diff options
author | Magnus Granberg <zorry@gentoo.org> | 2012-04-08 14:36:28 +0200 |
---|---|---|
committer | Magnus Granberg <zorry@gentoo.org> | 2012-04-08 14:36:28 +0200 |
commit | 9f286ca40bcefa89d281475687529dfc081856cf (patch) | |
tree | e8e5504eda6364696545ad1c534267984087db36 | |
parent | Update 4.6 and 4.7 (diff) | |
download | hardened-gccpatchset-9f286ca40bcefa89d281475687529dfc081856cf.tar.gz hardened-gccpatchset-9f286ca40bcefa89d281475687529dfc081856cf.tar.bz2 hardened-gccpatchset-9f286ca40bcefa89d281475687529dfc081856cf.zip |
Updated configure.ac patch for upstream
-rw-r--r-- | upstream/configure.ac.patch | 233 |
1 files changed, 115 insertions, 118 deletions
diff --git a/upstream/configure.ac.patch b/upstream/configure.ac.patch index b08edcc..86bab05 100644 --- a/upstream/configure.ac.patch +++ b/upstream/configure.ac.patch @@ -1,25 +1,18 @@ -2011-06-24 Magnus Granberg <zorry@gentoo.org> - - * configure Add --enable-espf. Add -fno-stack-protector - to stage1_cflags. - * gcc/configure.ac Add --enable-espf and checks for it. - ---- a/configure.ac 2011-04-18 23:27:00.000000000 +0200 -+++ b/configure.ac 2011-04-27 12:47:11.351473240 +0200 -@@ -419,6 +419,25 @@ +--- a/configure.ac 2011-11-29 22:36:43.000000000 +0100 ++++ b/configure.ac 2011-12-07 23:29:26.125712475 +0100 +@@ -419,6 +419,24 @@ if test "${ENABLE_LIBADA}" != "yes" ; th noconfigdirs="$noconfigdirs gnattools" fi +# Check whether --enable-espf was given and target have the support. +AC_ARG_ENABLE([espf], +[AS_HELP_STRING([--enable-espf], -+ [Enable Stack protector, Position independent executable and -+ Fortify_sources as default if we have suppot for it when compiling -+ and link with -z relro and -z now as default. -+ Linux targets supported x86_64.])], ++ [Enable Stack protector, Position independent executable as ++ default if we have suppot for it when compiling. ++ Linux targets supported i*86, x86_64 and x86_x32.])], +[ + case $target in -+ i?86*-*-linux* | x86_64*-*-linux* | x86_x32*-*-linux | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*) ++ i?86*-*-linux* | x86_??*-*-linux*) + enable_espf=yes + ;; + *) @@ -32,23 +25,25 @@ AC_ARG_ENABLE(libssp, [AS_HELP_STRING([--enable-libssp], [build libssp directory])], ENABLE_LIBSSP=$enableval, -@@ -3152,6 +3171,10 @@ - esac ;; - esac +@@ -3211,6 +3230,11 @@ if test "$GCC" = yes -a "$ENABLE_BUILD_W + CFLAGS="$saved_CFLAGS" + fi +# Disable -fstack-protector on stage1 +if test x$enable_espf = xyes; then + stage1_cflags="$stage1_cflags -fno-stack-protector" +fi - # This is aimed to mimic bootstrap with a non-GCC compiler to catch problems. - if test "$GCC" = yes -a "$ENABLE_BUILD_WITH_CXX" != yes; then - saved_CFLAGS="$CFLAGS" ---- a/gcc/configure.ac 2011-04-13 19:12:53.000000000 +0200 -+++ b/gcc/configure.ac 2011-06-24 03:17:07.448179335 +0200 -@@ -4515,6 +4515,145 @@ - AC_SUBST(MAINT)dnl ++ + AC_SUBST(stage1_cflags) + + # Enable --enable-checking in stage1 of the compiler. +--- a/gcc/configure.ac 2011-11-18 11:52:32.000000000 +0100 ++++ b/gcc/configure.ac 2012-04-04 16:18:00.269968226 +0200 +@@ -5130,6 +5146,148 @@ if test x"${LINKER_HASH_STYLE}" != x; th + [The linker hash style]) + fi - # -------------- ++# -------------- +# Espf checks +# -------------- + @@ -56,16 +51,15 @@ +AC_ARG_ENABLE([espf], +[AS_HELP_STRING([--enable-espf], + [Enable Stack protector, Position independent executable and -+ Fortify_sources as default if we have suppot for it when compiling -+ and link with -z relro and -z now as default. -+ Linux targets supported x86_64])], ++ Fortify_sources as default if we have suppot for it when compiling. ++ Linux targets supported i*86, x86_64, and x86_x32.])], + set_enable_espf=$enableval, + set_enable_espf=no) +if test $set_enable_espf = yes ; then + AC_MSG_CHECKING(if $target support espf) +if test $set_enable_espf = yes ; then + case "$target" in -+ ?86-*-linux* | x86_64-*-linux*) ++ i?86*-*-linux* | x86_??