURCES level 2
+		check Scrt1.o
+		check --enable-espf
+		check crtbeginTS.o
+		* gcc/espf.h			new file
+		* gcc/varasm.c (decl_tls_model): Check flag_pic instead of flag_shlib
+		* gcc/config.in				add ENABLE_LIBSSP
+		add ENABLE_ESPF
+		add TARGET_LIBC_PROVIDES_FORTIFY2
+		add TARGET_LIBC_PROVIDES_PIE
+		* configure		define ENABLE_LIBSSP
+
+gcc-4.3.3-piepatches-v10.2.1

diff --git a/gcc-4.7.0/piepatch/README.Gentoo.patches b/gcc-4.7.0/piepatch/README.Gentoo.patches
new file mode 100644
index 0000000..db43079
--- /dev/null
+++ b/gcc-4.7.0/piepatch/README.Gentoo.patches
@@ -0,0 +1,28 @@
+ ================
+ === W[hat]TF ===
+ ================
+
+Gentoo patchsets that have grown too large to keep on the rsync mirrors have 
+been moved to our git tree.  From there, we bundle up all the whee little 
+patches into a tarball and distribute it via our public mirroring system.
+
+If you want specific info about a patch (like wtf it does or whose great idea 
+it was to change the code), read the patch !  We try to fill out the top of 
+them with useful info such as what it does, why it's needed, bug reports, 
+original creators, etc...  For simple patches, we reserve the right to assume 
+your IQ is greater than absolute 0 and figure out what it does w/out an 
+explanation.  If, by some miracle of science, it falls below the absolute 0 
+mark, you should help mankind by finding some scientists and letting them 
+probe you with their ... erm ... probes.
+
+ =================
+ === W[here]TF ===
+ =================
+
+For those with git access
+git://git.overlays.gentoo.org/proj/hardened-gccpatchset.git
+
+For those w/out git access, this URL should help you:
+http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-gccpatchset.git;a=summary
+
+It should be pretty easy to find your way around, you're a big boy after all.

