Update 4.6 and 4.7

author: Magnus Granberg <zorry@gentoo.org> 2012-04-08 14:33:17 +0200
committer: Magnus Granberg <zorry@gentoo.org> 2012-04-08 14:33:17 +0200
commit: a47328a2beadfa7ab70802444f0aabac82ede1b9 (patch)
tree: 0689f57520cc5bf96c9a632847ed97a55a484f88
parent: piepatch 0.5.2 for gcc 4.7 (diff)
download: hardened-gccpatchset-a47328a2beadfa7ab70802444f0aabac82ede1b9.tar.gz
hardened-gccpatchset-a47328a2beadfa7ab70802444f0aabac82ede1b9.tar.bz2
hardened-gccpatchset-a47328a2beadfa7ab70802444f0aabac82ede1b9.zip
11 files changed, 258 insertions, 268 deletions
diff --git a/gcc-4.5.0/piepatch/15_all_gcc45-pr52194.patch b/gcc-4.5.0/piepatch/15_all_gcc45-pr52194.patch
new file mode 100644
index 0000000..4b7b4ae
--- /dev/null
+++ b/gcc-4.5.0/piepatch/15_all_gcc45-pr52194.patch
@@ -0,0 +1,61 @@
+2012-02-11	Magnus Granberg	<zorry@gentoo.org>
+
+		PR52194
+		* gcc/c-pch.c	(c_common_valid_pch)	check for
+		Pax and RANDMMAP.
+
+--- a/gcc/c-pch.c		2011-08-28 22:14:46.000000000 +0200
++++ b/gcc/c-pch.c	2012-02-11 17:10:23.158018580 +0100
+@@ -36,6 +36,10 @@ along with GCC; see the file COPYING3.
+ #include "opts.h"
+ #include "timevar.h"
+ 
++#define FILE_BUFFER 256
++#define LINE_BUFFER 1024
++#define WORD_BUFFER 1024
++
+ /* This is a list of flag variables that must match exactly, and their
+    names for the error message.  The possible values for *flag_var must
+    fit in a 'signed char'.  */
+@@ -240,6 +244,11 @@ c_common_valid_pch (cpp_reader *pfile, c
+   char ident[IDENT_LENGTH + 16];
+   const char *pch_ident;
+   struct c_pch_validity v;
++  FILE *f;
++  char file[FILE_BUFFER];
++  char line[LINE_BUFFER];
++  char word[WORD_BUFFER];
++  char value[WORD_BUFFER];
+ 
+   /* Perform a quick test of whether this is a valid
+      precompiled header for the current language.  */
+@@ -351,6 +360,29 @@ c_common_valid_pch (cpp_reader *pfile, c
+       }
+   }
+ 
++  /* FIXME: On PaX enabled kernel with RANDMMAP enabled we can't use
++     PCH.  #PR52194  */
++
++  f = fopen ("/proc/self/status", "r");
++  if (f != NULL)
++    {
++	memset(file, 0, FILE_BUFFER);
++	while( fgets(line, LINE_BUFFER, f) )
++	  {
++	    sscanf(line, "%s %s", word, value);  
++	    if(!strcmp(word, "PaX:"))
++	      {
++		if(value[3] == 'R')
++		  {
++		    cpp_error (pfile, CPP_DL_WARNING, "%s can't be used \
++				     with PaX enabled kernel with RANDMMAP \
++				     enabled.", name);
++		    return 2;
++		  }
++	      }
++	  }
++    }
++  
+   /* Check the preprocessor macros are the same as when the PCH was
+      generated.  */
+ 
diff --git a/gcc-4.6.0/piepatch/10_all_gcc45_configure.patch b/gcc-4.6.0/piepatch/10_all_gcc45_configure.patch
index 357e63a..a526b00 100644
--- a/gcc-4.6.0/piepatch/10_all_gcc45_configure.patch
+++ b/gcc-4.6.0/piepatch/10_all_gcc45_configure.patch
@@ -1,4 +1,4 @@
-2011-12-07	Magnus Granberg		<zorry@gentoo.org>, Anthony G. Basile	<basile@opensource.dyc.edu>
+2012-02-14	Magnus Granberg		<zorry@gentoo.org>, Anthony G. Basile	<basile@opensource.dyc.edu>
 
