diff options
-rw-r--r-- | gcc-4.6.0/piepatch/10_all_gcc45_configure.patch | 215 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/11_all_gcc44_config.in.patch | 32 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/12_all_gcc45_Makefile.in.patch | 198 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/20_all_gcc45_gcc.c.patch | 130 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/21_all_gcc44_decl-tls-model.patch | 20 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/30_all_gcc44_esp.h.patch | 153 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/33_all_gcc45_config_rs6000_linux64.h.patch | 16 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/35_all_gcc44_config_crtbegints.patch | 36 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/40_all_gcc44_cp_lang-specs.h.patch | 30 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/41_all_gcc44_objc_lang-specs.h.patch | 37 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/42_all_gcc44_objcp_lang-specs.h.patch | 35 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/60_all_gcc44_invoke.texi.patch | 44 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/README | 18 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/README.Changelog | 284 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/README.Gentoo.patches | 28 | ||||
-rw-r--r-- | gcc-4.6.0/piepatch/README.history | 233 |
16 files changed, 1509 insertions, 0 deletions
diff --git a/gcc-4.6.0/piepatch/10_all_gcc45_configure.patch b/gcc-4.6.0/piepatch/10_all_gcc45_configure.patch new file mode 100644 index 0000000..39893f3 --- /dev/null +++ b/gcc-4.6.0/piepatch/10_all_gcc45_configure.patch @@ -0,0 +1,215 @@ +2010-05-25 Magnus Granberg <zorry@gentoo.org>, Anthony G. Basile <basile@opensource.dyc.edu> + + * configure Add --enable-esp. Add-fno-stack-protector + to stage1_cflags. + * gcc/configure Add --enable-esp. Check -z now and -z relro. + Define ENABLE_ESP. + Check if we support crtbeginTS and define ENABLE_CRTBEGINTS. + * libmudflap/configure Add AC_SUBST enable_esp. + + +--- configure 2010-01-31 13:12:21.000000000 -0500 ++++ configure 2010-02-07 14:29:51.000000000 -0500 +@@ -707,6 +707,7 @@ + CFLAGS + CC + target_subdir ++enable_esp + host_subdir + build_subdir + build_libsubdir +@@ -934,6 +934,11 @@ + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-gold use gold instead of ld + --enable-libada build libada directory ++ --enable-esp ++ Enable Stack protector, Position independent executable as ++ default if we have suppot for it when compiling ++ and link with -z relro and -z now as default. ++ Linux targets supported i*86, x86_64, powerpc, powerpc64, ia64 and arm + --enable-libssp build libssp directory + --disable-ppl-version-check disable check for PPL version + --disable-cloog-version-check disable check for CLooG version +@@ -2145,6 +2150,25 @@ + noconfigdirs="$noconfigdirs gnattools" + fi + ++# Check whether --enable-esp was given and target have the support. ++# Check whether --enable-esp or --disable-esp was given. ++if test "${enable_esp+set}" = set; then ++ enableval="$enable_esp" ++ ++ case $target in ++ i?86*-*-linux* | x86_64*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*) ++ enable_esp=yes ++ ;; ++ *) ++ { { echo "$as_me:$LINENO: error: *** --enable-esp is not supported on this $target target." >&5 ++echo "$as_me: error: *** --enable-esp is not supported on this $target target." >&2;} ++ { (exit 1); exit 1; }; } ++ ;; ++ esac ++ ++fi; ++ ++ + # Check whether --enable-libssp was given. + if test "${enable_libssp+set}" = set; then : + enableval=$enable_libssp; ENABLE_LIBSSP=$enableval +@@ -14266,6 +14290,9 @@ + *) stage1_cflags="-g -J" ;; + esac ;; + esac ++if test x$enable_esp = xyes; then ++ stage1_cflags="$stage1_cflags -fno-stack-protector" ++fi + + # This is aimed to mimic bootstrap with a non-GCC compiler to catch problems. + if test "$GCC" = yes -a "$ENABLE_BUILD_WITH_CXX" != yes; then +--- gcc/configure 2010-01-31 10:01:53.000000000 -0500 ++++ gcc/configure 2010-02-07 14:29:56.000000000 -0500 +@@ -678,6 +678,8 @@ + HOST_LIBS + GGC + libgcc_visibility ++enable_esp ++enable_crtbeginTS + gcc_cv_readelf + gcc_cv_objdump + ORIGINAL_NM_FOR_TARGET +@@ -24480,6 +24481,50 @@ + ;; + esac + ++echo "$as_me:$LINENO: checking linker -z now support" >&5 ++echo $ECHO_N "checking linker -z now support... $ECHO_C" >&6 ++if test "${gcc_cv_ld_now+set}" = set; then ++ echo $ECHO_N "(cached) $ECHO_C" >&6 ++else ++ gcc_cv_ld_now=no ++if test $in_tree_ld = yes ; then ++ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \ ++ && test $in_tree_ld_is_elf = yes; then ++ gcc_cv_ld_now=yes ++ fi ++elif test x$gcc_cv_ld != x; then ++ # Check if linker supports -z now options ++ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then ++ gcc_cv_ld_now=yes ++ fi ++fi ++ ++fi ++echo "$as_me:$LINENO: result: $gcc_cv_ld_now" >&5 ++echo "${ECHO_T}$gcc_cv_ld_now" >&6 ++ ++echo "$as_me:$LINENO: checking linker -z relro support" >&5 ++echo $ECHO_N "checking linker -z relro support... $ECHO_C" >&6 ++if test "${gcc_cv_ld_relro+set}" = set; then ++ echo $ECHO_N "(cached) $ECHO_C" >&6 ++else ++ gcc_cv_ld_relro=no ++if test $in_tree_ld = yes ; then ++ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \ ++ && test $in_tree_ld_is_elf = yes; then ++ gcc_cv_ld_relro=yes ++ fi ++elif test x$gcc_cv_ld != x; then ++ # Check if linker supports -z relro and -z norelro options ++ if $gcc_cv_ld --help 2>/dev/null | grep relro > /dev/null; then ++ gcc_cv_ld_relro=yes ++ fi ++fi ++ ++fi ++echo "$as_me:$LINENO: result: $gcc_cv_ld_relro" >&5 ++echo "${ECHO_T}$gcc_cv_ld_relro" >&6 ++ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking linker --build-id support" >&5 + $as_echo_n "checking linker --build-id support... " >&6; } + if test "${gcc_cv_ld_buildid+set}" = set; then : +@@ -24411,6 +23745,74 @@ + + fi + ++if test x$enable_esp = xyes ; then ++case $target in ++ ia64*-*-linux*) ++ if test x$gcc_cv_ld_now = xyes; then ++ enable_esp_ld=yes ++ else ++ enable_esp_ld=no ++ fi ++ ;; ++ *-*-linux*) ++ if test x$gcc_cv_ld_relro = xyes && test x$gcc_cv_ld_now = xyes; then ++ enable_esp_ld=yes ++ else ++ enable_esp_ld=no ++ fi ++ ;; ++ *) ++ enable_esp_ld=no ++ ;; ++ esac ++else ++ enable_espf_ld=no ++fi ++if test x$enable_esp_ld = xyes; then ++ ++cat >>confdefs.h <<\_ACEOF ++#define ENABLE_ESP 1 ++_ACEOF ++ ++fi ++ ++if test x$enable_esp = xyes && test x$enable_esp_ld = xno; then ++ { { echo "$as_me:$LINENO: error: *** --enable-esp is not supported. You don't have -z,relro or -z,now support in the linker." >&5 ++echo "$as_me: error: *** --enable-esp is not supported. You don't have -z,relro or -z,now support in the linker." >&2;} ++ { (exit 1); exit 1; }; } ++fi ++ ++echo "$as_me:$LINENO: checking for crtbeginTS.o support" >&5 ++echo $ECHO_N "checking for crtbeginTS.o support... $ECHO_C" >&6 ++if test "${enable_crtbeginTS+set}" = set; then ++ echo $ECHO_N "(cached) $ECHO_C" >&6 ++else ++ ++if test x$enable_esp = xyes ; then ++ case "$target" in ++ ia64*-*-linux*) ++ enable_crtbeginTS=no ;; ++ *-*-linux*) ++ if test x$gcc_cv_ld_pie = xyes && test x$lt_cv_prog_compiler_static_works = xyes; then ++ enable_crtbeginTS=yes ++ fi ++ ;; ++ *) enable_crtbeginTS=no ;; ++ esac ++fi ++ ++fi ++echo "$as_me:$LINENO: result: $enable_crtbeginTS" >&5 ++echo "${ECHO_T}$enable_crtbeginTS" >&6 ++ ++if test x$enable_crtbeginTS = xyes; then ++ ++cat >>confdefs.h <<\_ACEOF ++#define ENABLE_CRTBEGINTS 1 ++_ACEOF ++ ++fi ++ + # Check if TFmode long double should be used by default or not. + # Some glibc targets used DFmode long double, but with glibc 2.4 + # and later they can use TFmode. +--- libmudflap/configure 2009-12-05 12:18:53.000000000 -0500 ++++ libmudflap/configure 2010-02-07 14:29:51.000000000 -0500 +@@ -652,6 +652,7 @@ + MAINTAINER_MODE_FALSE + MAINTAINER_MODE_TRUE + am__untar ++enable_esp + am__tar + AMTAR + am__leading_dot diff --git a/gcc-4.6.0/piepatch/11_all_gcc44_config.in.patch b/gcc-4.6.0/piepatch/11_all_gcc44_config.in.patch new file mode 100644 index 0000000..3e49f03 --- /dev/null +++ b/gcc-4.6.0/piepatch/11_all_gcc44_config.in.patch @@ -0,0 +1,32 @@ +2010-05-24 Magnus Granberg <zorry@gentoo.org> + + * gcc/config.in Add ENABLE_CRTBEGINTS and ENABLE_ESP + +--- gcc/config.in 2009-04-21 11:08:08.000000000 +0200 ++++ gcc/config.in 2009-05-12 00:10:08.000000000 +0200 +@@ -46,6 +46,12 @@ + #endif + + ++/* Define to 1 to enable crtbeginTS.o. */ ++#ifndef USED_FOR_TARGET ++#undef ENABLE_CRTBEGINTS ++#endif ++ ++ + /* Define to 1 to specify that we are using the BID decimal floating point + format instead of DPD */ + #ifndef USED_FOR_TARGET +@@ -65,6 +65,12 @@ + #endif + + ++/* Define to 1 to enable esp. */ ++#ifndef USED_FOR_TARGET ++#undef ENABLE_ESP ++#endif ++ ++ + /* Define to 1 to enable fixed-point arithmetic extension to C. */ + #ifndef USED_FOR_TARGET + #undef ENABLE_FIXED_POINT diff --git a/gcc-4.6.0/piepatch/12_all_gcc45_Makefile.in.patch b/gcc-4.6.0/piepatch/12_all_gcc45_Makefile.in.patch new file mode 100644 index 0000000..6700f50 --- /dev/null +++ b/gcc-4.6.0/piepatch/12_all_gcc45_Makefile.in.patch @@ -0,0 +1,198 @@ +2010-04-25 Magnus Granberg <zorry@gentoo.org> Anthony G. Basile <basile@opensource.dyc.edu> + + * Makefile.in We add -fno-stack-protector to BOOT_CFLAGS, LIBCFLAGS and LIBCXXFLAGS if enable_esp yes. + * gcc/Makefile.in Add -fno-PIE and -fno-stack-protector. + Libgcc2 doesn't compile with -fstack-protector. + Crtstuff doesn't compile with -fPIE and -fstack-protector. + $(out_object_file): ix86_split_to_parts() stack smashing attack b.g.o #149292. + Add crtbeginTS.o to EXTRA_PARTS if enable_crtbeginTS yes + We add new file crtbeginTS.o if enable_crtbeginTS yes + * libgcc/Makefile.in Add crtbeginTS.o to EXTRA_PARTS if enable_crtbeginTS yes + We add new file crtbeginTS.o if enable_crtbeginTS yes + +2010-04-25 Magnus Granberg <zorry@gentoo.org>, Kees Cook <kees@outflux.net> + + LP #344502 + * libmudflap/Makefiles.in Add -fno-stack-protector -U_FORTIFY_SOURCE + to AM_CFLAGS ifdef enable_esp. + +--- Makefile.in 2010-01-22 08:35:38.000000000 -0500 ++++ Makefile.in 2010-02-07 15:10:59.000000000 -0500 +@@ -350,9 +350,17 @@ + BUILD_PREFIX = @BUILD_PREFIX@ + BUILD_PREFIX_1 = @BUILD_PREFIX_1@ + ++# Some stuff don't compile with SSP ++enable_esp = @enable_esp@ ++ifeq ($(enable_esp),yes) ++ESP_NOSSP_CFLAGS = -fno-stack-protector ++else ++ESP_NOSSP_CFLAGS= ++endif ++ + # Flags to pass to stage2 and later makes. They are defined + # here so that they can be overridden by Makefile fragments. +-BOOT_CFLAGS= -g -O2 ++BOOT_CFLAGS= -g -O2 $(ESP_NOSSP_CFLAGS) + BOOT_LDFLAGS= + BOOT_ADAFLAGS=-gnatpg -gnata + +@@ -397,9 +405,9 @@ + + CFLAGS = @CFLAGS@ + LDFLAGS = @LDFLAGS@ +-LIBCFLAGS = $(CFLAGS) ++LIBCFLAGS = $(CFLAGS) $(ESP_NOSSP_CFLAGS) + CXXFLAGS = @CXXFLAGS@ +-LIBCXXFLAGS = $(CXXFLAGS) -fno-implicit-templates ++LIBCXXFLAGS = $(CXXFLAGS) -fno-implicit-templates $(ESP_NOSSP_CFLAGS) + + TFLAGS = + +--- gcc/Makefile.in 2010-01-22 17:22:51.000000000 -0500 ++++ gcc/Makefile.in 2010-02-07 15:15:13.000000000 -0500 +@@ -629,13 +629,24 @@ + INHIBIT_LIBC_CFLAGS = -Dinhibit_libc + endif + ++# We don't want __stack_chk_fail in crt* and libgcc2.a. ++# We don't want to compile crtbegin, crtend and crtbeginT with -fPIE. ++enable_esp = @enable_esp@ ++ifeq ($(enable_esp),yes) ++ESP_NOPIE_CFLAGS = -fno-PIE ++ESP_NOSSP_CFLAGS = -fno-stack-protector ++else ++ESP_NOPIE_CFLAGS= ++ESP_NOSSP_CFLAGS= ++endif ++ + # Options to use when compiling libgcc2.a. + # + LIBGCC2_DEBUG_CFLAGS = -g + LIBGCC2_CFLAGS = -O2 $(LIBGCC2_INCLUDES) $(GCC_CFLAGS) $(TARGET_LIBGCC2_CFLAGS) \ + $(LIBGCC2_DEBUG_CFLAGS) $(GTHREAD_FLAGS) \ + -DIN_LIBGCC2 -D__GCC_FLOAT_NOT_NEEDED \ +- $(INHIBIT_LIBC_CFLAGS) ++ $(INHIBIT_LIBC_CFLAGS) $(ESP_NOSSP_CFLAGS) + + # Additional options to use when compiling libgcc2.a. + # Some targets override this to -isystem include +@@ -648,7 +659,7 @@ + CRTSTUFF_CFLAGS = -O2 $(GCC_CFLAGS) $(INCLUDES) $(MULTILIB_CFLAGS) -g0 \ + -finhibit-size-directive -fno-inline -fno-exceptions \ + -fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \ +- $(INHIBIT_LIBC_CFLAGS) ++ $(INHIBIT_LIBC_CFLAGS) $(ESP_NOSSP_CFLAGS) + + # Additional sources to handle exceptions; overridden by targets as needed. + LIB2ADDEH = $(srcdir)/unwind-dw2.c $(srcdir)/unwind-dw2-fde.c \ +@@ -678,6 +689,12 @@ + # The rules for compiling them should be in the t-* file for the machine. + EXTRA_PARTS = @extra_parts@ + ++# We add crtbeginTS.o to the EXTRA_PARTS list if enable_crtbeginTS = yes ++enable_crtbeginTS = @enable_crtbeginTS@ ++ifeq ($(enable_crtbeginTS),yes) ++EXTRA_PARTS += crtbeginTS.o ++endif ++ + # List of extra object files that should be compiled and linked with + # compiler proper (cc1, cc1obj, cc1plus). + EXTRA_OBJS = @extra_objs@ +@@ -1856,9 +1873,10 @@ + echo LIBGCC_SYNC = '$(LIBGCC_SYNC)' >> tmp-libgcc.mvars + echo LIBGCC_SYNC_CFLAGS = '$(LIBGCC_SYNC_CFLAGS)' >> tmp-libgcc.mvars + echo CRTSTUFF_CFLAGS = '$(CRTSTUFF_CFLAGS)' >> tmp-libgcc.mvars +- echo CRTSTUFF_T_CFLAGS = '$(CRTSTUFF_T_CFLAGS)' >> tmp-libgcc.mvars ++ echo CRTSTUFF_T_CFLAGS = '$(CRTSTUFF_T_CFLAGS) $(ESP_NOPIE_CFLAGS)' >> tmp-libgcc.mvars + echo CRTSTUFF_T_CFLAGS_S = '$(CRTSTUFF_T_CFLAGS_S)' >> tmp-libgcc.mvars + echo TARGET_SYSTEM_ROOT = '$(TARGET_SYSTEM_ROOT)' >> tmp-libgcc.mvars ++ echo enable_crtbeginTS = '$(enable_crtbeginTS)' >> tmp-libgcc.mvars + + mv tmp-libgcc.mvars libgcc.mvars + +@@ -1892,12 +1910,14 @@ + $(T)crtbegin.o: crtstuff.c $(GCC_PASSES) $(TCONFIG_H) auto-host.h \ + gbl-ctors.h stmp-int-hdrs tsystem.h coretypes.h $(TM_H) + $(GCC_FOR_TARGET) $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS) \ ++ $(ESP_NOPIE_CFLAGS) \ + -c $(srcdir)/crtstuff.c -DCRT_BEGIN \ + -o $(T)crtbegin$(objext) + + $(T)crtend.o: crtstuff.c $(GCC_PASSES) $(TCONFIG_H) auto-host.h \ + gbl-ctors.h stmp-int-hdrs tsystem.h coretypes.h $(TM_H) + $(GCC_FOR_TARGET) $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS) \ ++ $(ESP_NOPIE_CFLAGS) \ + -c $(srcdir)/crtstuff.c -DCRT_END \ + -o $(T)crtend$(objext) + +@@ -1918,9 +1938,19 @@ + $(T)crtbeginT.o: crtstuff.c $(GCC_PASSES) $(TCONFIG_H) auto-host.h \ + gbl-ctors.h stmp-int-hdrs tsystem.h coretypes.h $(TM_H) + $(GCC_FOR_TARGET) $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS) \ ++ $(ESP_NOPIE_CFLAGS) \ + -c $(srcdir)/crtstuff.c -DCRT_BEGIN -DCRTSTUFFT_O \ + -o $(T)crtbeginT$(objext) + ++# This is a version of crtbegin for -static -fPIE links if esp is enable. ++ifeq ($(enable_crtbeginTS),yes) ++$(T)crtbeginTS.o: crtstuff.c $(GCC_PASSES) $(TCONFIG_H) auto-host.h \ ++ gbl-ctors.h stmp-int-hdrs tsystem.h coretypes.h $(TM_H) ++ $(GCC_FOR_TARGET) $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS_S) \ ++ -c $(srcdir)/crtstuff.c -DCRT_BEGIN -DCRTSTUFFT_O -DCRTSTUFFS_O \ ++ -o $(T)crtbeginTS$(objext) ++endif ++ + # Compile the start modules crt0.o and mcrt0.o that are linked with + # every program + $(T)crt0.o: s-crt0 ; @true +--- libgcc/Makefile.in 2009-07-30 18:33:49.000000000 -0400 ++++ libgcc/Makefile.in 2010-02-07 15:10:59.000000000 -0500 +@@ -291,6 +291,12 @@ + gen-hide-list = echo > \$@ + endif + ++# We add crtbeginTS.o to the EXTRA_PARTS list if enable_crtbeginTS = yes ++enable_libgcc_crtbeginTS = $(enable_crtbeginTS) ++ifeq ($(enable_libgcc_crtbeginTS),yes) ++EXTRA_PARTS += crtbeginTS.o ++endif ++ + ifneq ($(EXTRA_PARTS),) + extra-parts = libgcc-extra-parts + INSTALL_PARTS = $(EXTRA_PARTS) +@@ -842,6 +848,13 @@ + crtbeginT.o: $(gcc_srcdir)/crtstuff.c + $(crt_compile) $(CRTSTUFF_T_CFLAGS) \ + -c $(gcc_srcdir)/crtstuff.c -DCRT_BEGIN -DCRTSTUFFT_O ++ ++# This is a version of crtbegin for -static -fPIE links. ++ifeq ($(enable_libgcc_crtbeginTS),yes) ++crtbeginTS.o: $(gcc_srcdir)/crtstuff.c ++ $(crt_compile) $(CRTSTUFF_T_CFLAGS_S) \ ++ -c $(gcc_srcdir)/crtstuff.c -DCRT_BEGIN -DCRTSTUFFT_O -DCRTSTUFFS_O ++endif + endif + + # Build extra startfiles in the libgcc directory. +--- libmudflap/Makefile.in 2009-12-05 12:18:53.000000000 -0500 ++++ libmudflap/Makefile.in 2010-02-07 15:10:59.000000000 -0500 +@@ -253,9 +253,17 @@ + MAINT_CHARSET = latin1 + SUBDIRS = testsuite + ++# Some stuff don't compile with SSP and FORTIFY_SOURCE ++enable_esp = @enable_esp@ ++ifeq ($(enable_esp),yes) ++ NO_ESP_CFLAGS = -fno-stack-protector -U_FORTIFY_SOURCE ++else ++ NO_ESP_CFLAGS = ++endif ++ + # May be used by various substitution variables. + gcc_version := $(shell cat $(top_srcdir)/../gcc/BASE-VER) +-AM_CFLAGS = -Wall $(SECTION_FLAGS) ++AM_CFLAGS = -Wall $(SECTION_FLAGS) $(NO_ESP_CFLAGS) + @LIBMUDFLAPTH_FALSE@libmudflapth = + @LIBMUDFLAPTH_TRUE@libmudflapth = libmudflapth.la + toolexeclib_LTLIBRARIES = libmudflap.la $(libmudflapth) diff --git a/gcc-4.6.0/piepatch/20_all_gcc45_gcc.c.patch b/gcc-4.6.0/piepatch/20_all_gcc45_gcc.c.patch new file mode 100644 index 0000000..714f3d4 --- /dev/null +++ b/gcc-4.6.0/piepatch/20_all_gcc45_gcc.c.patch @@ -0,0 +1,130 @@ +2010-05-26 Magnus Granberg <zorry@gentoo.org>, Anthony G. Basile <basile@opensource.dyc.edu> + + * gcc/gcc.c include esp.h + static const char *cc1_spec We set that in esp.h if ENABLE_ESP. + #ifdef EXTRA_SPECS: Add ESP_EXTRA_SPECS + main(): Add do_self_spec esp_command_options_spec() + +2009-06-27 Matthias Klose <doko@ubuntu.com>, Kees Cook <kees@outflux.net>, + Anthony G. Basile <basile@opensource.dyc.edu> + + LP #346126 + * gcc/gcc.c *cpp_options Add %(esp_cpp_options) + + * gcc/gcc.c default_compilers[] Add %(esp_options) + *cpp_unique_options Add %(esp_cpp_unique_options) + +--- gcc/gcc.c 2010-01-21 10:29:30.000000000 -0500 ++++ gcc/gcc.c 2010-01-29 23:29:16.000000000 -0500 +@@ -84,6 +84,7 @@ + #include "gcc.h" + #include "flags.h" + #include "opts.h" ++#include "esp.h" /* for --enable-esp support */ + + #ifdef HAVE_MMAP_FILE + # include <sys/mman.h> +@@ -822,7 +823,9 @@ + + static const char *asm_debug; + static const char *cpp_spec = CPP_SPEC; ++#ifndef ENABLE_ESP + static const char *cc1_spec = CC1_SPEC; ++#endif + static const char *cc1plus_spec = CC1PLUS_SPEC; + static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC; + static const char *link_ssp_spec = LINK_SSP_SPEC; +@@ -885,7 +888,7 @@ + static const char *cpp_options = + "%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\ + %{f*} %{g*:%{!g0:%{g*} %{!fno-working-directory:-fworking-directory}}} %{O*}\ +- %{undef} %{save-temps*:-fpch-preprocess}"; ++ %{undef} %{save-temps*:-fpch-preprocess} %(esp_cpp_options)"; + + /* This contains cpp options which are not passed when the preprocessor + output will be used by another program. */ +@@ -1075,15 +1081,15 @@ + %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \ + %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\ + cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \ +- %(cc1_options)}\ ++ %(cc1_options) %(esp_options)}\ + %{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\ +- cc1 %(cpp_unique_options) %(cc1_options)}}}\ ++ cc1 %(cpp_unique_options) %(cc1_options) %(esp_options)}}}\ + %{!fsyntax-only:%(invoke_as)}} \ + %{combine:\ + %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \ + %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i}}\ + %{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\ +- cc1 %(cpp_unique_options) %(cc1_options)}}\ ++ cc1 %(cpp_unique_options) %(cc1_options) %(esp_options)}}\ + %{!fsyntax-only:%(invoke_as)}}}}}}", 0, 1, 1}, + {"-", + "%{!E:%e-E or -x required when input is from standard input}\ +@@ -1106,7 +1112,7 @@ + %W{o*:--output-pch=%*}%V}}}}}}", 0, 0, 0}, + {".i", "@cpp-output", 0, 1, 0}, + {"@cpp-output", +- "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 1, 0}, ++ "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %(esp_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 1, 0}, + {".s", "@assembler", 0, 1, 0}, + {"@assembler", + "%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 1, 0}, +@@ -1699,18 +1705,23 @@ + INIT_STATIC_SPEC ("sysroot_hdrs_suffix_spec", &sysroot_hdrs_suffix_spec), + }; + +-#ifdef EXTRA_SPECS /* additional specs needed */ ++/* EXTRA_SPECS needs to be defined */ ++#ifndef EXTRA_SPECS ++#define EXTRA_SPECS ++#endif ++ ++/* EXTRA_SPECS and ESP_EXTRA_SPECS add additional specs */ + /* Structure to keep track of just the first two args of a spec_list. +- That is all that the EXTRA_SPECS macro gives us. */ ++ That is all that the EXTRA_SPECS and ESP_EXTRA_SPECS macro gives us. */ + struct spec_list_1 + { + const char *const name; + const char *const ptr; + }; + +-static const struct spec_list_1 extra_specs_1[] = { EXTRA_SPECS }; ++/* ESP_EXTRA_SPECS before EXTRA_SPECS */ ++static const struct spec_list_1 extra_specs_1[] = { ESP_EXTRA_SPECS, EXTRA_SPECS }; + static struct spec_list *extra_specs = (struct spec_list *) 0; +-#endif + + /* List of dynamically allocates specs that have been defined so far. */ + +@@ -1798,7 +1809,6 @@ + if (verbose_flag) + notice ("Using built-in specs.\n"); + +-#ifdef EXTRA_SPECS + extra_specs = XCNEWVEC (struct spec_list, ARRAY_SIZE (extra_specs_1)); + + for (i = ARRAY_SIZE (extra_specs_1) - 1; i >= 0; i--) +@@ -1811,7 +1821,6 @@ + sl->ptr_spec = &sl->ptr; + next = sl; + } +-#endif + + for (i = ARRAY_SIZE (static_specs) - 1; i >= 0; i--) + { +@@ -7096,6 +7123,12 @@ + gcc_exec_prefix = concat (gcc_exec_prefix, spec_machine, dir_separator_str, + spec_version, dir_separator_str, NULL); + ++#ifdef ENABLE_ESP ++ /* Process ESP_COMMAND_OPTIONS_SPEC, adding any new options to the end ++ of the command line. */ ++ do_self_spec (esp_command_options_spec); ++#endif ++ + /* Now we have the specs. + Set the `valid' bits for switches that match anything in any spec. */ + diff --git a/gcc-4.6.0/piepatch/21_all_gcc44_decl-tls-model.patch b/gcc-4.6.0/piepatch/21_all_gcc44_decl-tls-model.patch new file mode 100644 index 0000000..09438a0 --- /dev/null +++ b/gcc-4.6.0/piepatch/21_all_gcc44_decl-tls-model.patch @@ -0,0 +1,20 @@ +2009-06-13 Magnus Granberg <zorry@ume.nu> + + b.g.o #232601 + * gcc/varasm.c (decl_tls_model): Check flag_pic instead of flag_shlib. + +--- gcc/varasm.c 2009-03-17 21:18:21.000000000 +0100 ++++ gcc/varasm.c 2009-04-29 03:10:09.000000000 +0200 +@@ -5607,7 +5607,11 @@ + bool is_local; + + is_local = targetm.binds_local_p (decl); +- if (!flag_shlib) ++ #ifdef ENABLE_ESP ++ if (!flag_pic) ++ #else ++ if (!flag_shlib) ++ #endif + { + if (is_local) + kind = TLS_MODEL_LOCAL_EXEC; diff --git a/gcc-4.6.0/piepatch/30_all_gcc44_esp.h.patch b/gcc-4.6.0/piepatch/30_all_gcc44_esp.h.patch new file mode 100644 index 0000000..df3c2bc --- /dev/null +++ b/gcc-4.6.0/piepatch/30_all_gcc44_esp.h.patch @@ -0,0 +1,153 @@ +2010-05-27 Magnus Granberg <zorry@gentoo.org> + + * gcc/esp.h New file to support --enable-esp + Version 20100527.1 + +--- gcc/esp.h 2010-04-09 16:14:00.000000000 +0200 ++++ gcc/esp.h 2010-04-29 21:30:47.000000000 +0200 +@@ -0,0 +1,145 @@ ++/* License terms see GNU GENERAL PUBLIC LICENSE Version 3. ++ * Version 20100527.1 ++ * Magnus Granberg (Zorry) <zorry@gentoo.org> */ ++#ifndef GCC_ESP_H ++#define GCC_ESP_H ++ ++/* This file will add -fstack-protector-all, -fPIE, -pie and -z now ++ as default if the defines and the spec allow it. ++ Added a hack for gcc-specs-* in toolchain-funcs.eclass and _filter-hardened in flag-o-matic.eclass ++ to support older hardened GCC patches and we don't need to change the code on gcc-specs-* and _filter-hardened. ++ This will add some unsupported upstream commands options as -nopie and -nonow. ++ -D__KERNEL__ is added so we don't have -fPIE, -pie and -fstack-protector-all when building kernels. ++ ESP_CC1_SPEC is added to CC1_SPEC. ++ ESP_CC1_STRICT_OVERFLOW_SPEC is added so we don't disable the strict-overflow check. ++ ESP_LINK_PIE_CHECK_SPEC check for -pie, -p, -pg, -profile and -static. ++ ENABLE_CRTBEGINTS add support for crtbeginTS.o, build -static with -fPIE or -fpie. ++*/ ++#ifdef ENABLE_ESP ++ ++ /* Hack to support gcc-specs-* in toolchain-funcs.eclass and _filter-hardened in flag-o-matic.eclass */ ++ #define ESP_CC1_SPEC " %(esp_cc1_ssp) %(esp_cc1_pie) %(esp_cc1_strict_overflow)" ++ #if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP ) ++ #define ESP_CC1_SSP_SPEC "%{!fno-stack-protector: %{!fno-stack-protector-all: }}" ++ #else ++ #define ESP_CC1_SSP_SPEC "" ++ #endif ++ #if defined ( EFAULT_PIE ) || defined ( EFAULT_PIE_SSP ) ++ #define ESP_CC1_PIE_SPEC "%{!nopie: }" ++ #else ++ #define ESP_CC1_PIE_SPEC "" ++ #endif ++ #define ESP_CC1_STRICT_OVERFLOW_SPEC "%{!fstrict-overflow:%{!fno-strict-overflow: -fno-strict-overflow}}" ++ ++ /* ESP_LINK_SPEC is added to LINK_PIE_SPEC if esp is enable ++ -z now will be added if we don't have -vanilla spec. We do a -pie incompatible check ++ Don't remove the specs in the end */ ++ #define ESP_LINK_SPEC "%(esp_link_now) %(esp_link_pie_check) " ++ #define ESP_LINK_NOW_SPEC "%{!nonow:-z now}" ++ ++ /* We use ESP_COMMAND_OPTIONS_SPEC to add pie command-line options. */ ++ #define ESP_COMMAND_OPTIONS_SPEC "%{!D__KERNEL__:%{!nopie:%(esp_options_pie) %(esp_link_pie)}}" ++ ++ /* ESP_OPTIONS_SPEC is added to the compiler spec in gcc/gcc.c */ ++ #define ESP_OPTIONS_SPEC "%(esp_options_ssp)" ++ ++ /* ESP_CPP_OPTIONS_SPEC is added to the cpp_options spec in gcc/gcc.c ++ For precompiling headers. */ ++ #define ESP_CPP_OPTIONS_SPEC "%(esp_options_ssp)" ++ ++ /* This will add -fstack-protector-all if we don't have -nostdlib -nodefaultlibs -fno-stack-protector -fstack-protector ++ -fstack-protector-all and we have EFAULT_SSP or EFAULT_PIE_SSP defined. */ ++ #if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP ) ++ #define ESP_OPTIONS_SSP_SPEC \ ++ "%{!D__KERNEL__:%{!nostdlib:%{!nodefaultlibs: %{!fno-stack-protector: \ ++ %{!fstack-protector:%{!fstack-protector-all:-fstack-protector-all}}}}}}" ++ #else ++ #define ESP_OPTIONS_SSP_SPEC "" ++ #endif ++ ++ /* If EFAULT_PIE or EFAULT_PIE_SSP is defined we will add -fPIE -pie */ ++ #if defined ( EFAULT_PIE ) || defined ( EFAULT_PIE_SSP ) ++ ++ /* This will add -fPIE if we don't have -pie -fpic -fPIC -fpie -fPIE -fno-pic -fno-PIC -fno-pie -fno-PIE -shared -static ++ -nostdlib -nostartfiles. */ ++ /* With ENABLE_CRTBEGINTS we don't need to check for -static */ ++ #ifdef ENABLE_CRTBEGINTS ++ #define ESP_OPTIONS_PIE_SPEC \ ++ "%{!pie: %{!fpic:%{!fPIC:%{!fpie:%{!fPIE: %{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE: \ ++ %{!shared: %{!nostdlib: %{!nostartfiles:-fPIE}} } }}}} }}}} }" ++ #else ++ #define ESP_OPTIONS_PIE_SPEC \ ++ "%{!pie: %{!fpic:%{!fPIC:%{!fpie:%{!fPIE: %{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE: \ ++ %{!shared: %{!static: %{!nostdlib: %{!nostartfiles:-fPIE}} } }}}} }}}} }}" ++ #endif ++ ++ /* This will add -pie if we don't have -pie -A -fno-pic -fno-PIC -fno-pie -fno-PIE -shared -static -r -nostdlib ++ -nostartfiles */ ++ /* With ENABLE_CRTBEGINTS we don't need to check for -static ++ and we add -pie only to get the start and endfiles. -pie will not go to the linker. */ ++ #ifdef ENABLE_CRTBEGINTS ++ #define ESP_LINK_PIE_SPEC \ ++ "%{!pie:%{!A:%{!fno-pie:%{!fno-PIE:%{!fno-pic:%{!fno-PIC:%{!shared:%{!r: \ ++ %{!nostdlib:%{!nostartfiles:-pie}}}}}}}}}}" ++ #else ++ #define ESP_LINK_PIE_SPEC \ ++ "%{!pie:%{!A:%{!fno-pie:%{!fno-PIE:%{!fno-pic:%{!fno-PIC:%{!shared:%{!static:%{!r: \ ++ %{!nostdlib:%{!nostartfiles:-pie}}}}}}}}}}}" ++ #endif ++ ++ /* This will check if -pie is set when (-static) -pg -p -profile. If set it will make gcc print out ++ "-pie and (static)|pg|p|profile are incompatible when linking" */ ++ /* With ENABLE_CRTBEGINTS we don't need to check for -static */ ++ #ifdef ENABLE_CRTBEGINTS ++ #define ESP_LINK_PIE_CHECK_SPEC \ ++ "%{pie:%{pg|p|profile:%e-pie and -pg|p|profile are incompatible when linking}}" ++ #else ++ #define ESP_LINK_PIE_CHECK_SPEC \ ++ "%{pie:%{static|pg|p|profile:%e-pie and -static|pg|p|profile are incompatible when linking}}" ++ #endif ++ ++ /* We don't pass -pie to the linker when -static. */ ++ #ifdef ENABLE_CRTBEGINTS ++ #define LINK_PIE_SPEC "%{!static:%{pie:-pie}} %(esp_link)" ++ #else ++ #define LINK_PIE_SPEC "%{pie:-pie} %(esp_link)" ++ #endif ++ ++ #else ++ #define ESP_OPTIONS_PIE_SPEC "" ++ #define ESP_LINK_PIE_CHECK_SPEC "" ++ #define ESP_LINK_PIE_SPEC "" ++ #define LINK_PIE_SPEC "%{pie:-pie} %(esp_link)" ++ #endif ++ ++ /* We add extra spec name's to the EXTRA_SPECS list */ ++ #define ESP_EXTRA_SPECS \ ++ { "esp_cc1", ESP_CC1_SPEC }, \ ++ { "esp_cc1_pie", ESP_CC1_PIE_SPEC }, \ ++ { "esp_cc1_ssp", ESP_CC1_SSP_SPEC }, \ ++ { "esp_cc1_strict_overflow", ESP_CC1_STRICT_OVERFLOW_SPEC }, \ ++ { "esp_link", ESP_LINK_SPEC }, \ ++ { "esp_link_now", ESP_LINK_NOW_SPEC }, \ ++ { "esp_link_pie", ESP_LINK_PIE_SPEC }, \ ++ { "esp_link_pie_check", ESP_LINK_PIE_CHECK_SPEC }, \ ++ { "esp_command_options", ESP_COMMAND_OPTIONS_SPEC }, \ ++ { "esp_cpp_options", ESP_CPP_OPTIONS_SPEC }, \ ++ { "esp_options", ESP_OPTIONS_SPEC }, \ ++ { "esp_options_pie", ESP_OPTIONS_PIE_SPEC }, \ ++ { "esp_options_ssp", ESP_OPTIONS_SSP_SPEC } ++ ++ static const char *esp_command_options_spec = ESP_COMMAND_OPTIONS_SPEC; ++ static const char *cc1_spec = CC1_SPEC ESP_CC1_SPEC; ++ ++#else /* If not ESP_ENABLE defined do this. */ ++ ++ #define ESP_OPTIONS_SPEC "" ++ #define ESP_CPP_OPTIONS_SPEC "" ++ ++ /* We add extra spec name's to the EXTRA_SPECS list */ ++ #define ESP_EXTRA_SPECS \ ++ { "esp_options", ESP_OPTIONS_SPEC }, \ ++ { "esp_cpp_options", ESP_CPP_OPTIONS_SPEC } ++ ++#endif ++#endif /* End GCC_ESP_H */ diff --git a/gcc-4.6.0/piepatch/33_all_gcc45_config_rs6000_linux64.h.patch b/gcc-4.6.0/piepatch/33_all_gcc45_config_rs6000_linux64.h.patch new file mode 100644 index 0000000..b1271c2 --- /dev/null +++ b/gcc-4.6.0/piepatch/33_all_gcc45_config_rs6000_linux64.h.patch @@ -0,0 +1,16 @@ +2010-04-25 Peter S. Mazinger <ps.m@gmx.net>, Magnus Granberg <zorry@gentoo.org> + + * gcc/config/rs6000/linux64.h ASM_SPEC32 Change %{fpic:-K PIC} %{fPIC:-K PIC} + to %{fpic|fPIC|fpie|fPIE:-K PIC} + +--- gcc/config/rs6000/linux64.h.psm 2009-04-10 01:23:07.000000000 +0200 ++++ gcc/config/rs6000/linux64.h 2009-09-23 12:34:26.000000000 +0200 +@@ -162,7 +162,7 @@ + #endif + + #define ASM_SPEC32 "-a32 %{n} %{T} %{Ym,*} %{Yd,*} \ +-%{mrelocatable} %{mrelocatable-lib} %{fpic:-K PIC} %{fPIC:-K PIC} \ ++%{mrelocatable} %{mrelocatable-lib} %{fpic|fPIC|fpie|fPIE:-K PIC} \ + %{memb} %{!memb: %{msdata=eabi: -memb}} \ + %{!mlittle: %{!mlittle-endian: %{!mbig: %{!mbig-endian: \ + %{mcall-freebsd: -mbig} \ diff --git a/gcc-4.6.0/piepatch/35_all_gcc44_config_crtbegints.patch b/gcc-4.6.0/piepatch/35_all_gcc44_config_crtbegints.patch new file mode 100644 index 0000000..8f43a87 --- /dev/null +++ b/gcc-4.6.0/piepatch/35_all_gcc44_config_crtbegints.patch @@ -0,0 +1,36 @@ +2010-06-18 Magnus Granberg <zorry@gentoo.org> + + * gcc/config/linux.h If ENABLE_CRTBEGINTS, -static and -pie use crtbegineTS.o. + * gcc/config/rs6000/sysv4.h If ENABLE_CRTBEGINTS, -static and -pie use crtbegineTS.o. + +--- gcc/config/linux.h 2009-04-10 01:23:07.000000000 +0200 ++++ gcc/config/linux.h 2009-09-08 04:08:06.000000000 +0200 +@@ -43,7 +43,11 @@ + object constructed before entering `main'. */ + + #undef STARTFILE_SPEC +-#if defined HAVE_LD_PIE ++#if