diff --git a/gcc-4.7.0/piepatch/README.history b/gcc-4.7.0/piepatch/README.history
new file mode 100644
index 0000000..8502d9f
--- /dev/null
+++ b/gcc-4.7.0/piepatch/README.history
@@ -0,0 +1,286 @@
+0.5.1		17 Jan 2012
+		+ 01_all_gcc47_configure.patch
+		- 10_all_gcc45_configure.patch
+		+ 03_all_gcc47_Makefile.in.patch
+		- 12_all_gcc46_Makefile.in.patch
+		+ 02_all_gcc45_config.in.patch
+		- 11_all_gcc45_config.in.patch
+		+ 05_all_gcc46_gcc.c.patch
+		- 20_all_gcc46_gcc.c.patch
+		+ 06_all_gcc45_esp.h.patch
+		- 30_all_gcc45_esp.h.patch
+		+ 10_all_gcc46_default-ssp.patch
+		- 22_all_gcc46-default-ssp.patch
+		+ 15_all_gcc44_decl-tls-model.patch
+		- 21_all_gcc44_decl-tls-model.patch
+		+ 20_all_gcc46_config_crtbeginp.patch
+		- 35_all_gcc46_config_crtbegints.patch
+		+ 24_all_gcc44_invoke.texi.patch
+		+ 60_all_gcc44_invoke.texi.patch
+0.5.0		07 Dec 2011
+		+ 35_all_gcc46_config_crtbeginp.patch
+		- 35_all_gcc46_config_crtbegints.patch
+		U 10_all_gcc45_configure.patch
+		U 12_all_gcc46_Makefile.in.patch
+		+ 11_all_gcc45_config.in.patch
+		- 11_all_gcc44_config.in.patch
+		+ 30_all_gcc45_esp.h.patch
+		- 30_all_gcc44_esp.h.patch
+0.4.9		09 Nov 2011
+		U 12_all_gcc46_Makefile.in.patch
+0.4.8		26 Mar 2011
+		U 22_all_gcc46-default-ssp.patch
+0.4.7		05 Mar 2011
+		U 20_all_gcc46_gcc.c.patch
+		+ 22_all_gcc46-default-ssp.patch
+		- 30_all_gcc46_esp.h.patch
+		+ 30_all_gcc44_esp.h.patch
+		U 33_all_gcc46_config_rs6000_linux64.h.patch
+		U 35_all_gcc46_config_crtbegints.patch
+0.4.6		07 Jan 2011
+		+ 12_all_gcc46_Makefile.in.patch
+		- 12_all_gcc44_Makefile.in.patch
+		+ 20_all_gcc46_gcc.c.patch
+		- 20_all_gcc44_gcc.c.patch
+		+ 30_all_gcc46_esp.h.patch
+		- 30_all_gcc44_esp.h.patch
+		+ 33_all_gcc46_config_rs6000_linux64.h.patch
+		- 33_all_gcc45_config_rs6000_linux64.h.patch
+		+ 35_all_gcc46_config_crtbegints.patch
+		- 35_all_gcc44_config_crtbegints.patch
+		- 40_all_gcc44_obj_lang-specs.h.patch
+		- 40_all_gcc44_objp_lang-specs.h.patch
+		- 40_all_gcc44_cp_lang-specs.h.patch
+0.4.5		18 Jun 2010
+		U 35_all_gcc44_config_crtbegints.patch
+0.4.4		26 May 2010
+		U 30_all_gcc44_esp.h.patch
+0.4.3		26 May 2010
+		U 20_all_gcc44_gcc.c.patch
+		U 30_all_gcc44_esp.h.patch
+0.4.2		24 May 2010
+		U 10_all_gcc44_configure.patch
+		U 12_all_gcc44_Makefile.in.patch
+		U 11_all_gcc44_config.in.patch
+		U 30_all_gcc44_esp.h.patch
+0.4.1		29 Apr 2010
+		U 10_all_gcc45_configure.patch
+		U 12_all_gcc45_Makefile.in.patch
+		U 11_all_gcc44_config.in.patch
+		U 30_all_gcc44_esp.h.patch
+
+0.4.0		19 Apr 2010
+		U 10_all_gcc45_configure.patch
+		U 12_all_gcc45_Makefile.in.patch
+		U 11_all_gcc44_config.in.patch
+		U 20_all_gcc45_gcc.c.patch
+		- 30_all_gcc44_espf.h.patch
+		+ 30_all_gcc44_esp.h.patch
+
+0.3.9	14 Apr 2010
+		U 10_all_gcc45_configure.patch
+		- 50_all_gcc44_no_ssp_tls_uclibc.patch
+		U 33_all_gcc45_config_rs6000_linux64.h.patch
+
+0.3.8	10 Apr 2010
+		10_all_gcc44_configure.patch
+		11_all_gcc44_config.in.patch
+		20_all_gcc44_gcc.c.patch