 		* configure		Add --enable-esp.  Add-fno-stack-protector
 		to stage1_cflags.
@@ -26,7 +26,7 @@
 +			   Enable Stack protector, Position independent executable as
 +			   default if we have suppot for it when compiling
 +			   and link with -z relro and -z now as default.
-+			   Linux targets supported i*86, x86_64, powerpc, powerpc64, ia64 and arm
++			   Linux targets supported i*86, x86_64, powerpc, powerpc64, ia64 and arm.
    --enable-libssp         build libssp directory
    --disable-ppl-version-check    disable check for PPL version
    --disable-cloog-version-check  disable check for CLooG version
diff --git a/gcc-4.6.0/piepatch/13_all_gcc46_ssp_uclibc_check.patch b/gcc-4.6.0/piepatch/13_all_gcc46_ssp_uclibc_check.patch
new file mode 100644
index 0000000..c0abb3e
--- /dev/null
+++ b/gcc-4.6.0/piepatch/13_all_gcc46_ssp_uclibc_check.patch
@@ -0,0 +1,68 @@
+2012-04-03	Magnus Granberg <zorry@gentoo.org>
+
+	* gcc/config.in			Add define for ENABLE_ESP_SSP
+	* gcc/configure		Check SSP for uClibc
+
+--- a/gcc/config.in	2012-04-03 17:44:35.173548352 +0200
++++ b/gcc/config.in	2012-04-03 15:25:23.272299470 +0200
+@@ -89,6 +89,12 @@
+ #endif
+ 
+ 
++/* Define to 1 to enable esp ssp. */
++#ifndef USED_FOR_TARGET
++#undef ENABLE_ESP_SSP
++#endif
++
++
+ /* Define to 1 to enable fixed-point arithmetic extension to C. */
+ #ifndef USED_FOR_TARGET
+ #undef ENABLE_FIXED_POINT
+--- a/gcc/configure	2012-04-03 17:44:32.793548281 +0200
++++ b/gcc/configure	2012-04-03 17:40:00.000000000 +0200
+@@ -25915,6 +25915,45 @@ _ACEOF
+ 
+ fi
+ 
++
++# Check if we have SSP support. if uClibc we need 0.9.32 or newer and TLS.
++echo "$as_me:$LINENO: checking for SSP support" >&5
++echo $ECHO_N "checking for SSP support... $ECHO_C" >&6
++if test "${enable_esp_SSP+set}" = set; then
++  echo $ECHO_N "(cached) $ECHO_C" >&6
++else
++  if test x$enable_esp = xyes && test x$gcc_cv_libc_provides_ssp = xyes \
++     && test x$set_have_as_tls = xyes; then
++    if $EGREP '^[ 	]*#[ 	]*define[ 	]+__UCLIBC__[ 	]+1' \
++       $target_header_dir/features.h > /dev/null; then
++      if test -f $target_header_dir/bits/uClibc_config.h && \
++	 $EGREP '^[ 	]*#[ 	]*define[ 	]+__UCLIBC_SUBLEVEL__[ 	]+([3-9][2-9]|[4-9][0-9])' \
++	 $target_header_dir/bits/uClibc_config.h > /dev/null && \
++	 $EGREP '^[ 	]*#[ 	]*define[ 	]+__UCLIBC_HAS_TLS__[ 	]+1' \
++	 $target_header_dir/bits/uClibc_config.h > /dev/null; then
++	enable_esp_SSP=yes
++      else
++	enable_esp_SSP=no
++      fi
++    else
++      enable_esp_SSP=yes
++    fi
++  else
++    enable_esp_SSP=no
++  fi
++fi
++echo "$as_me:$LINENO: result: $enable_esp_SSP" >&5
++echo "${ECHO_T}$enable_esp_SSP" >&6
++
++if test x$$enable_esp_SSP = xyes; then
++
++cat >>confdefs.h <<\_ACEOF
++#define ENABLE_ESP_SSP 1
++_ACEOF
++
++fi
++
++
+ # Check if TFmode long double should be used by default or not.
+ # Some glibc targets used DFmode long double, but with glibc 2.4
+ # and later they can use TFmode.
diff --git a/gcc-4.6.0/piepatch/30_all_gcc45_esp.h.patch b/gcc-4.6.0/piepatch/30_all_gcc46_esp.h.patch
index c51e8b4..e11c910 100644
--- a/gcc-4.6.0/piepatch/30_all_gcc45_esp.h.patch
+++ b/gcc-4.6.0/piepatch/30_all_gcc46_esp.h.patch
@@ -1,13 +1,13 @@
-2011-12-05		Magnus Granberg		<zorry@gentoo.org>
+2012-04-03		Magnus Granberg		<zorry@gentoo.org>
 
 		* gcc/esp.h	New file to support --enable-esp
-		Version 20111205.1
+		Version 20120403.2
 
 --- gcc/esp.h	2010-04-09 16:14:00.000000000 +0200
 +++ gcc/esp.h	2010-04-29 21:30:47.000000000 +0200
 @@ -0,0 +1,145 @@
 +/* License terms see GNU GENERAL PUBLIC LICENSE Version 3.
-+ * Version 20111205.1
++ * Version 20120403.2
 + * Magnus Granberg (Zorry) <zorry@gentoo.org>  */
 +#ifndef GCC_ESP_H
 +#define GCC_ESP_H
@@ -57,7 +57,7 @@
 +
 +	/*  This will add -fstack-protector-all if we don't have -nostdlib -nodefaultlibs -fno-stack-protector -fstack-protector
 +		-fstack-protector-all and we have EFAULT_SSP or EFAULT_PIE_SSP defined.  */
-+	#if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP )
++	#if ( defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP ) ) && defined ( ENABLE_ESP_SSP )
 +		#define ESP_OPTIONS_SSP_SPEC \
 +			"%{!D__KERNEL__:%{!nostdlib:%{!nodefaultlibs: %{!fno-stack-protector: \
 +			%{!fstack-protector:%{!fstack-protector-all:-fstack-protector-all}}}}}}"
diff --git a/gcc-4.6.0/piepatch/README.Changelog b/gcc-4.6.0/piepatch/README.Changelog
index abf59f9..d903cb9 100644
--- a/gcc-4.6.0/piepatch/README.Changelog
+++ b/gcc-4.6.0/piepatch/README.Changelog
@@ -1,3 +1,9 @@
+0.5.1 Magnus Granberg		<zorry@gentoo.org>
+
+		* gcc/config.in			Add define for ENABLE_ESP_SSP
+		* gcc/configure		Check SSP for uClibc
+		* gcc/esp.h			ENABLE_ESP_SSP
+
 0.5.0 Magnus Granberg		<zorry@gentoo.org>
 