defined (HAVE_LD_PIE) && defined (ENABLE_CRTBEGINTS) ++#define STARTFILE_SPEC \ ++ "%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} crti.o%s \ ++ %{static:%{pie:crtbeginTS.o%s;:crtbeginT.o%s}} %{!static:%{shared|pie:crtbeginS.o%s;:crtbegin.o%s}}" ++#elif defined (HAVE_LD_PIE) && ! defined (ENABLE_CRTBEGINTS) + #define STARTFILE_SPEC \ + "%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} \ + crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}" +--- gcc/config/rs6000/sysv4.h 2009-04-10 01:23:07.000000000 +0200 ++++ gcc/config/rs6000/sysv4.h 2009-09-08 04:41:50.000000000 +0200 +@@ -883,7 +883,12 @@ + %{!mnewlib: %{pthread:-lpthread} %{shared:-lc} \ + %{!shared: %{profile:-lc_p} %{!profile:-lc}}}" + +-#ifdef HAVE_LD_PIE ++#if defined (HAVE_LD_PIE) && defined (ENABLE_CRTBEGINTS) ++#define STARTFILE_LINUX_SPEC "\ ++%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} \ ++%{mnewlib:ecrti.o%s;:crti.o%s} \ ++%{static:%{pie:crtbeginTS.o%s;:crtbeginT.o%s}} %{!static:%{shared|pie:crtbeginS.o%s;:crtbegin.o%s}}" ++#elif defined (HAVE_LD_PIE) && ! defined (ENABLE_CRTBEGINTS) + #define STARTFILE_LINUX_SPEC "\ + %{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} \ + %{mnewlib:ecrti.o%s;:crti.o%s} \ diff --git a/gcc-4.6.0/piepatch/40_all_gcc44_cp_lang-specs.h.patch b/gcc-4.6.0/piepatch/40_all_gcc44_cp_lang-specs.h.patch new file mode 100644 index 0000000..091f443 --- /dev/null +++ b/gcc-4.6.0/piepatch/40_all_gcc44_cp_lang-specs.h.patch @@ -0,0 +1,30 @@ +2009-06-18 Matthias Klose <doko@ubuntu.com>, Kees Cook <kees@outflux.net> + + LP #346126 + * gcc/cp/lang-specs.h compiler spec Add %(esp_options). + +--- gcc/cp/lang-specs.h.orig 2009-03-23 01:21:54.000000000 +0100 ++++ gcc/cp/lang-specs.h 2009-03-23 01:22:16.000000000 +0100 +@@ -47,7 +47,7 @@ + %(cpp_options) %2 -o %{save-temps:%b.ii} %{!save-temps:%g.ii} \n}\ + cc1plus %{save-temps|no-integrated-cpp:-fpreprocessed %{save-temps:%b.ii} %{!save-temps:%g.ii}}\ + %{!save-temps:%{!no-integrated-cpp:%(cpp_unique_options)}}\ +- %(cc1_options) %2 %{+e1*}\ ++ %(cc1_options) %(esp_options) %2 %{+e1*}\ + %{!fsyntax-only:-o %g.s %{!o*:--output-pch=%i.gch} %W{o*:--output-pch=%*}%V}}}}", + CPLUSPLUS_CPP_SPEC, 0, 0}, + {"@c++", +@@ -57,11 +57,11 @@ + %(cpp_options) %2 -o %{save-temps:%b.ii} %{!save-temps:%g.ii} \n}\ + cc1plus %{save-temps|no-integrated-cpp:-fpreprocessed %{save-temps:%b.ii} %{!save-temps:%g.ii}}\ + %{!save-temps:%{!no-integrated-cpp:%(cpp_unique_options)}}\ +- %(cc1_options) %2 %{+e1*}\ ++ %(cc1_options) %(esp_options) %2 %{+e1*}\ + %{!fsyntax-only:%(invoke_as)}}}}", + CPLUSPLUS_CPP_SPEC, 0, 0}, + {".ii", "@c++-cpp-output", 0, 0, 0}, + {"@c++-cpp-output", + "%{!M:%{!MM:%{!E:\ +- cc1plus -fpreprocessed %i %(cc1_options) %2 %{+e*}\ ++ cc1plus -fpreprocessed %i %(cc1_options) %(esp_options) %2 %{+e*}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, diff --git a/gcc-4.6.0/piepatch/41_all_gcc44_objc_lang-specs.h.patch b/gcc-4.6.0/piepatch/41_all_gcc44_objc_lang-specs.h.patch new file mode 100644 index 0000000..418217e --- /dev/null +++ b/gcc-4.6.0/piepatch/41_all_gcc44_objc_lang-specs.h.patch @@ -0,0 +1,37 @@ +2009-06-18 Matthias Klose <doko@ubuntu.com>, Kees Cook <kees@outflux.net> + + LP #346126 + * gcc/objc/lang-specs.h compiler spec Add %(esp_options). + +--- gcc/objc/lang-specs.h 2009-03-23 01:21:54.000000000 +0100 ++++ gcc/objc/lang-specs.h 2009-03-23 01:22:16.000000000 +0100 +@@ -30,13 +30,13 @@ + %{traditional|ftraditional|traditional-cpp:\ + %eGNU Objective C no longer supports traditional compilation}\ + %{save-temps|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps:%b.mi} %{!save-temps:%g.mi} \n\ +- cc1obj -fpreprocessed %{save-temps:%b.mi} %{!save-temps:%g.mi} %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}\ ++ cc1obj -fpreprocessed %{save-temps:%b.mi} %{!save-temps:%g.mi} %(cc1_options) %(esp_options) %{print-objc-runtime-info} %{gen-decls}}\ + %{!save-temps:%{!no-integrated-cpp:\ +- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}}\ ++ cc1obj %(cpp_unique_options) %(cc1_options) %(esp_options) %{print-objc-runtime-info} %{gen-decls}}}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {".mi", "@objc-cpp-output", 0, 0, 0}, + {"@objc-cpp-output", +- "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(esp_options) %{print-objc-runtime-info} %{gen-decls}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {"@objective-c-header", + "%{E|M|MM:cc1obj -E %{traditional|ftraditional|traditional-cpp:-traditional-cpp}\ +@@ -45,10 +45,10 @@ + %{traditional|ftraditional|traditional-cpp:\ + %eGNU Objective C no longer supports traditional compilation}\ + %{save-temps|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps:%b.mi} %{!save-temps:%g.mi} \n\ +- cc1obj -fpreprocessed %b.mi %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ cc1obj -fpreprocessed %b.mi %(cc1_options) %(esp_options) %{print-objc-runtime-info} %{gen-decls}\ + -o %g.s %{!o*:--output-pch=%i.gch}\ + %W{o*:--output-pch=%*}%V}\ + %{!save-temps:%{!no-integrated-cpp:\ +- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ cc1obj %(cpp_unique_options) %(cc1_options) %(esp_options) %{print-objc-runtime-info} %{gen-decls}\ + -o %g.s %{!o*:--output-pch=%i.gch}\ + %W{o*:--output-pch=%*}%V}}}}}", 0, 0, 0}, diff --git a/gcc-4.6.0/piepatch/42_all_gcc44_objcp_lang-specs.h.patch b/gcc-4.6.0/piepatch/42_all_gcc44_objcp_lang-specs.h.patch new file mode 100644 index 0000000..50ab607 --- /dev/null +++ b/gcc-4.6.0/piepatch/42_all_gcc44_objcp_lang-specs.h.patch @@ -0,0 +1,35 @@ +2009-06-18 Matthias Klose <doko@ubuntu.com>, Kees Cook <kees@outflux.net> + + LP #346126 + * gcc/objcp/lang-specs.h compiler spec Add %(esp_options). + +--- gcc/objcp/lang-specs.h 2009-03-23 01:21:54.000000000 +0100 ++++ gcc/objcp/lang-specs.h 2009-03-23 01:22:16.000000000 +0100 +@@ -36,7 +36,7 @@ + %(cpp_options) %2 -o %{save-temps:%b.mii} %{!save-temps:%g.mii} \n}\ + cc1objplus %{save-temps|no-integrated-cpp:-fpreprocessed %{save-temps:%b.mii} %{!save-temps:%g.mii}}\ + %{!save-temps:%{!no-integrated-cpp:%(cpp_unique_options)}}\ +- %(cc1_options) %2 %{+e1*}\ ++ %(cc1_options) %(esp_options) %2 %{+e1*}\ + -o %g.s %{!o*:--output-pch=%i.gch} %W{o*:--output-pch=%*}%V}}}", + CPLUSPLUS_CPP_SPEC, 0, 0}, + {"@objective-c++", +@@ -46,15 +46,15 @@ + %(cpp_options) %2 -o %{save-temps:%b.mii} %{!save-temps:%g.mii} \n}\ + cc1objplus %{save-temps|no-integrated-cpp:-fpreprocessed %{save-temps:%b.mii} %{!save-temps:%g.mii}}\ + %{!save-temps:%{!no-integrated-cpp:%(cpp_unique_options)}}\ +- %(cc1_options) %2 %{+e1*}\ ++ %(cc1_options) %(esp_options) %2 %{+e1*}\ + %{!fsyntax-only:%(invoke_as)}}}}", + CPLUSPLUS_CPP_SPEC, 0, 0}, + {".mii", "@objective-c++-cpp-output", 0, 0, 0}, + {"@objective-c++-cpp-output", + "%{!M:%{!MM:%{!E:\ +- cc1objplus -fpreprocessed %i %(cc1_options) %2 %{+e*}\ ++ cc1objplus -fpreprocessed %i %(cc1_options) %(esp_options) %2 %{+e*}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {"@objc++-cpp-output", + "%{!M:%{!MM:%{!E:\ +- cc1objplus -fpreprocessed %i %(cc1_options) %2 %{+e*}\ ++ cc1objplus -fpreprocessed %i %(cc1_options) %(esp_options) %2 %{+e*}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, diff --git a/gcc-4.6.0/piepatch/60_all_gcc44_invoke.texi.patch b/gcc-4.6.0/piepatch/60_all_gcc44_invoke.texi.patch new file mode 100644 index 0000000..15b3417 --- /dev/null +++ b/gcc-4.6.0/piepatch/60_all_gcc44_invoke.texi.patch @@ -0,0 +1,44 @@ +2009-09-11 Magnus Granberg <zorry@gentoo.org> + + * gcc/doc/invoke.texi Add NOTES about -fstack-protector-all, -pie and + -fPIE/-fpie when --enable-esp is enable, this options is on by default. + +--- gcc/doc/invoke.texi 2009-04-01 09:18:47.000000000 +0200 ++++ gcc/doc/invoke.texi 2009-06-18 14:08:38.000000000 +0200 +@@ -7134,6 +7134,11 @@ + @opindex fstack-protector-all + Like @option{-fstack-protector} except that all functions are protected. + ++NOTE: When --enable-esp this option is enabled by default ++for C, C++, ObjC, ObjC++, if neither @option{-fno-stack-protector} ++or @option{-nostdlib} or @option{-nodefaultlibs} or ++@option{-fstack-protector} are found. ++ + @item -fsection-anchors + @opindex fsection-anchors + Try to reduce the number of symbolic address calculations by using +@@ -7960,6 +7965,12 @@ + that were used to generate code (@option{-fpie}, @option{-fPIE}, + or model suboptions) when you specify this option. + ++NOTE: When --enable-esp this option is enabled by default ++for C, C++, ObjC, ObjC++, if neither @option{-fno-pie} or @option{-fno-PIE} ++or @option{-fno-pic} or @option{-fno-PIC} or @option{-nostdlib} or ++@option{-nostartfiles} or @option{-shared} or @option{-pg} or @option{-p} ++are found. ++ + @item -rdynamic + @opindex rdynamic + Pass the flag @option{-export-dynamic} to the ELF linker, on targets +@@ -15889,6 +15910,11 @@ + @code{__pie__} and @code{__PIE__}. The macros have the value 1 + for @option{-fpie} and 2 for @option{-fPIE}. + ++NOTE: When --enable-esp this option is enabled by default ++for C, C++, ObjC, ObjC++, if neither @option{-fno-pie} or @option{-fno-PIE} ++or @option{-fno-pic} or @option{-fno-PIC} or @option{-nostdlib} or ++@option{-nostartfiles} or @option{-shared} are found. ++ + @item -fno-jump-tables + @opindex fno-jump-tables + Do not use jump tables for switch statements even where it would be diff --git a/gcc-4.6.0/piepatch/README b/gcc-4.6.0/piepatch/README new file mode 100644 index 0000000..f322ab8 --- /dev/null +++ b/gcc-4.6.0/piepatch/README @@ -0,0 +1,18 @@ +This work started with bugs #94325 #100689 #106222 #149292 #149649 and the overlay on http://overlays.gentoo.org/dev/kevquinn. +By Kevin K. Quinn, Peter S. Mazinger, Natanael Copa, Alexander Gabert, Solar, PaX Team, SpanKY and mentor. + +The work stalled. Some threads on the Gentoo forum started to do their own fixes to get it working. +Xake started the thread where most of the new work is done: "How long until hardened and toolchain will produce a hardened gcc4?" +http://forums.gentoo.org/viewtopic-t-668885.html. I joined the thread and started to code. + +We started with the pieworld code from kevquinn's overlay. The PIE and minispecs part hit the tree later on. +With GCC 4.4.0 I was willing to do some code cleanup, use built-in specs and add it as --enable-esp in the +configure command line. + +Thank you all: +Kevin K. Quinn, Peter S. Mazinger, Natanael Copa, Alexander Gabert, Solar, PaX Team, SpanKY, Xake, Dwokfur, +KernelOfTruth, SteveL, nixnut, Hopeless, forsaken1, XioXous, obrut<-, mv, qjim, Tommy[D], Genewb, radegand, +unk, neuron, alexxy, hellboi64, likewhoa, g0rg0n, costel78, polsas, 7v5w7go9ub0o, uberpinguin, Naib, cilly, +bonsaikitten, kerframil, agaffney, Gordon Malm, blueness, Matthias Klose, Kees Cook, mentor, Anarchy, +devurandom and everyone else for helping to test, suggestions, fixes and anything else we have missed. +/2009-00-09 Magnus Grenberg (Zorry) <zorry@ume.nu> diff --git a/gcc-4.6.0/piepatch/README.Changelog b/gcc-4.6.0/piepatch/README.Changelog new file mode 100644 index 0000000..ab59bcb --- /dev/null +++ b/gcc-4.6.0/piepatch/README.Changelog @@ -0,0 +1,284 @@ +0.4.5 Magnus Granberg <zorry@gentoo.org> + + * gcc/config/rs6000/sysv4.h Fix a typo in the static spec rules + +0.4.4 Magnus Granberg <zorry@gentoo.org> + + * gcc/esp.h Renamed ESP_CC1_STRICT_SPEC to ESP_CC1_STRICT_OVERFLOW_SPEC + Renamed ESP_OPTIONS_PIE_CHECK_SPEC to ESP_LINK_PIE_CHECK_SPEC + +0.4.3 Magnus Granberg <zorry@gentoo.org> + + #299061 b.g.o + * gcc/gcc.c removed the pie incompatible specs rule call + * gcc/esp.h Move the -pie incompatible check to esp_link + remove the -shared incompatible check + +0.4.2 Magnus granberg <zorry@gentoo.org> + + * configure remove the changes from 0.4.1 + * Makefile.in remove the changes from 0.4.1 remove -fstack-protector check. + * gcc/configure remove the changes from 0.4.1 + * gcc/config.in remove the changes from 0.4.1 remove HAVE_GCC_SSP + * gcc/Makefile remove the changes from 0.4.1 + * gcc/esp.h change HAVE_GCC_LD_PIE to (EFAULT_PIE || EFAULT_PIE_SSP) + change HAVE_GCC_SSP to (EFAULT_SSP || EFAULT_PIE_SSP) + * libmudflap/Makefiles.in remove the changes from 0.4.1 + +0.4.1 Magnus Granberg <zorry@gentoo.org> + + *configure removed check for --enable-esp removed enable_esp + added check for --enable-esp=(no|all|nopie|nossp). added enable_esp_set + *Makefile.in renamed enable_esp to enable_esp_set + *gcc/configure removed check for --enable-esp removed enable_esp + added check for --enable-esp=(no|all|nopie|nossp). added enable_esp_set + added a -fPIE -pie check. change AC_COMPILE_IFELSE to AC_LINK_IFELSE in the + -fstack-protector check. + * gcc/config.in Added HAVE_GCC_LD_PIE + *gcc/Makefile.in renamed enable_esp to enable_esp_set + *gcc/esp.h Renamed HAVE_LD_PIE to HAVE_GCC_LD_PIE + Added HAVE_GCC_LD_PIE to #define ESP_CC1_PIE_SPEC. Move ESP_COMMAND_OPTIONS_SPEC + * libmudflap/Makefiles.in In enable_esp change ifeq to ifdef. + + #293843 b.g.o + *gcc/esp.h Added -nonow to the -z now specs. + +0.4.0 Anthony G. Basile <basile@opensource.dyc.edu> + + rename espf to esp and change espf-patchset to piepatchset + +0.3.9 Magnus Granberg <zorry@gentoo.org> + + * gcc/configure Added check for TLS on the target in the SSP check. + + #149292 b.g.o + * gcc/config/i386/linux.h Removed uclibc don't support TLS on stack-protector + * gcc/config/i386/linux64.h Removed uclibc don't support TLS on stack-protector + * gcc/config/rs6000/linux.h Removed uclibc don't support TLS on stack-protector + * gcc/config/i386/linux.h Removed uclibc don't support TLS on stack-protector + * gcc/config/sparc/linux.h Removed uclibc don't support TLS on stack-protector + * gcc/config/sparc/linux64.h Removed uclibc don't support TLS on stack-protector + +0.3.8 Magnus Granberg <zorry@gentoo.org> + + * gcc/configure Redone the -fstack-protector check. + * gcc/config.in Added HAVE_GCC_SSP + * gcc/gcc.c Removed code for espf_link_spec in X + * gcc/espf.h Added ifdef HAVE_GCC_SSP, change code for espf_link_spec and link_pie_spec + +0.3.7_beta Anthony G. Basile <basile@opensource.dyc.edu> + + * gcc/configure Check if -fstack-protector is supported by gcc on ARCH + Updated AC_SUBST enable_espf + * gcc/Makefile.in Remove the fix for $(out_object_file): ix86_split_to_parts() stack smashing attack b.g.o #149292. + * gcc/gcc.c Updaded the .c .cc compiler specs. + +0.3.6 Magnus Granberg <zorry@ume.nu> + + * configure Check --enable-espf change ppc* to powerpc*, powerpc64 and add ia64. + * gcc/configure Don't check for -z,relro on ia64. Disable crtbeginTS for ia64. + * gcc/espf.h ia64 don't support -fstack-protector* + +0.3.5 Maguns Granberg <zorry@ume.nu> + + * gcc/espf.h Change the specs for crtbegin.TS.o. + * gcc/gcc.c Rename espf_cc1_options to espf_options_pie_check. + * gcc/config/linux.h Fix typos ENABLE_CRTBEGINS to ENABLE_CRTBEGINTS + * gcc/config/rs6000/linux64.h ASM_SPEC32: %{fpic:-K PIC} %{fPIC:-K PIC} to + %{fpic|fPIC|fpie|fPIE:-K PIC} + +0.3.4 Magnus Granberg <zorry@ume.nu> + + * gcc/configure Add crtbeginTS.o support. + * gcc/Makefile.in Add crtbeginTS.o support. + * gcc/gcc.c Add espf_cc1_options. + * gcc/espf.h Added espf_cc1_options, crtbeginTS.o support, + espf_cc1_options and espf_cc1_strictoverflow. + * gcc/config.in Add crtbeginTS.o support. + * gcc/config/linux.h Add crtbeginTS.o support. + * gcc/config/rs6000/sysv4.h Add crtbeginTS.o support. + * gcc/doc/invoke.texi Add NOTES about -fstack-protector-all, + -pie and -fPIE. + * libgcc/Makefile.in Add crtbeginTS.o support. + +0.3.3 Magnus Granberg <zorry@ume.nu> + + * gcc/opts.c change #ifdef ENABLE_ESPF to #ifndef ENABLE_ESPF + +0.3.2 Magnus Granberg <zorry@ume.nu> + + * gcc/opts.c disable flag_delete_null_pointer_checks >= -O2 + * gcc/espf.h add ESPF_CC1_SSP_SPEC and ESPF_CC1_PIE_SPEC to fix bugs on -vanilla spec + + #149292 b.g.o + * gcc/config/i386/linux.h uclibc don't support TLS on stack-protector + * gcc/config/i386/linux64.h uclibc don't support TLS on stack-protector + * gcc/config/rs6000/linux.h uclibc don't support TLS on stack-protector + * gcc/config/i386/linux.h uclibc don't support TLS on stack-protector + * gcc/config/sparc/linux.h uclibc don't support TLS on stack-protector + * gcc/config/sparc/linux64.h uclibc don't support TLS on stack-protector + +0.3.1 Magnus Granberg <zorry@ume.nu> + + * gcc/cp/Make-lang.in cc1plus: pch test fail when cc1plus is compile with -fPIE. + * gcc/configure fix --enable-espf when USE"-hardened" + +4.4.1-espf-0.3.0 Magnus Granberg <zorry@ume.nu> + + * gcc/espf.h add ESPF_LINK_SPEC ESPF_LINK_NOW_SPEC + * gcc/gcc.c move do_self_spec (espf_command_options_spec) + do_spec_1() add espf_link_spec + +0.3.0 Magnus Granberg <zorry@ume.nu> + + * gcc/objc/lang-specs.h Add %(espf_options) + * gcc/objcp/lang-specs.h Add %(espf_options) + * gcc/cp/lang-specs.h Add %(espf_options) + * gcc/config.in removed ENABLE_LIBSSP + * Makefile.in We add -fno-stack-protector to + BOOT_CFLAGS, LIBCFLAGS and LIBCXXFLAGS + cc1: pch.exp test fail when cc1 is compile with -fPIE + * libmudflap/Makefiles.in Add -fno-stack-protector -U_FORTIFY_SOURCE + to AM_CFLAGS + * configure add --enable-espf + add -fno-stack-protector to stage1_cflags + add targes ppc* arm sparc* + * gcc/configure change code for check --enable-espf + * libmudflap/configure add enable_espf + * gcc/espf.h ESPF_CC1_OPTIONS_SPEC renamed to ESPF_OPTIONS_SPEC + add ESPF_CPP_OPTIONS_SPEC ESPF_COMMAND_OPTIONS_SPEC + ESPF_CC1_OPTIONS_SSP_SPEC renamed to ESPF_OPTIONS_SSP_SPEC + ESPF_COMPILER_COMMAND_PIE_SPEC renamed to ESPF_OPTIONS_PIE_SPEC + ESPF_LINK_COMMAND_PIE_SPEC renamed to ESPF_LINK_PIE_SPEC + add !p !pg to ESPF_LINK_PIE_SPEC + removed ESPF_LINK_SPEC ESPF_CC1_OPTIONS_PIE_INCOMPATIBLE_SPEC + * gcc/gcc.c cpp_options add %(espf_cpp_options) + compiler spec add %(espf_options) + change code for ESPF_EXTRA_SPECS + process_command(): Check for lazy, or now + do_spec_1(): Add -z now and -z relro + main() add do_self_spec (espf_command_options_spec) + removed do_self_spec (espf_cc1_command_spec) do_self_spec (espf_link_command_spec) + +0.2.9 Magnus Granberg <zorry@ume.nu> + + * gcc/espf.h add ESPF_COMPILER_COMMAND_PIE_SPEC + add ESPF_LINK_COMMAND_PIE_SPEC + change ESPF_COMPILER_COMMAND_SPEC ESPF_LINK_COMMAND_SPEC + +0.2.8 Magnus Granberg <zorry@ume.nu> + + * gcc/configure removed check crtbeginTS.o + * gcc/espf.h added notes + add ESPF_CC1_SPEC + removed ESPF_CPP_UNIQUE_OPTIONS espf_override_options() + * gcc/gcc.c cc1_spec Set it to CC1_SPEC if ! ENABLE_ESPF + * gcc/toplev.c removed ESPF_OVERRIDE_OPTIONS + +0.2.7 Magnus Granberg <zorry@ume.nu> + + * gcc/opts.c (decode_options): Remove flag_strict_overflow as opt2 + * gcc/config.in removed HAVE_CRTBEGINTS + * gcc/Makefile removed crtbeginTS.o + * libgcc/Makefile.in removed crtbeginTS.o + * gcc/config/i386/i386.h removed espf_override_options ESPF_EXTRA_SPECS + * gcc/config/linux.h remoevd crtbeginTS.o + * gcc/espf.h ESPF_CC1_OPTIONS_PIE_SPEC renamed to ESPF_CC1_COMMAND_SPEC + * gcc/gcc.c add ESPF_EXTRA_SPECS + main() add do_self_spec (espf_cc1_command_spec) + +0.2.6 Magnus Granberg <zorry@ume.nu> + + * gcc/config/i386/i386.h add espf_override_options() to OVERRIDE_OPTIONS + * gcc/espf.h add espf_override_options() + * gcc/toplev.c add ESPF_OVERRIDE_OPTIONS + +0.2.5 Magnus Granberg <zorry@ume.nu> + + * gcc/config/i386/i386.h removed espf_cc1 + * gcc/config/i386/linux.h removed espf_cc1 %(crtend_gen) + * gcc/config/i386/x86-64.h removed espf_cc1 %(crtend_gen) + * gcc/config/linux.h removed espf_cc1 %(crtfile_gen) + %(crtbegin_t_gen) %(crtend_gen) + add crtbeginTS.o + * gcc/config.in removed TARGET_LIBC_PROVIDES_PIE + add HAVE_CRTBEGINTS + * gcc/Makefile.in add ESPF_NOPIE_CFLAGS ESPF_NOSSP_CFLAGS to + CRTSTUFF_T_CFLAGS + add ESPF_NOSSP_CFLAGS to CRTSTUFF_T_CFLAGS_S + * espf.h ESPF_CC1_SPEC renamed to ESPF_CC1_OPTIONS_SPEC + add ESPF_LINK_SPEC + ESPF_CC1_SSP_SPEC renamed to ESPF_CC1_OPTIONS_SSP_SPEC + ESPF_CC1_PIE_SPEC renamed to ESPF_CC1_OPTIONS_PIE_SPEC + ESPF_CC1_OPTIONS_SPEC renamed to ESPF_CC1_OPTIONS_PIE_INCOMPATIBLE_SPEC + LINK_PIE_SPEC renamed to ESPF_LINK_COMMAND_SPEC + removed ESPF_CC1_STRICT_SPEC CRTFILE_GEN_SPEC CRTBEGIN_GEN_SPEC + CRTBEGIN_T_GEN_SPEC CRTEND_GEN_SPEC + * gcc/configure remove TARGET_LIBC_PROVIDES_PIE + define HAVE_CRTBEGINTS + * gcc/gcc.c LINK_COMMAND_SPEC add %(espf_link) + main() add do_self_spec (espf_link_command_spec) + +0.2.4 Magnus Granberg <zorry@ume.nu> + + libgcc/Makefile.in clean specs + +0.2.3 Magnus Granberg <zorry@ume.nu> + + *gcc/espf.h add ESPF_CC1_STRICT_SPEC + +0.2.2 Magnus Granberg <zorry@ume.nu> + + * gcc/config/i386/i386.h Add espf_cc1 + Add ESPF_EXTRA_SPECS + * gcc/config/i386/linux.h Add espf_cc1 + * gcc/config/i386/x86-64.h Add espf_cc1 + * gcc/config/linux.h Add espf_cc1 + * gcc/Makefile.in add crtbeginTS.o to EXTRA_PARTS list + * libgcc/Makefile.in add crtbeginTS.o to EXTRA_PARTS list + * gcc/configure add define ENABLE_LIBSSP + * gcc/gcc.c %(fortify_default) renamed to %(espf_cpp_unique_options) + %(pie_incompatible) renamed to %(espf_cc1_options) + removed ESPF_EXTRA_SPECS + * gcc/espf.h ESPF_DEFAULT_SPEC renamed to ESPF_CC1_SPEC + SSP_DEFAULT_SPEC renamed to ESPF_CC1_SSP_SPEC + FORTIFY_DEFAULT_SPEC renamed to ESPF_CPP_UNIQUE_OPTIONS + PIE_DEFAULT_SPEC renamed to ESPF_CC1_PIE_SPEC + PIE_INCOMPATIBLE_SPEC renamed to ESPF_CC1_OPTIONS_SPEC + add new CRTFILE_GEN_SPEC CRTBEGIN_T_GEN_SPEC CRTEND_GEN_SPEC if ! + TARGET_LIBC_PROVIDES_PIE + +4.4.0-espf-0.2.1 Magnus Granberg <zorry@ume.nu> + + * gcc/gcc.c include: espf.h + cc1_spec = CC1_SPEC if not ENABLE_ESPF + cpp_unique_options add %(fortify_default) + cc1_options add %(pie_incompatible) + EXTRA_SPECS add ESPF_EXTRA_SPECS + * libgcc/Makefile.in add crtbeginTs.o + gcc/Makefile.in add ESPF_NOPIE_CFLAGS and ESPF_NOSSP_CFLAGS + LIBGCC2_CFLAGS add ESPF_NOSSP_CFLAGS + CRTSTUFF_CFLAGS add ESPF_NOPIE_CFLAGS and ESPF_NOSSP_CFLAGS + crtbegin* add crtbeginTS + $(out_object_file): ix86_split_to_parts() stack smashing attack b.g.o #149292 + * libgcc/configure add enable_espf + * gcc/config/linux.h add %(crtfile_gen) %(crtbegin_t_gen) %(crtend_gen) + * gcc/config/i386/linux.h add %(crtend_gen) + * gcc/config/i386/linux64.h add %(crtend_gen) + * gcc/config.gcc extra_parts add crtbeginTS.o + * libgcc/config.host extra_parts add crtbeginTS.o + * gcc/configure check -z relro + check -z now + check FORTIFY_SOURCES level 2 + check Scrt1.o + check --enable-espf + check crtbeginTS.o + * gcc/espf.h new file + * gcc/varasm.c (decl_tls_model): Check flag_pic instead of flag_shlib + * gcc/config.in add ENABLE_LIBSSP + add ENABLE_ESPF + add TARGET_LIBC_PROVIDES_FORTIFY2 + add TARGET_LIBC_PROVIDES_PIE + * configure define ENABLE_LIBSSP + +gcc-4.3.3-piepatches-v10.2.1 diff --git a/gcc-4.6.0/piepatch/README.Gentoo.patches b/gcc-4.6.0/piepatch/README.Gentoo.patches new file mode 100644 index 0000000..db43079 --- /dev/null +++ b/gcc-4.6.0/piepatch/README.Gentoo.patches @@ -0,0 +1,28 @@ + ================ + === W[hat]TF === + ================ + +Gentoo patchsets that have grown too large to keep on the rsync mirrors have +been moved to our git tree. From there, we bundle up all the whee little +patches into a tarball and distribute it via our public mirroring system. + +If you want specific info about a patch (like wtf it does or whose great idea +it was to change the