+		30_all_gcc44_espf.h.patch
+
+0.3.7	10 Feb 2010
+		20_all_gcc44_gcc.c.patch
+		30_all_gcc44_espf.h.patch
+		10_all_gcc44_configure.patch
+
+0.3.6		23 Dec 2009
+		- 10_all_gcc44_configure.patch
+		+ 10_all_gcc44_configure.patch
+		- 30_all_gcc44_espf.h.patch
+		+ 30_all_gcc44_espf.h.patch
+		- README.Changelog
+		+ README.Changelog
+		- README.history
+		+ README.history
+		- README
+		+ README
+
+0.3.5		24 Sep 2009
+		- 30_all_gcc44_espf.h.patch
+		+ 30_all_gcc44_espf.h.patch
+		- 35_all_gcc44_config_crtbegints.patch
+		+ 35_all_gcc44_config_crtbegints.patch
+		+ 33_all_gcc44_config_rs6000_linux64.h.patch
+		- README.Changelog
+		+ README.Changelog
+		- README.history
+		+ README.history
+		+ README.Gentoo.patches
+
+0.3.4		11 Sep 2009
+		- 10_all_gcc44_configure.patch
+		+ 10_all_gcc44_configure.patch
+		- 11_all_gcc44_config.in.patch
+		+ 11_all_gcc44_config.in.patch
+		- 12_all_gcc44_Makefile.in.patch
+		+ 12_all_gcc44_Makefile.in.patch
+		- 20_all_gcc44_gcc.c.patch
+		+ 20_all_gcc44_gcc.c.patch
+		- 23_all_gcc44_opts.c.patch
+		- 30_all_gcc44_espf.h.patch
+		+ 30_all_gcc44_espf.h.patch
+		+ 35_all_gcc44_config_crtbegints.patch
+		+ 60_all_gcc44_invoke.texi.patch
+		- README.Changelog
+		+ README.Changelog
+		- README.history
+		+ README.history
+		- README
+		+ README
+		
+0.3.3		14 Aug 2009
+		- 23_all_gcc44_opts.c.patch
+		+ 23_all_gcc44_opts.c.patch
+
+0.3.2		09 Aug 2009
+		+ 50_all_gcc44_no_ssp_tls_uclibc.patch
+		+ README.Changelog
+		+ README.history
+		- 23_all_gcc44_opts.c.patch
+		+ 23_all_gcc44_opts.c.patch
+		- 30_all_gcc44-espf.h.patch
+		+ 30_all_gcc44-espf.h.patch
+
+0.3.1		23 Jul 2009
+		- 10_all_gcc44_configure.patch
+		+ 10_all_gcc44_configure.patch
+
+0.3.0		23 Jul 2009
+		- 10_all_gcc44_configure.patch
+		+ 10_all_gcc44_configure.patch
+		- 11_all_gcc44_config.in.patch
+		+ 11_all_gcc44_config.in.patch
+		- 12_all_gcc44_Makefile.in.patch
+		+ 12_all_gcc44_Makefile.in.patch
+		- 20_all_gcc44_gcc.c.patch
+		+ 20_all_gcc44_gcc.c.patch
+		+ 40_all_gcc44_obj_lang-specs.h.patch
+		+ 40_all_gcc44_objp_lang-specs.h.patch
+		+ 40_all_gcc44_cp_lang-specs.h.patch
+		- 50_all_gcc44_gentoo_v20090614.1.patch
+		- 30_all_gcc44-espf.h.patch
+		+ 30_all_gcc44-espf.h.patch
+
+0.2.9		14 Jun 2009
+		- 12_all_gcc44_Makefile.in.patch
+		+ 12_all_gcc44_Makefile.in.patch
+		- 30_all_gcc44-espf.h.patch
+		+ 30_all_gcc44-espf.h.patch
+		- 50_all_gcc44_gentoo_v20090612.2.patch
+		+ 50_all_gcc44_gentoo_v20090614.1.patch
+
+0.2.8		12 Jun 2009
+		- 10_all_gcc44_configure.patch
+		+ 10_all_gcc44_configure.patch
+		- 11_all_gcc44_config.in.patch
+		+ 11_all_gcc44_config.in.patch
+		- 12_all_gcc44_Makefile.in.patch
+		+ 12_all_gcc44_Makefile.in.patch
+		- 22_all_gcc44-toplev.c.patch
+		- 25_all_gcc44-espf.h.patch
+		+ 30_all_gcc44-espf.h.patch
+		+ 50_all_gcc44_gentoo_v20090612.2.patch
+
+0.2.7		29 May 2009
+		- 11_all_gcc44_config.in.patch
+		+ 11_all_gcc44_config.in.patch
+		- 12_all_gcc44_Makefile.in.patch
+		+ 12_all_gcc44_Makefile.in.patch