 		#393321
diff --git a/gcc-4.6.0/piepatch/README.history b/gcc-4.6.0/piepatch/README.history
index 49980dc..6fd4386 100644
--- a/gcc-4.6.0/piepatch/README.history
+++ b/gcc-4.6.0/piepatch/README.history
@@ -1,4 +1,8 @@
-0.5.0		07-12-2011
+0.5.1		03 Apr 2012
+		13_all_gcc46_ssp_uclibc_check.patch
+		+ 30_all_gcc46_esp.h.patch
+		- 30_all_gcc45_esp.h.patch
+0.5.0		07 Dec 2011
 		+ 35_all_gcc46_config_crtbeginp.patch
 		- 35_all_gcc46_config_crtbegints.patch
 		U 10_all_gcc45_configure.patch
@@ -7,18 +11,18 @@
 		- 11_all_gcc44_config.in.patch
 		+ 30_all_gcc45_esp.h.patch
 		- 30_all_gcc44_esp.h.patch
-0.4.9		09-11-2011
+0.4.9		09 Nov 2011
 		U 12_all_gcc46_Makefile.in.patch
-0.4.8		26-03-2011
+0.4.8		26 Mar 2011
 		U 22_all_gcc46-default-ssp.patch
-0.4.7		05-03-2011
+0.4.7		05 Mar 2011
 		U 20_all_gcc46_gcc.c.patch
 		+ 22_all_gcc46-default-ssp.patch
 		- 30_all_gcc46_esp.h.patch
 		+ 30_all_gcc44_esp.h.patch
 		U 33_all_gcc46_config_rs6000_linux64.h.patch
 		U 35_all_gcc46_config_crtbegints.patch
-0.4.6		07-01-2011
+0.4.6		07 Jan 2011
 		+ 12_all_gcc46_Makefile.in.patch
 		- 12_all_gcc44_Makefile.in.patch
 		+ 20_all_gcc46_gcc.c.patch
@@ -32,25 +36,25 @@
 		- 40_all_gcc44_obj_lang-specs.h.patch
 		- 40_all_gcc44_objp_lang-specs.h.patch
 		- 40_all_gcc44_cp_lang-specs.h.patch
-0.4.5		18-06-2010
+0.4.5		18 Jun 2010
 		U 35_all_gcc44_config_crtbegints.patch
-0.4.4		26-05-2010
+0.4.4		26 May 2010
 		U 30_all_gcc44_esp.h.patch
-0.4.3		26-05-2010
+0.4.3		26 May 2010
 		U 20_all_gcc44_gcc.c.patch
 		U 30_all_gcc44_esp.h.patch
-0.4.2		24-05-2010
+0.4.2		24 May 2010
 		U 10_all_gcc44_configure.patch
 		U 12_all_gcc44_Makefile.in.patch
 		U 11_all_gcc44_config.in.patch
 		U 30_all_gcc44_esp.h.patch
-0.4.1		29-04-2010
+0.4.1		29 Apr 2010
 		U 10_all_gcc45_configure.patch
 		U 12_all_gcc45_Makefile.in.patch
 		U 11_all_gcc44_config.in.patch
 		U 30_all_gcc44_esp.h.patch
 
-0.4.0		19-04-2010
+0.4.0		19 Apr 2010
 		U 10_all_gcc45_configure.patch
 		U 12_all_gcc45_Makefile.in.patch
 		U 11_all_gcc44_config.in.patch
@@ -58,23 +62,23 @@
 		- 30_all_gcc44_espf.h.patch
 		+ 30_all_gcc44_esp.h.patch
 
-0.3.9	14-04-2010
+0.3.9	14 Apr 2010
 		U 10_all_gcc45_configure.patch
 		- 50_all_gcc44_no_ssp_tls_uclibc.patch
 		U 33_all_gcc45_config_rs6000_linux64.h.patch
 
-0.3.8	10-04-2010
+0.3.8	10 Apr 2010
 		10_all_gcc44_configure.patch
 		11_all_gcc44_config.in.patch
 		20_all_gcc44_gcc.c.patch
 		30_all_gcc44_espf.h.patch
 
-0.3.7	10-02-2010
+0.3.7	10 Feb 2010
 		20_all_gcc44_gcc.c.patch
 		30_all_gcc44_espf.h.patch
 		10_all_gcc44_configure.patch
 
-0.3.6		23-12-2009
+0.3.6		23 Dec 2009
 		- 10_all_gcc44_configure.patch
 		+ 10_all_gcc44_configure.patch
 		- 30_all_gcc44_espf.h.patch
@@ -86,7 +90,7 @@
 		- README
 		+ README
 
-0.3.5		24-09-2009
+0.3.5		24 Sep 2009
 		- 30_all_gcc44_espf.h.patch
 		+ 30_all_gcc44_espf.h.patch
 		- 35_all_gcc44_config_crtbegints.patch
@@ -98,7 +102,7 @@
 		+ README.history
 		+ README.Gentoo.patches
 