code), read the patch ! We try to fill out the top of +them with useful info such as what it does, why it's needed, bug reports, +original creators, etc... For simple patches, we reserve the right to assume +your IQ is greater than absolute 0 and figure out what it does w/out an +explanation. If, by some miracle of science, it falls below the absolute 0 +mark, you should help mankind by finding some scientists and letting them +probe you with their ... erm ... probes. + + ================= + === W[here]TF === + ================= + +For those with git access +git://git.overlays.gentoo.org/proj/hardened-gccpatchset.git + +For those w/out git access, this URL should help you: +http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-gccpatchset.git;a=summary + +It should be pretty easy to find your way around, you're a big boy after all. diff --git a/gcc-4.6.0/piepatch/README.history b/gcc-4.6.0/piepatch/README.history new file mode 100644 index 0000000..07d373c --- /dev/null +++ b/gcc-4.6.0/piepatch/README.history @@ -0,0 +1,233 @@ +0.4.5 18-06-2010 + U 35_all_gcc44_config_crtbegints.patch +0.4.4 26-05-2010 + U 30_all_gcc44_esp.h.patch +0.4.3 26-05-2010 + U 20_all_gcc44_gcc.c.patch + U 30_all_gcc44_esp.h.patch +0.4.2 24-05-2010 + U 10_all_gcc44_configure.patch + U 12_all_gcc44_Makefile.in.patch + U 11_all_gcc44_config.in.patch + U 30_all_gcc44_esp.h.patch +0.4.1 29-04-2010 + U 10_all_gcc45_configure.patch + U 12_all_gcc45_Makefile.in.patch + U 11_all_gcc44_config.in.patch + U 30_all_gcc44_esp.h.patch + +0.4.0 19-04-2010 + U 10_all_gcc45_configure.patch + U 12_all_gcc45_Makefile.in.patch + U 11_all_gcc44_config.in.patch + U 20_all_gcc45_gcc.c.patch + - 30_all_gcc44_espf.h.patch + + 30_all_gcc44_esp.h.patch + +0.3.9 14-04-2010 + U 10_all_gcc45_configure.patch + - 50_all_gcc44_no_ssp_tls_uclibc.patch + U 33_all_gcc45_config_rs6000_linux64.h.patch + +0.3.8 10-04-2010 + 10_all_gcc44_configure.patch + 11_all_gcc44_config.in.patch + 20_all_gcc44_gcc.c.patch + 30_all_gcc44_espf.h.patch + +0.3.7 10-02-2010 + 20_all_gcc44_gcc.c.patch + 30_all_gcc44_espf.h.patch + 10_all_gcc44_configure.patch + +0.3.6 23-12-2009 + - 10_all_gcc44_configure.patch + + 10_all_gcc44_configure.patch + - 30_all_gcc44_espf.h.patch + + 30_all_gcc44_espf.h.patch + - README.Changelog + + README.Changelog + - README.history + + README.history + - README + + README + +0.3.5 24-09-2009 + - 30_all_gcc44_espf.h.patch + + 30_all_gcc44_espf.h.patch + - 35_all_gcc44_config_crtbegints.patch + + 35_all_gcc44_config_crtbegints.patch + + 33_all_gcc44_config_rs6000_linux64.h.patch + - README.Changelog + + README.Changelog + - README.history + + README.history + + README.Gentoo.patches + +0.3.4 11-09-2009 + - 10_all_gcc44_configure.patch + + 10_all_gcc44_configure.patch + - 11_all_gcc44_config.in.patch + + 11_all_gcc44_config.in.patch + - 12_all_gcc44_Makefile.in.patch + + 12_all_gcc44_Makefile.in.patch + - 20_all_gcc44_gcc.c.patch + + 20_all_gcc44_gcc.c.patch + - 23_all_gcc44_opts.c.patch + - 30_all_gcc44_espf.h.patch + + 30_all_gcc44_espf.h.patch + + 35_all_gcc44_config_crtbegints.patch + + 60_all_gcc44_invoke.texi.patch + - README.Changelog + + README.Changelog + - README.history + + README.history + - README + + README + +0.3.3 14-08-2009 + - 23_all_gcc44_opts.c.patch + + 23_all_gcc44_opts.c.patch + +0.3.2 09-08-2009 + + 50_all_gcc44_no_ssp_tls_uclibc.patch + + README.Changelog + + README.history + - 23_all_gcc44_opts.c.patch + + 23_all_gcc44_opts.c.patch + - 30_all_gcc44-espf.h.patch + + 30_all_gcc44-espf.h.patch + +0.3.1 23-07-2009 + - 10_all_gcc44_configure.patch + + 10_all_gcc44_configure.patch + +0.3.0 23-07-2009 + - 10_all_gcc44_configure.patch + + 10_all_gcc44_configure.patch + - 11_all_gcc44_config.in.patch + + 11_all_gcc44_config.in.patch + - 12_all_gcc44_Makefile.in.patch + + 12_all_gcc44_Makefile.in.patch + - 20_all_gcc44_gcc.c.patch + + 20_all_gcc44_gcc.c.patch + + 40_all_gcc44_obj_lang-specs.h.patch + + 40_all_gcc44_objp_lang-specs.h.patch + + 40_all_gcc44_cp_lang-specs.h.patch + - 50_all_gcc44_gentoo_v20090614.1.patch + - 30_all_gcc44-espf.h.patch + + 30_all_gcc44-espf.h.patch + +0.2.9 14-06-2009 + - 12_all_gcc44_Makefile.in.patch + + 12_all_gcc44_Makefile.in.patch + - 30_all_gcc44-espf.h.patch + + 30_all_gcc44-espf.h.patch + - 50_all_gcc44_gentoo_v20090612.2.patch + + 50_all_gcc44_gentoo_v20090614.1.patch + +0.2.8 12-06-2009 + - 10_all_gcc44_configure.patch + + 10_all_gcc44_configure.patch + - 11_all_gcc44_config.in.patch + + 11_all_gcc44_config.in.patch + - 12_all_gcc44_Makefile.in.patch + + 12_all_gcc44_Makefile.in.patch + - 22_all_gcc44-toplev.c.patch + - 25_all_gcc44-espf.h.patch + + 30_all_gcc44-espf.h.patch + + 50_all_gcc44_gentoo_v20090612.2.patch + +0.2.7 29-05-2009 + - 11_all_gcc44_config.in.patch + + 11_all_gcc44_config.in.patch + - 12_all_gcc44_Makefile.in.patch + + 12_all_gcc44_Makefile.in.patch + - 20_all_gcc44_gcc.c.patch + + 20_all_gcc44_gcc.c.patch + + 23_all_gcc44_opts.c.patch + - 25_all_gcc44-espf.h.patch + + 25_all_gcc44-espf.h.patch + - 30_all_gcc44-config-defaul-linux.patch + +0.2.6 28-05-2009 + + 22_all_gcc44-toplev.c.patch + - 25_all_gcc44-espf.h.patch + + 25_all_gcc44-espf.h.patch + - 30_all_gcc44-config-defaul-linux.patch + + 30_all_gcc44-config-defaul-linux.patch + +0.2.5 27-05-2009 + - 10_all_gcc44_configure.patch + + 10_all_gcc44_configure.patch + - 12_all_gcc44_Makefile.in.patch + + 12_all_gcc44_Makefile.in.patch + - 20_all_gcc44_gcc.c.patch + + 20_all_gcc44_gcc.c.patch + - 25_all_gcc44-espf.h.patch + + 25_all_gcc44-espf.h.patch + - 30_all_gcc44-config-defaul-linux.patch + + 30_all_gcc44-config-defaul-linux.patch + - 40_all_gcc44-gentoo.patch + +0.2.4 08-05-2009 + - 12_all_gcc44_Makefile.in.patch + + 12_all_gcc44_Makefile.in.patch + +0.2.3 08-05-2009 + - 20_all_gcc44_gcc.c.patch + + 20_all_gcc44_gcc.c.patch + - 40_all_gcc44-gentoo.patch + + 40_all_gcc44-gentoo.patch + +0.2.2 04-05-2009 + + 10_all_gcc44_configure.patch + + 11_all_gcc44_config.in.patch + + 12_all_gcc44_Makefile.in.patch + + 20_all_gcc44_gcc.c.patch + + 21_all_gcc44_decl-tls-model.patch + + 25_all_gcc44-espf.h.patch + + 30_all_gcc44-config-defaul-linux.patch + + 40_all_gcc44-gentoo.patch + - 01_all_gcc44-configure.patch + - 10_all_gcc44-gcc_configure.patch + - 11_all_gcc44-gcc_config.in.patch + - 12_all_gcc44-gcc_config.gcc.patch + - 13_all_gcc44-gcc_Makefile.in.patch + - 15_all_gcc44-libgcc_config.host.patch + - 16_all_gcc44-libgcc_configure.patch + - 17_all_gcc44-libgcc_Makefile.in.patch + - 21_all_gcc44-gcc_espf.h.patch + - 22_all_gcc44-gcc_gcc.c.patch + - 23_all_gcc44-gcc_varasm.c.patch + - 30_all_gcc44-add-crt-start-endfiles-linux.patch + +0.2.1 28-04-2009 + + 01_all_gcc44-configure.patch + + 10_all_gcc44-gcc_configure.patch + + 11_all_gcc44-gcc_config.in.patch + + 12_all_gcc44-gcc_config.gcc.patch + + 13_all_gcc44-gcc_Makefile.in.patch + + 15_all_gcc44-libgcc_config.host.patch + + 16_all_gcc44-libgcc_configure.patch + + 17_all_gcc44-libgcc_Makefile.in.patch + + 21_all_gcc44-gcc_espf.h.patch + + 22_all_gcc44-gcc_gcc.c.patch + + 23_all_gcc44-gcc_varasm.c.patch + + 30_all_gcc44-add-crt-start-endfiles-linux.patch + - 00_all_gcc4.4-cvs-incompat.patch + - 05_all_gcc4.4-compile-no-ssp.patch + - 10_all_gcc4.4-hardened-minispecs-support.patch + - 11_all_gcc4.4-decl-tls-model.patch + - 12_all_gcc4.4-fortify-minispecs-support.patch + - 20-all_gcc4.4-default-crt-start-endfile.patch + - 30-all_gcc4.4-crtbeginTS-fno-PIE.patch + +0.1.0 16.04.2009 + + 00_all_gcc4.4-cvs-incompat.patch + + 05_all_gcc4.4-compile-no-ssp.patch + + 10_all_gcc4.4-hardened-minispecs-support.patch + + 11_all_gcc4.4-decl-tls-model.patch + + 12_all_gcc4.4-fortify-minispecs-support.patch + + 20-all_gcc4.4-default-crt-start-endfile.patch + + 30-all_gcc4.4-crtbeginTS-fno-PIE.patch |