+		- 20_all_gcc44_gcc.c.patch
+		+ 20_all_gcc44_gcc.c.patch
+		+ 23_all_gcc44_opts.c.patch
+		- 25_all_gcc44-espf.h.patch
+		+ 25_all_gcc44-espf.h.patch
+		- 30_all_gcc44-config-defaul-linux.patch
+
+0.2.6		28 May 2009
+		+ 22_all_gcc44-toplev.c.patch
+		- 25_all_gcc44-espf.h.patch
+		+ 25_all_gcc44-espf.h.patch
+		- 30_all_gcc44-config-defaul-linux.patch
+		+ 30_all_gcc44-config-defaul-linux.patch
+
+0.2.5		27 May 2009
+		- 10_all_gcc44_configure.patch
+		+ 10_all_gcc44_configure.patch
+		- 12_all_gcc44_Makefile.in.patch
+		+ 12_all_gcc44_Makefile.in.patch
+		- 20_all_gcc44_gcc.c.patch
+		+ 20_all_gcc44_gcc.c.patch
+		- 25_all_gcc44-espf.h.patch
+		+ 25_all_gcc44-espf.h.patch
+		- 30_all_gcc44-config-defaul-linux.patch
+		+ 30_all_gcc44-config-defaul-linux.patch
+		- 40_all_gcc44-gentoo.patch
+
+0.2.4		08 May 2009
+		- 12_all_gcc44_Makefile.in.patch
+		+ 12_all_gcc44_Makefile.in.patch
+
+0.2.3		08 May 2009
+		- 20_all_gcc44_gcc.c.patch
+		+ 20_all_gcc44_gcc.c.patch
+		- 40_all_gcc44-gentoo.patch
+		+ 40_all_gcc44-gentoo.patch
+
+0.2.2		04 May 2009
+		+ 10_all_gcc44_configure.patch
+		+ 11_all_gcc44_config.in.patch
+		+ 12_all_gcc44_Makefile.in.patch
+		+ 20_all_gcc44_gcc.c.patch
+		+ 21_all_gcc44_decl-tls-model.patch
+		+ 25_all_gcc44-espf.h.patch
+		+ 30_all_gcc44-config-defaul-linux.patch
+		+ 40_all_gcc44-gentoo.patch
+		- 01_all_gcc44-configure.patch
+		- 10_all_gcc44-gcc_configure.patch
+		- 11_all_gcc44-gcc_config.in.patch
+		- 12_all_gcc44-gcc_config.gcc.patch
+		- 13_all_gcc44-gcc_Makefile.in.patch
+		- 15_all_gcc44-libgcc_config.host.patch
+		- 16_all_gcc44-libgcc_configure.patch
+		- 17_all_gcc44-libgcc_Makefile.in.patch
+		- 21_all_gcc44-gcc_espf.h.patch
+		- 22_all_gcc44-gcc_gcc.c.patch
+		- 23_all_gcc44-gcc_varasm.c.patch
+		- 30_all_gcc44-add-crt-start-endfiles-linux.patch
+
+0.2.1		28 Apr 2009
+		+ 01_all_gcc44-configure.patch
+		+ 10_all_gcc44-gcc_configure.patch
+		+ 11_all_gcc44-gcc_config.in.patch
+		+ 12_all_gcc44-gcc_config.gcc.patch
+		+ 13_all_gcc44-gcc_Makefile.in.patch
+		+ 15_all_gcc44-libgcc_config.host.patch
+		+ 16_all_gcc44-libgcc_configure.patch
+		+ 17_all_gcc44-libgcc_Makefile.in.patch
+		+ 21_all_gcc44-gcc_espf.h.patch
+		+ 22_all_gcc44-gcc_gcc.c.patch
+		+ 23_all_gcc44-gcc_varasm.c.patch
+		+ 30_all_gcc44-add-crt-start-endfiles-linux.patch
+		- 00_all_gcc4.4-cvs-incompat.patch
+		- 05_all_gcc4.4-compile-no-ssp.patch
+		- 10_all_gcc4.4-hardened-minispecs-support.patch
+		- 11_all_gcc4.4-decl-tls-model.patch
+		- 12_all_gcc4.4-fortify-minispecs-support.patch
+		- 20-all_gcc4.4-default-crt-start-endfile.patch
+		- 30-all_gcc4.4-crtbeginTS-fno-PIE.patch
+
+0.1.0		16 Apr 2009
+		+ 00_all_gcc4.4-cvs-incompat.patch
+		+ 05_all_gcc4.4-compile-no-ssp.patch
+		+ 10_all_gcc4.4-hardened-minispecs-support.patch
+		+ 11_all_gcc4.4-decl-tls-model.patch
+		+ 12_all_gcc4.4-fortify-minispecs-support.patch
+		+ 20-all_gcc4.4-default-crt-start-endfile.patch
+		+ 30-all_gcc4.4-crtbeginTS-fno-PIE.patch