-0.3.4		11-09-2009
+0.3.4		11 Sep 2009
 		- 10_all_gcc44_configure.patch
 		+ 10_all_gcc44_configure.patch
 		- 11_all_gcc44_config.in.patch
@@ -119,11 +123,11 @@
 		- README
 		+ README
 		
-0.3.3		14-08-2009
+0.3.3		14 Aug 2009
 		- 23_all_gcc44_opts.c.patch
 		+ 23_all_gcc44_opts.c.patch
 
-0.3.2		09-08-2009
+0.3.2		09 Aug 2009
 		+ 50_all_gcc44_no_ssp_tls_uclibc.patch
 		+ README.Changelog
 		+ README.history
@@ -132,11 +136,11 @@
 		- 30_all_gcc44-espf.h.patch
 		+ 30_all_gcc44-espf.h.patch
 
-0.3.1		23-07-2009
+0.3.1		23 Jul 2009
 		- 10_all_gcc44_configure.patch
 		+ 10_all_gcc44_configure.patch
 
-0.3.0		23-07-2009
+0.3.0		23 Jul 2009
 		- 10_all_gcc44_configure.patch
 		+ 10_all_gcc44_configure.patch
 		- 11_all_gcc44_config.in.patch
@@ -152,7 +156,7 @@
 		- 30_all_gcc44-espf.h.patch
 		+ 30_all_gcc44-espf.h.patch
 
-0.2.9		14-06-2009
+0.2.9		14 Jun 2009
 		- 12_all_gcc44_Makefile.in.patch
 		+ 12_all_gcc44_Makefile.in.patch
 		- 30_all_gcc44-espf.h.patch
@@ -160,7 +164,7 @@
 		- 50_all_gcc44_gentoo_v20090612.2.patch
 		+ 50_all_gcc44_gentoo_v20090614.1.patch
 
-0.2.8		12-06-2009
+0.2.8		12 Jun 2009
 		- 10_all_gcc44_configure.patch
 		+ 10_all_gcc44_configure.patch
 		- 11_all_gcc44_config.in.patch
@@ -172,7 +176,7 @@
 		+ 30_all_gcc44-espf.h.patch
 		+ 50_all_gcc44_gentoo_v20090612.2.patch
 
-0.2.7		29-05-2009
+0.2.7		29 May 2009
 		- 11_all_gcc44_config.in.patch
 		+ 11_all_gcc44_config.in.patch
 		- 12_all_gcc44_Makefile.in.patch
@@ -184,14 +188,14 @@
 		+ 25_all_gcc44-espf.h.patch
 		- 30_all_gcc44-config-defaul-linux.patch
 
-0.2.6		28-05-2009
+0.2.6		28 May 2009
 		+ 22_all_gcc44-toplev.c.patch
 		- 25_all_gcc44-espf.h.patch
 		+ 25_all_gcc44-espf.h.patch
 		- 30_all_gcc44-config-defaul-linux.patch
 		+ 30_all_gcc44-config-defaul-linux.patch
 
-0.2.5		27-05-2009
+0.2.5		27 May 2009
 		- 10_all_gcc44_configure.patch
 		+ 10_all_gcc44_configure.patch
 		- 12_all_gcc44_Makefile.in.patch
@@ -204,17 +208,17 @@
 		+ 30_all_gcc44-config-defaul-linux.patch
 		- 40_all_gcc44-gentoo.patch
 
-0.2.4		08-05-2009
+0.2.4		08 May 2009
 		- 12_all_gcc44_Makefile.in.patch
 		+ 12_all_gcc44_Makefile.in.patch
 
-0.2.3		08-05-2009
+0.2.3		08 May 2009
 		- 20_all_gcc44_gcc.c.patch
 		+ 20_all_gcc44_gcc.c.patch
 		- 40_all_gcc44-gentoo.patch
 		+ 40_all_gcc44-gentoo.patch
 
-0.2.2		04-05-2009
+0.2.2		04 May 2009
 		+ 10_all_gcc44_configure.patch
 		+ 11_all_gcc44_config.in.patch
 		+ 12_all_gcc44_Makefile.in.patch
@@ -236,7 +240,7 @@
 		- 23_all_gcc44-gcc_varasm.c.patch
 		- 30_all_gcc44-add-crt-start-endfiles-linux.patch
 
-0.2.1		28-04-2009
+0.2.1		28 Apr 2009
 		+ 01_all_gcc44-configure.patch
 		+ 10_all_gcc44-gcc_configure.patch
 		+ 11_all_gcc44-gcc_config.in.patch
@@ -257,7 +261,7 @@
 		- 20-all_gcc4.4-default-crt-start-endfile.patch
 		- 30-all_gcc4.4-crtbeginTS-fno-PIE.patch
 
-0.1.0		16.04.2009
+0.1.0		16 Apr 2009
 		+ 00_all_gcc4.4-cvs-incompat.patch
 		+ 05_all_gcc4.4-compile-no-ssp.patch
 		+ 10_all_gcc4.4-hardened-minispecs-support.patch
diff --git a/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch b/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch
index 94958b1..e79ea25 100644
--- a/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch
+++ b/gcc-4.7.0/piepatch/01_all_gcc47_configure.patch
@@ -1,10 +1,9 @@
-2012-01-07	Magnus Granberg		<zorry@gentoo.org>
+2012-04-06	Magnus Granberg		<zorry@gentoo.org>
 
 		* configure		Add --enable-esp.  Add-fno-stack-protector
 		to stage1_cflags.
-		* gcc/configure		Add --enable-esp. Check -z now, 
-		PIE, SSP and FORTIFY_SOURCES.
-		Define ENABLE_ESP.
+		* gcc/configure		Add --enable-esp and check if SSP works.
+		Define ENABLE_ESP ENABLE_ESP_SSP.
 		Check if we support crtbeginP and define ENABLE_CRTBEGINP.
 