*-*-linux*) + enable_espf=yes + AC_DEFINE(ENABLE_ESPF, 1, + [Define if your target support espf and you have enable it.]) @@ -82,112 +76,115 @@ +AC_SUBST([enable_espf]) +if test $enable_espf = yes ; then + -+ AC_CACHE_CHECK(linker -z relro support, -+ gcc_cv_ld_relro, -+ [gcc_cv_ld_relro=no -+ if test $in_tree_ld = yes ; then -+ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \ -+ && test $in_tree_ld_is_elf = yes; then -+ gcc_cv_ld_relro=yes -+ fi -+ elif test x$gcc_cv_ld != x; then -+ # Check if linker supports -z relro options -+ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then -+ gcc_cv_ld_relro=yes -+ fi -+ fi -+ ]) -+ -+ AC_CACHE_CHECK(linker -z now support, -+ gcc_cv_ld_now, -+ [gcc_cv_ld_now=no -+ if test $in_tree_ld = yes ; then -+ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \ -+ && test $in_tree_ld_is_elf = yes; then -+ gcc_cv_ld_now=yes -+ fi -+ elif test x$gcc_cv_ld != x; then -+ # Check if linker supports -z now options -+ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then -+ gcc_cv_ld_now=yes -+ fi -+ fi -+ ]) -+ +# Check for FORTIFY_SOURCES support in target C library. -+AC_CACHE_CHECK(for _FORTIFY_SOURCES support in target C library, -+ gcc_cv_libc_provides_fortify, -+ [gcc_cv_libc_provides_fortify=no ++ AC_CACHE_CHECK(for _FORTIFY_SOURCES support in target C library, ++ gcc_cv_libc_provides_fortify, ++ [gcc_cv_libc_provides_fortify=no + case "$target" in -+ *-*-linux*) -+ [# glibc 2.8 and later provides _FORTIFY_SOURCES. -+ if test -f $target_header_dir/features.h; then -+ if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \ -+ $target_header_dir/features.h > /dev/null \ -+ && $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]|[8-9])' \ ++ *-*-linux*) ++ [# glibc 2.8 and later provides _FORTIFY_SOURCES. ++ # uClibc 0.9.32 and later provides _FORTIFY_SOURCES. ++ if test -f $target_header_dir/features.h; then ++ if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \ ++ $target_header_dir/features.h > /dev/null \ ++ && $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]|[8-9])' \ ++ $target_header_dir/features.h > /dev/null; then ++ gcc_cv_libc_provides_fortify=yes ++ elif $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]+1' \ + $target_header_dir/features.h > /dev/null; then -+ gcc_cv_libc_provides_fortify=yes -+ elif $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]' \ -+ $target_header_dir/features.h > /dev/null ; then -+ gcc_cv_libc_provides_fortify=no -+ fi -+ fi] -+ ;; -+ *) gcc_cv_libc_provides_fortify=no ;; ++ if test -f $target_header_dir/bits/uClibc_config.h && \ ++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_SUBLEVEL__[ ]+([3-9][2-9]|[4-9][0-9])' \ ++ $target_header_dir/bits/uClibc_config.h > /dev/null; then ++ gcc_cv_libc_provides_fortify=yes ++ else ++ gcc_cv_libc_provides_fortify=no ++ fi ++ fi ++ fi] ++ ;; ++ *) gcc_cv_libc_provides_fortify=no ;; + esac]) + -+ AC_MSG_CHECKING(if the compiler default to use -fPIE and link with -pie) -+ if test $set_enable_espf = yes && test x"$gcc_cv_ld_pie" = xyes; then -+ enable_espf_pie=yes ++ AC_MSG_CHECKING(if we can default to use -fPIE and link with -pie) ++ if test x$gcc_cv_ld_pie = xyes; then ++ saved_LDFLAGS="$LDFLAGS" ++ saved_CFLAGS="$CFLAGS" ++ CFLAGS="$CFLAGS -fPIE -Werror" ++ LDFLAGS="$LDFLAGS -fPIE -pie" ++ AC_TRY_LINK(,, ++ [AC_MSG_RESULT([yes]); enable_espf_pie=yes], ++ [AC_MSG_RESULT([no]); enable_espf_pie=no]) ++ LDFLAGS="$saved_LDFLAGS" ++ CFLAGS="$saved_CFLAGS" ++ else ++ AC_MSG_RESULT([no]) ++ enable_espf_pie=no ++ fi ++ ++ if test $enable_espf_pie = yes ; then + AC_DEFINE(ENABLE_ESPF_PIE, 1, + [Define if your compiler will default to use -fPIE and link with -pie.]) ++ fi ++ ++ AC_MSG_CHECKING(if we can default to use -fstack-protector) ++ ssp_link_test=no ++ if test x$gcc_cv_libc_provides_ssp = xyes && test x$set_have_as_tls = yes; then ++ if $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]+1' \ ++ $target_header_dir/features.h > /dev/null; then ++ if test -f $target_header_dir/bits/uClibc_config.h && \ ++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_SUBLEVEL__[ ]+([3-9][2-9]|[4-9][0-9])' \ ++ $target_header_dir/bits/uClibc_config.h > /dev/null && \ ++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_HAS_TLS__[ ]+1' \ ++ $target_header_dir/bits/uClibc_config.h > /dev/null; then ++ ssp_link_test=yes ++ fi ++ else ++ ssp_link_test=yes ++ fi ++ fi ++ if test x$ssp_link_test=xyes ; then ++ saved_CFLAGS="$CFLAGS" ++ CFLAGS="$CFLAGS -O2 -fstack-protector -Werror" ++ AC_TRY_LINK(,, ++ [AC_MSG_RESULT([yes]); enable_espf_ssp=yes], ++ [AC_MSG_RESULT([no]); enable_espf_ssp=no]) ++ CFLAGS="$saved_CFLAGS" + else -+ enable_espf_pie=no ++ AC_MSG_RESULT([no]) ++ enable_espf_ssp=no + fi -+ AC_MSG_RESULT($enable_espf_pie) -+AC_MSG_CHECKING(if the compiler default to use -fstack-protector) -+ if test $set_enable_espf = yes && test x$gcc_cv_libc_provides_ssp = xyes \ -+ && test $set_have_as_tls = yes ; then -+ enable_espf_ssp=yes ++ if test $enable_espf_ssp = yes ; then + AC_DEFINE(ENABLE_ESPF_SSP, 1, + [Define if your compiler will default to use -fstack-protector.]) -+ else -+ enable_espf_ssp=no + fi -+ AC_MSG_RESULT($enable_espf_ssp) + -+AC_MSG_CHECKING(if the compiler default to use -D_FORTIFY_SOURCES=2) -+ if test $set_enable_espf = yes && test x$gcc_cv_libc_provides_fortify = xyes; then -+ enable_espf_fortify=yes ++ AC_MSG_CHECKING(if we can default to use -D_FORTIFY_SOURCES=2) ++ if test x$gcc_cv_libc_provides_fortify = xyes; then ++ saved_CFLAGS="$CFLAGS" ++ saved_CPPFLAGS="$CPPFLAGS" ++ CFLAGS="$CFLAGS -O2 -Werror" ++ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCES=2" ++ AC_TRY_LINK([ ++ #include <sys/types.h> ++ #include <sys/stat.h> ++ #include <fcntl.h> ++ ],[ ++ open ("/tmp/foo", O_WRONLY | O_CREAT); ++ ], ++ [AC_MSG_RESULT([no]); enable_espf_fortify=no], ++ [AC_MSG_RESULT([yes]); enable_espf_fortify=yes]) ++ CFLAGS="$saved_CFLAGS" ++ CPPFLAGS="$saved_CPPFLAGS" ++ else ++ [AC_MSG_RESULT([no]); enable_espf_fortify=no] ++ fi ++ if test x$enable_espf_fortify = xyes ; then + AC_DEFINE(ENABLE_ESPF_FORTIFY, 1, + [Define if your compiler will default to use -D_FORTIFY_SOURCES=2.]) -+ else -+ enable_espf_fortify=no + fi -+ AC_MSG_RESULT($enable_espf_fortify) + -+ AC_MSG_CHECKING(if the compiler will pass -z relro to the linker) -+ if test $set_enable_espf = yes && test x$gcc_cv_ld_relro = xyes; then -+ enable_espf_relro=yes -+ AC_DEFINE(ENABLE_ESPF_RELRO, 1, -+ [Define if your compiler will pass -z relro to the linker.]) -+ else -+ enable_espf_relro=no -+ fi -+ AC_MSG_RESULT($enable_espf_relro) -+ -+ AC_MSG_CHECKING(if the compiler will pass -z now to the linker) -+ if test $set_enable_espf = yes && test x$gcc_cv_ld_now = xyes; then -+ enable_espf_now=yes -+ AC_DEFINE(ENABLE_ESPF_NOW, 1, -+ [Define if your compiler will pass -z now to the linker.]) -+ else -+ enable_espf_now=no -+ fi -+ AC_MSG_RESULT($enable_espf_now) +fi + -+# -------------- - # Language hooks - # -------------- + # Configure the subdirectories + # AC_CONFIG_SUBDIRS($subdirs) |