[gentoo-commits] proj/hardened-gccpatchset:master commit in: gcc-4.7.0/piepatch/

[Magnus Granberg]

commit:     7c8bfba928e7956cb62dd3498809d5005989b6c8
Author:     Magnus Granberg <zorry <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 24 20:22:18 2012 +0000
Commit:     Magnus Granberg <zorry <AT> gentoo <DOT> org>
CommitDate: Tue Jan 24 20:22:18 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-gccpatchset.git;a=commit;h=7c8bfba9

piepatch 0.5.2 for gcc 4.7

---
 gcc-4.7.0/piepatch/16_all_gcc47_nopie_option.patch |   16 ++++++++++++++++
 gcc-4.7.0/piepatch/README.Changelog                |    4 ++++
 gcc-4.7.0/piepatch/README.history                  |    2 ++
 3 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/gcc-4.7.0/piepatch/16_all_gcc47_nopie_option.patch b/gcc-4.7.0/piepatch/16_all_gcc47_nopie_option.patch
new file mode 100644
index 0000000..ed9a961
--- /dev/null
+++ b/gcc-4.7.0/piepatch/16_all_gcc47_nopie_option.patch
@@ -0,0 +1,16 @@
+2012-01-24	Magnus Granberg	<zorry@gentoo.org>
+
+		* gcc/common.opt		Add -nopie
+
+--- a/gcc/common.opt	2011-11-23 19:51:17.000000000 +0100
++++ b//gcc/common.opt	2012-01-24 16:56:24.302224357 +0100
+@@ -2280,6 +2280,9 @@ Driver
+ nodefaultlibs
+ Driver
+ 
++nopie
++Driver
++
+ nostartfiles
+ Driver
+ 

diff --git a/gcc-4.7.0/piepatch/README.Changelog b/gcc-4.7.0/piepatch/README.Changelog
index d94d449..1729b6a 100644
--- a/gcc-4.7.0/piepatch/README.Changelog
+++ b/gcc-4.7.0/piepatch/README.Changelog
@@ -1,3 +1,7 @@
+0.5.2 Magnus Granberg		<zorry@gentoo.org>
+
+		* gcc/common.opt 				Add -nopie
+
 0.5.1 Magnus Granberg		<zorry@gentoo.org>
 
 		* configure					Bumped for 4.7.0 release

diff --git a/gcc-4.7.0/piepatch/README.history b/gcc-4.7.0/piepatch/README.history
index 8502d9f..3c5a7b1 100644
--- a/gcc-4.7.0/piepatch/README.history
+++ b/gcc-4.7.0/piepatch/README.history
@@ -1,3 +1,5 @@
+0.5.2		24 Jan 2012
+		+ 16_all_gcc47_nopie_option.patch
 0.5.1		17 Jan 2012
 		+ 01_all_gcc47_configure.patch
 		- 10_all_gcc45_configure.patch

[gentoo-commits] proj/hardened-gccpatchset:master commit in: gcc-4.7.0/piepatch/

[Magnus Granberg]

commit:     be61f8b3737ed87512a3ee534aa2ef517b0d4f79
Author:     Magnus Granberg <zorry <AT> gentoo <DOT> org>
AuthorDate: Tue Oct  2 15:06:50 2012 +0000
Commit:     Magnus Granberg <zorry <AT> gentoo <DOT> org>
CommitDate: Tue Oct  2 15:06:50 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-gccpatchset.git;a=commit;h=be61f8b3

fix bug 436924

---
 gcc-4.7.0/piepatch/01_all_gcc47_configure.patch |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch b/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch
index e79ea25..3823f1b 100644
--- a/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch
+++ b/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch
@@ -147,7 +147,7 @@
 +  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can default to use -fstack-protector" >&5
 +$as_echo_n "checking if we can default to use -fstack-protector... " >&6; }
 +  ssp_link_test=no
-+  if test x$gcc_cv_libc_provides_ssp = xyes && test x$set_have_as_tls = yes; then
++  if test x$gcc_cv_libc_provides_ssp = xyes && test x$set_have_as_tls = xyes; then
 +    if $EGREP '^ 	*#[ 	]*define[ 	]+__UCLIBC__[ 	]+1' \
 +       $target_header_dir/features.h > /dev/null; then
 +      if test -f $target_header_dir/bits/uClibc_config.h && \

[gentoo-commits] proj/hardened-gccpatchset:master commit in: gcc-4.7.0/piepatch/

[Magnus Granberg]

commit:     252205a3612155769c1c4b6b6db687c044e9f558
Author:     Magnus Granberg <zorry <AT> gentoo <DOT> org>
AuthorDate: Tue Oct  2 16:12:52 2012 +0000
Commit:     Magnus Granberg <zorry <AT> gentoo <DOT> org>
CommitDate: Tue Oct  2 16:12:52 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-gccpatchset.git;a=commit;h=252205a3