 --- a/configure	2011-12-22 21:51:34.700589641 +0100
@@ -46,12 +45,12 @@
 +if test "${enable_esp+set}" = set; then :
 +  enableval=$enable_esp;
 +  case $target in
-+    i?86*-*-linux* | x86_64*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*)
++    i?86*-*-linux* | x86_??*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*)
 +      enable_esp=yes
 +      ;;
 +    *)
-+      { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: *** --enable-espf is not supported on this $target target." >&5
-+$as_echo "$as_me: WARNING: *** --enable-espf is not supported on this $target target." >&2;}
++      { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: *** --enable-esp is not supported on this $target target." >&5
++$as_echo "$as_me: WARNING: *** --enable-esp is not supported on this $target target." >&2;}
 +      ;;
 +  esac
 +
@@ -97,49 +96,20 @@
    --enable-plugin         enable plugin support
    --disable-libquadmath-support
                            disable libquadmath support for Fortran
-+  --enable-esp           Enable Stack protector, Position independent
++  --enable-esp            Enable Stack protector, Position independent
 +                          executable and Fortify_sources as default if we have
 +                          suppot for it when compiling and link -z now as
 +                          default. Linux targets supported i*86, x86_64,
-+                          x86_x32, powerpc, powerpc64, ia64 and arm
++                          x86_x32, powerpc, powerpc64, ia64, mips and arm
  
  Optional Packages:
    --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
-@@ -26575,6 +26582,28 @@ else
-   target_header_dir=${native_system_header_dir}
- fi
- 
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking linker -z now support" >&5
-+$as_echo_n "checking linker -z now support... " >&6; }
-+if test "${gcc_cv_ld_now+set}" = set; then :
-+  $as_echo_n "(cached) " >&6
-+else
-+  gcc_cv_ld_now=no
-+  if test $in_tree_ld = yes ; then
-+    if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \
-+      && test $in_tree_ld_is_elf = yes; then
-+        gcc_cv_ld_now=yes
-+    fi
-+  elif test x$gcc_cv_ld != x; then
-+    # Check if linker supports -z now options
-+    if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then
-+      gcc_cv_ld_now=yes
-+    fi
-+  fi
-+
-+fi
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_ld_now" >&5
-+$as_echo "$gcc_cv_ld_now" >&6; }
-+
- # Test for stack protector support in target C library.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking __stack_chk_fail in target C library" >&5
- $as_echo_n "checking __stack_chk_fail in target C library... " >&6; }
-@@ -27290,6 +27319,252 @@ _ACEOF
+@@ -27290,6 +27411,113 @@ _ACEOF
  
  fi
  
 +# --------------
-+# Espf checks
++# Esp checks
 +# --------------
 +
 +# Check whether --enable-esp was given and target have the support.
@@ -153,9 +123,9 @@
 +if test $set_enable_esp = yes ; then
 +  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $target support esp" >&5
 +$as_echo_n "checking if $target support esp... " >&6; }
-+if test x"$set_enable_esp" = x"yes" ; then
++if test $set_enable_esp = yes ; then
 +  case "$target" in
-+    i?86*-*-linux* | x86_64*-*-linux* |  x86_x32*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*)
++    i?86*-*-linux* | x86_??*-*-linux* | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux* | mips*-*-linux*)
 +      enable_esp=yes
 +
 +$as_echo "#define ENABLE_ESP 1" >>confdefs.h
@@ -174,80 +144,26 @@
 +
 +if test $enable_esp = yes ; then
 +
-+# Check for FORTIFY_SOURCES support in target C library.
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FORTIFY_SOURCES support  in target C library" >&5
-+$as_echo_n "checking for _FORTIFY_SOURCES support  in target C library... " >&6; }
-+if test "${gcc_cv_libc_provides_fortify+set}" = set; then :
-+  $as_echo_n "(cached) " >&6
-+else
-+  gcc_cv_libc_provides_fortify=no
-+    case "$target" in
-+      *-*-linux*)
-+        # glibc 2.8 and later provides _FORTIFY_SOURCES.
-+        if test -f $target_header_dir/features.h; then
-+          if $EGREP '^[ 	]*#[ 	]*define[ 	]+__GLIBC__[ 	]+2' \
-+	    $target_header_dir/features.h > /dev/null \
-+	    && $EGREP '^[ 	]*#[ 	]*define[ 	]+__GLIBC_MINOR__[ 	]+([1-9][0-9]|[8-9])' \
-+	    $target_header_dir/features.h > /dev/null; then
-+	      gcc_cv_libc_provides_fortify=yes
-+          elif $EGREP '^[ 	]*#[ 	]*define[ 	]+__UCLIBC__[ 	]' \
-+	    $target_header_dir/features.h > /dev/null ; then
-+            gcc_cv_libc_provides_fortify=no
-+	  fi
-+        fi
-+        ;;
-+      *) gcc_cv_libc_provides_fortify=no ;;
-+    esac
-+fi
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_libc_provides_fortify" >&5
-+$as_echo "$gcc_cv_libc_provides_fortify" >&6; }
-+
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can default to use -fPIE and link with -pie" >&5
-+$as_echo_n "checking if we can default to use -fPIE and link with -pie... " >&6; }
-+  if test x"$gcc_cv_ld_pie" = x"yes"; then
-+    saved_LDFLAGS="$LDFLAGS"
-+    saved_CFLAGS="$CFLAGS"
-+    CFLAGS="$CFLAGS -fPIE -Werror"
-+    LDFLAGS="$LDFLAGS -fPIE -pie"
-+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h.  */
-+
-+int
-+main ()
-+{
-+
-+  ;
-+  return 0;
-+}
-+_ACEOF
-+if ac_fn_c_try_link "$LINENO"; then :
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+$as_echo "yes" >&6; }; enable_espf_pie=yes
-+else
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+$as_echo "no" >&6; }; enable_espf_pie=no
-+fi
-+rm -f core conftest.err conftest.$ac_objext \
-+    conftest$ac_exeext conftest.$ac_ext
-+    LDFLAGS="$saved_LDFLAGS"
-+    CFLAGS="$saved_CFLAGS"
-+  else
-+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+$as_echo "no" >&6; }
-+    enable_espf_pie=no
-+  fi
-+
-+  if test $enable_espf_pie = yes ; then
-+
-+$as_echo "#define ENABLE_ESPF_PIE 1" >>confdefs.h
-+
++  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can default to use -fstack-protector" >&5
++$as_echo_n "checking if we can default to use -fstack-protector... " >&6; }
++  ssp_link_test=no
++  if test x$gcc_cv_libc_provides_ssp = xyes && test x$set_have_as_tls = yes; then
++    if $EGREP '^ 	*#[ 	]*define[ 	]+__UCLIBC__[ 	]+1' \
++       $target_header_dir/features.h > /dev/null; then
++      if test -f $target_header_dir/bits/uClibc_config.h && \
++	 $EGREP '^ 	*#[ 	]*define[ 	]+__UCLIBC_SUBLEVEL__[ 	]+([3-9][2-9]|[4-9][0-9])' \
++	 $target_header_dir/bits/uClibc_config.h > /dev/null && \
++	 $EGREP '^ 	*#[ 	]*define[ 	]+__UCLIBC_HAS_TLS__[ 	]+1' \
++	 $target_header_dir/bits/uClibc_config.h > /dev/null; then
++	ssp_link_test=yes
++      fi
++    else
++      ssp_link_test=yes
++    fi
 +  fi
-+
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can default to use -fstack-protector-all" >&5
-+$as_echo_n "checking if we can default to use -fstack-protector-all... " >&6; }
-+  if test x"$gcc_cv_libc_provides_ssp" = x"yes" && test x"$set_have_as_tls" = x"yes" ; then
++  if test x$ssp_link_test=xyes ; then
 +    saved_CFLAGS="$CFLAGS"
-+    CFLAGS="$CFLAGS -O2 -fstack-protector-all -Werror"
++    CFLAGS="$CFLAGS -O2 -fstack-protector -Werror"
 +    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 +/* end confdefs.h.  */
 +
@@ -261,127 +177,42 @@
 +_ACEOF
 +if ac_fn_c_try_link "$LINENO"; then :
 +  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+$as_echo "yes" >&6; }; enable_espf_ssp=yes