Add configure.ac patches

---
 gcc-4.7.0/piepatch/01_all_gcc47_configure.ac.patch |  139 ++++++++++++++++++++
 gcc-4.7.0/piepatch/01_all_gcc47_configure.patch    |    2 +-
 gcc-4.7.0/piepatch/README.Changelog                |   10 ++
 gcc-4.7.0/piepatch/README.history                  |    3 +
 4 files changed, 153 insertions(+), 1 deletions(-)

diff --git a/gcc-4.7.0/piepatch/01_all_gcc47_configure.ac.patch b/gcc-4.7.0/piepatch/01_all_gcc47_configure.ac.patch
new file mode 100644
index 0000000..ed49cd9
--- /dev/null
+++ b/gcc-4.7.0/piepatch/01_all_gcc47_configure.ac.patch
@@ -0,0 +1,139 @@
+2011-04-27	Magnus Granberg		<zorry@gentoo.org>
+
+		* configure.ac		Add --enable-esp.  Add -fno-stack-protector
+		to stage1_cflags.
+		* gcc/configure.ac		Add --enable-esp and check if SSP works.
+		Define ENABLE_ESP ENABLE_ESP_SSP.
+		Check if we support crtbeginP and define ENABLE_CRTBEGINP.
+
+--- a/configure.ac	2011-11-29 22:36:43.000000000 +0100
++++ b/configure.ac	2011-12-07 23:29:26.125712475 +0100
+@@ -419,6 +419,25 @@ if test "${ENABLE_LIBADA}" != "yes" ; th
+   noconfigdirs="$noconfigdirs gnattools"
+ fi
+ 
++# Check whether --enable-esp was given and target have the support.
++AC_ARG_ENABLE([esp],
++[AS_HELP_STRING([--enable-esp],
++		[Enable Stack protector, Position independent executable as 
++		 default if we have suppot for it when compiling
++		 and link with -z relro and -z now as default.
++		 Linux targets supported i*86, x86_64, x86_x32, powerpc, powerpc64, ia64 and arm.])],
++[
++  case $target in
++    i?86*-*-linux* | x86_??*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*)
++      enable_espf=yes
++      ;;
++    *)
++      AC_MSG_WARN([*** --enable-esp is not supported on this $target target.])
++      ;;
++  esac
++])
++AC_SUBST([enable_esp])
++
+ AC_ARG_ENABLE(libssp,
+ [AS_HELP_STRING([--enable-libssp], [build libssp directory])],
+ ENABLE_LIBSSP=$enableval,
+@@ -3211,6 +3230,11 @@ if test "$GCC" = yes -a "$ENABLE_BUILD_W
+   CFLAGS="$saved_CFLAGS"
+ fi
+ 
++# Disable -fstack-protector on stage1
++if test x$enable_esp = xyes; then
++  stage1_cflags="$stage1_cflags -fno-stack-protector"
++fi
++
+ AC_SUBST(stage1_cflags)
+ 
+ # Enable --enable-checking in stage1 of the compiler.
+--- a/gcc/configure.ac	2011-11-18 11:52:32.000000000 +0100
++++ b/gcc/configure.ac	2012-10-02 17:39:15.649526241 +0200
+@@ -5130,6 +5237,88 @@ if test x"${LINKER_HASH_STYLE}" != x; th
+                                          [The linker hash style])
+ fi
+ 
++# --------------
++# Esp checks
++# --------------
++
++# Check whether --enable-esp was given and target have the support.
++AC_ARG_ENABLE([esp],
++[AS_HELP_STRING([--enable-esp],
++		[Enable Stack protector, Position independent executable and
++		 Fortify_sources as default if we have suppot for it when compiling
++		 and link -z now as default.
++		 Linux targets supported i*86, x86_64, x86_x32, powerpc, powerpc64, ia64 and arm])],
++	set_enable_espf=$enableval,
++	set_enable_espf=no)
++if test $set_enable_esp = yes ; then
++  AC_MSG_CHECKING(if $target support esp)
++if test $set_enable_esp = yes ; then
++  case "$target" in
++    i?86*-*-linux* | x86_??*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*)
++      enable_esp=yes
++      AC_DEFINE(ENABLE_ESP, 1,
++        [Define if your target support esp and you have enable it.])
++      ;;
++    *)
++      enable_esp=no
++      ;;
++  esac
++else
++ enable_esp=no
++fi
++AC_MSG_RESULT($enable_esp)
++fi
++AC_SUBST([enable_esp])
++if test $enable_esp = yes ; then
++
++ AC_MSG_CHECKING(if we can default to use -fstack-protector-all)
++  ssp_link_test=no
++  if test x$gcc_cv_libc_provides_ssp = xyes && test x$set_have_as_tls = xyes; then
++    if $EGREP '^ 	*#[ 	]*define[ 	]+__UCLIBC__[ 	]+1' \
++       $target_header_dir/features.h > /dev/null; then
++      if test -f $target_header_dir/bits/uClibc_config.h && \
++	 $EGREP '^ 	*#[ 	]*define[ 	]+__UCLIBC_SUBLEVEL__[ 	]+([3-9][2-9]|[4-9][0-9])' \
++	 $target_header_dir/bits/uClibc_config.h > /dev/null && \
++	 $EGREP '^ 	*#[ 	]*define[ 	]+__UCLIBC_HAS_TLS__[ 	]+1' \
++	 $target_header_dir/bits/uClibc_config.h > /dev/null; then
++	ssp_link_test=yes
++      fi
++    else
++      ssp_link_test=yes
++    fi
++  fi
++  if test x$ssp_link_test=xyes ; then
++    saved_CFLAGS="$CFLAGS"
++    CFLAGS="$CFLAGS -O2 -fstack-protector-all -Werror"
++    AC_TRY_LINK(,,
++      [AC_MSG_RESULT([yes]); enable_esp_ssp=yes],
++      [AC_MSG_RESULT([no]); enable_esp_ssp=no])
++    CFLAGS="$saved_CFLAGS"
++  else
++    [AC_MSG_RESULT([no]); enable_esp_ssp=no]
++  fi
++  if test $enable_esp_ssp = yes ; then
++    AC_DEFINE(ENABLE_ESP_SSP, 1,
++      [Define if your compiler will default to use -fstack-protector-all.])
++  fi
++  AC_MSG_CHECKING(checking for crtbeginP.o support)
++    if test x$enable_esp = xyes ; then
++      case "$target" in
++	ia64*-*-linux*)
++          enable_crtbeginP=no ;;
++        *-*-linux*)
++          if test x$gcc_cv_ld_pie = xyes && test x$lt_cv_prog_compiler_static_works = xyes; then
++            enable_crtbeginP=yes
++            AC_DEFINE(ENABLE_CRTBEGINP, 1,
++              [Define if your compiler will support crtbeginP.])
++     	  fi
++          ;;
++  	*) enable_crtbeginP=no ;;
++      esac
++    fi
++  AC_MSG_RESULT($enable_crtbeginP)
++fi
++
+ # Configure the subdirectories
+ # AC_CONFIG_SUBDIRS($subdirs)
+ 