++$as_echo "yes" >&6; }; enable_esp_ssp=yes
 +else
 +  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+$as_echo "no" >&6; }; enable_espf_ssp=no
-+fi
-+rm -f core conftest.err conftest.$ac_objext \
-+    conftest$ac_exeext conftest.$ac_ext
-+    CFLAGS="$saved_CFLAGS"
-+  else
-+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+$as_echo "no" >&6; }
-+    enable_espf_ssp=no
-+  fi
-+  if test x"$enable_espf_ssp" = x"yes" ; then
-+
-+$as_echo "#define ENABLE_ESPF_SSP 1" >>confdefs.h
-+
-+  fi
-+
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the compiler default to use -D_FORTIFY_SOURCES" >&5
-+$as_echo_n "checking if the compiler default to use -D_FORTIFY_SOURCES... " >&6; }
-+  if test x"$gcc_cv_libc_provides_fortify" = x"yes"; then
-+    saved_CFLAGS="$CFLAGS"
-+    saved_CPPFLAGS="$CPPFLAGS"
-+    CFLAGS="$CFLAGS -O2 -Werror -Wall"
-+    CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCES=2"
-+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h.  */
-+
-+      #include <sys/types.h>
-+      #include <sys/stat.h>
-+      #include <fcntl.h>
-+
-+int
-+main ()
-+{
-+
-+      open ("/tmp/foo", O_WRONLY | O_CREAT);
-+
-+  ;
-+  return 0;
-+}
-+_ACEOF
-+if ac_fn_c_try_link "$LINENO"; then :
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+$as_echo "no" >&6; }; enable_espf_fortify=no
-+else
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+$as_echo "yes" >&6; }; enable_espf_fortify=yes
++$as_echo "no" >&6; }; enable_esp_ssp=no
 +fi
 +rm -f core conftest.err conftest.$ac_objext \
 +    conftest$ac_exeext conftest.$ac_ext
 +    CFLAGS="$saved_CFLAGS"
-+    CPPFLAGS="$saved_CPPFLAGS"
 +  else
 +    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
 +$as_echo "no" >&6; }
-+    enable_espf_fortify=no
-+  fi
-+  if test x"$enable_espf_fortify" = x"yes" ; then
-+
-+$as_echo "#define ENABLE_ESPF_FORTIFY 1" >>confdefs.h
-+
++    enable_esp_ssp=no
 +  fi
++  if test $enable_esp_ssp = yes ; then
 +
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the compiler default to use -z now to the linker" >&5
-+$as_echo_n "checking if the compiler default to use -z now to the linker... " >&6; }
-+    if test x"$gcc_cv_ld_now" = x"yes"; then
-+      saved_LDFLAGS="$LDFLAGS"
-+      saved_CFLAGS="$CFLAGS"
-+      CFLAGS="$CFLAGS -Werror"
-+      LDFLAGS="$LDFLAGS -Wl,-z,now"
-+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h.  */
++$as_echo "#define ENABLE_ESP_SSP 1" >>confdefs.h
 +
-+int
-+main ()
-+{
++  { $as_echo "$as_me:${as_lineno-$LINENO}: checking checking for crtbeginP.o support" >&5
++$as_echo_n "checking checking for crtbeginP.o support... " >&6; }
++      case "$target" in
++	ia64*-*-linux*)
++          enable_crtbeginP=no ;;
++        *-*-linux*)
++          if test x$gcc_cv_ld_pie = xyes && test x$lt_cv_prog_compiler_static_works = xyes; then
++            enable_crtbeginP=yes
 +
-+  ;
-+  return 0;
-+}
-+_ACEOF
-+if ac_fn_c_try_link "$LINENO"; then :
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+$as_echo "yes" >&6; }; enable_espf_now=yes
-+else
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+$as_echo "no" >&6; }; enable_espf_now=no
-+fi
-+rm -f core conftest.err conftest.$ac_objext \
-+    conftest$ac_exeext conftest.$ac_ext
-+      LDFLAGS="$saved_LDFLAGS"
-+      CFLAGS="$saved_CFLAGS"
-+    else
-+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-+$as_echo "no" >&6; }
-+      enable_espf_now=no
-+    fi
-+    if test x"$enable_espf_now" = x"yes" ; then
-+
-+$as_echo "#define ENABLE_ESPF_NOW 1" >>confdefs.h
++$as_echo "#define ENABLE_CRTBEGINP 1" >>confdefs.h
 +
++     	  fi
++          ;;
++  	*) enable_crtbeginP=no ;;
++      esac
 +    fi
-+
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crtbeginP.o support" >&5
-+$as_echo_n "checking for crtbeginP.o support... " >&6; }
-+    case "$target" in
-+      ia64*-*-linux*)
-+        enable_crtbeginP=no ;;
-+      *-*-linux*)
-+        if test x"$gcc_cv_ld_pie" = x"yes" && test x"$lt_cv_prog_compiler_static_works" = x"yes"; then
-+          enable_crtbeginP=yes
-+$as_echo "#define ENABLE_CRTBEGINP 1" >>confdefs.h
-+        else
-+          enable_crtbeginP=no
-+        fi ;;
-+      *) enable_crtbeginP=no ;;
-+    esac
 +  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_crtbeginP" >&5
 +$as_echo "$enable_crtbeginP" >&6; }
++
 +fi
 +
  # Configure the subdirectories
diff --git a/gcc-4.7.0/piepatch/02_all_gcc45_config.in.patch b/gcc-4.7.0/piepatch/02_all_gcc47_config.in.patch
index 489658f..43cd7f8 100644
--- a/gcc-4.7.0/piepatch/02_all_gcc45_config.in.patch
+++ b/gcc-4.7.0/piepatch/02_all_gcc47_config.in.patch
@@ -1,6 +1,7 @@
-2011-12-05	Magnus Granberg		<zorry@gentoo.org>
+2012-04-06	Magnus Granberg		<zorry@gentoo.org>
 