diff --git a/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch b/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch
index 3823f1b..1a48f49 100644
--- a/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch
+++ b/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch
@@ -125,7 +125,7 @@
 +$as_echo_n "checking if $target support esp... " >&6; }
 +if test $set_enable_esp = yes ; then
 +  case "$target" in
-+    i?86*-*-linux* | x86_??*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux* | mips*-*-linux*)
++    i?86*-*-linux* | x86_??*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*)
 +      enable_esp=yes
 +
 +$as_echo "#define ENABLE_ESP 1" >>confdefs.h

diff --git a/gcc-4.7.0/piepatch/README.Changelog b/gcc-4.7.0/piepatch/README.Changelog
index b6252ed..009e128 100644
--- a/gcc-4.7.0/piepatch/README.Changelog
+++ b/gcc-4.7.0/piepatch/README.Changelog
@@ -1,3 +1,13 @@
+0.5.4 Magnus Granberg		<zorry@gentoo.org>
+
+		#436924
+		* configure.ac			Add --enable-esp.  Add -fno-stack-protector
+		to stage1_cflags.
+		* gcc/configure.ac		Add --enable-esp and check if SSP works.
+		Define ENABLE_ESP ENABLE_ESP_SSP.
+		Check if we support crtbeginP and define ENABLE_CRTBEGINP.
+		* gcc/configure			Fix a typo
+		
 0.5.3 Magnus Granberg		<zorry@gentoo.org>
 
 		* gcc/configure			Clean up the checks and added

diff --git a/gcc-4.7.0/piepatch/README.history b/gcc-4.7.0/piepatch/README.history
index 537cc48..82b2ee3 100644
--- a/gcc-4.7.0/piepatch/README.history
+++ b/gcc-4.7.0/piepatch/README.history
@@ -1,3 +1,6 @@
+0.5.4		02 Oct 2012
+		U 01_all_gcc47_configure.patch
+		+  01_all_gcc47_configure.ac.patch
 0.5.3		06 Apr 2012
 		U 01_all_gcc47_configure.patch
 		+ 02_all_gcc47_config.in.patch