-		* gcc/config.in	Add ENABLE_CRTBEGINP and ENABLE_ESP
+		* gcc/config.in	Add ENABLE_CRTBEGINP, ENABLE_ESP
+		and ENABLE_ESP_SSP
 
 --- gcc/config.in	2009-04-21 11:08:08.000000000 +0200
 +++ gcc/config.in	2009-05-12 00:10:08.000000000 +0200
@@ -17,7 +18,7 @@
  /* Define to 1 to specify that we are using the BID decimal floating point
     format instead of DPD */
  #ifndef USED_FOR_TARGET
-@@ -65,6 +65,12 @@
+@@ -65,6 +65,18 @@
  #endif
  
  
@@ -27,6 +28,12 @@
 +#endif
 +
 +
++/* Define to 1 to enable esp. */
++#ifndef USED_FOR_TARGET
++#undef ENABLE_ESP_SSP
++#endif
++
++
  /* Define to 1 to enable fixed-point arithmetic extension to C. */
  #ifndef USED_FOR_TARGET
  #undef ENABLE_FIXED_POINT
diff --git a/gcc-4.7.0/piepatch/06_all_gcc45_esp.h.patch b/gcc-4.7.0/piepatch/06_all_gcc46_esp.h.patch
index c51e8b4..e11c910 100644
--- a/gcc-4.7.0/piepatch/06_all_gcc45_esp.h.patch
+++ b/gcc-4.7.0/piepatch/06_all_gcc46_esp.h.patch
@@ -1,13 +1,13 @@
-2011-12-05		Magnus Granberg		<zorry@gentoo.org>
+2012-04-03		Magnus Granberg		<zorry@gentoo.org>
 
 		* gcc/esp.h	New file to support --enable-esp
-		Version 20111205.1
+		Version 20120403.2
 
 --- gcc/esp.h	2010-04-09 16:14:00.000000000 +0200
 +++ gcc/esp.h	2010-04-29 21:30:47.000000000 +0200
 @@ -0,0 +1,145 @@
 +/* License terms see GNU GENERAL PUBLIC LICENSE Version 3.
-+ * Version 20111205.1
++ * Version 20120403.2
 + * Magnus Granberg (Zorry) <zorry@gentoo.org>  */
 +#ifndef GCC_ESP_H
 +#define GCC_ESP_H
@@ -57,7 +57,7 @@
 +
 +	/*  This will add -fstack-protector-all if we don't have -nostdlib -nodefaultlibs -fno-stack-protector -fstack-protector
 +		-fstack-protector-all and we have EFAULT_SSP or EFAULT_PIE_SSP defined.  */
-+	#if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP )
++	#if ( defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP ) ) && defined ( ENABLE_ESP_SSP )
 +		#define ESP_OPTIONS_SSP_SPEC \
 +			"%{!D__KERNEL__:%{!nostdlib:%{!nodefaultlibs: %{!fno-stack-protector: \
 +			%{!fstack-protector:%{!fstack-protector-all:-fstack-protector-all}}}}}}"
diff --git a/gcc-4.7.0/piepatch/README.Changelog b/gcc-4.7.0/piepatch/README.Changelog
index 1729b6a..b6252ed 100644
--- a/gcc-4.7.0/piepatch/README.Changelog
+++ b/gcc-4.7.0/piepatch/README.Changelog
@@ -1,15 +1,22 @@
+0.5.3 Magnus Granberg		<zorry@gentoo.org>
+
+		* gcc/configure			Clean up the checks and added
+			check for uclibc ssp support.
+		* gcc/config.in				Add define for ENABLE_ESP_SSP
+		* gcc/esp.h				Check for ENABLE_ESP_SSP
+
 0.5.2 Magnus Granberg		<zorry@gentoo.org>
 
-		* gcc/common.opt 				Add -nopie
+		* gcc/common.opt 			Add -nopie
 
 0.5.1 Magnus Granberg		<zorry@gentoo.org>
 
-		* configure					Bumped for 4.7.0 release
-		* gcc/configure				Bumped for 4.7.0 release and
+		* configure				Bumped for 4.7.0 release
+		* gcc/configure			Bumped for 4.7.0 release and
 			added some checks.
-		* gcc/Makefile					Bumped for 4.7.0 release
-		* gcc/gcc.c					Bumped for 4.7.0 release
-		* libgcc/Makefile				Bumped for 4.7.0 release
+		* gcc/Makefile				Bumped for 4.7.0 release
+		* gcc/gcc.c				Bumped for 4.7.0 release
+		* libgcc/Makefile			Bumped for 4.7.0 release
 
 0.5.0 Magnus Granberg		<zorry@gentoo.org>
 
diff --git a/gcc-4.7.0/piepatch/README.history b/gcc-4.7.0/piepatch/README.history
index 3c5a7b1..537cc48 100644
--- a/gcc-4.7.0/piepatch/README.history
+++ b/gcc-4.7.0/piepatch/README.history
@@ -1,3 +1,9 @@
+0.5.3		06 Apr 2012
+		U 01_all_gcc47_configure.patch
+		+ 02_all_gcc47_config.in.patch
+		- 02_all_gcc45_config.in.patch
+		+ 06_all_gcc46_esp.h.patch
+		- 06_all_gcc45_esp.h.patch
 0.5.2		24 Jan 2012
 		+ 16_all_gcc47_nopie_option.patch
 0.5.1		17 Jan 2012
author	Magnus Granberg <zorry@gentoo.org>	2012-04-08 14:33:17 +0200
committer	Magnus Granberg <zorry@gentoo.org>	2012-04-08 14:33:17 +0200
commit	a47328a2beadfa7ab70802444f0aabac82ede1b9 (patch)
tree	0689f57520cc5bf96c9a632847ed97a55a484f88
parent	piepatch 0.5.2 for gcc 4.7 (diff)
download	hardened-gccpatchset-a47328a2beadfa7ab70802444f0aabac82ede1b9.tar.gz hardened-gccpatchset-a47328a2beadfa7ab70802444f0aabac82ede1b9.tar.bz2 hardened-gccpatchset-a47328a2beadfa7ab70802444f0aabac82ede1b9.zip