aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMagnus Granberg <zorry@gentoo.org>2012-04-08 14:36:28 +0200
committerMagnus Granberg <zorry@gentoo.org>2012-04-08 14:36:28 +0200
commit9f286ca40bcefa89d281475687529dfc081856cf (patch)
treee8e5504eda6364696545ad1c534267984087db36
parentUpdate 4.6 and 4.7 (diff)
downloadhardened-gccpatchset-9f286ca40bcefa89d281475687529dfc081856cf.tar.gz
hardened-gccpatchset-9f286ca40bcefa89d281475687529dfc081856cf.tar.bz2
hardened-gccpatchset-9f286ca40bcefa89d281475687529dfc081856cf.zip
Updated configure.ac patch for upstream
-rw-r--r--upstream/configure.ac.patch233
1 files changed, 115 insertions, 118 deletions
diff --git a/upstream/configure.ac.patch b/upstream/configure.ac.patch
index b08edcc..86bab05 100644
--- a/upstream/configure.ac.patch
+++ b/upstream/configure.ac.patch
@@ -1,25 +1,18 @@
-2011-06-24 Magnus Granberg <zorry@gentoo.org>
-
- * configure Add --enable-espf. Add -fno-stack-protector
- to stage1_cflags.
- * gcc/configure.ac Add --enable-espf and checks for it.
-
---- a/configure.ac 2011-04-18 23:27:00.000000000 +0200
-+++ b/configure.ac 2011-04-27 12:47:11.351473240 +0200
-@@ -419,6 +419,25 @@
+--- a/configure.ac 2011-11-29 22:36:43.000000000 +0100
++++ b/configure.ac 2011-12-07 23:29:26.125712475 +0100
+@@ -419,6 +419,24 @@ if test "${ENABLE_LIBADA}" != "yes" ; th
noconfigdirs="$noconfigdirs gnattools"
fi
+# Check whether --enable-espf was given and target have the support.
+AC_ARG_ENABLE([espf],
+[AS_HELP_STRING([--enable-espf],
-+ [Enable Stack protector, Position independent executable and
-+ Fortify_sources as default if we have suppot for it when compiling
-+ and link with -z relro and -z now as default.
-+ Linux targets supported x86_64.])],
++ [Enable Stack protector, Position independent executable as
++ default if we have suppot for it when compiling.
++ Linux targets supported i*86, x86_64 and x86_x32.])],
+[
+ case $target in
-+ i?86*-*-linux* | x86_64*-*-linux* | x86_x32*-*-linux | powerpc-*-linux* | powerpc64-*-linux* | arm*-*-linux* | ia64-*-linux*)
++ i?86*-*-linux* | x86_??*-*-linux*)
+ enable_espf=yes
+ ;;
+ *)
@@ -32,23 +25,25 @@
AC_ARG_ENABLE(libssp,
[AS_HELP_STRING([--enable-libssp], [build libssp directory])],
ENABLE_LIBSSP=$enableval,
-@@ -3152,6 +3171,10 @@
- esac ;;
- esac
+@@ -3211,6 +3230,11 @@ if test "$GCC" = yes -a "$ENABLE_BUILD_W
+ CFLAGS="$saved_CFLAGS"
+ fi
+# Disable -fstack-protector on stage1
+if test x$enable_espf = xyes; then
+ stage1_cflags="$stage1_cflags -fno-stack-protector"
+fi
- # This is aimed to mimic bootstrap with a non-GCC compiler to catch problems.
- if test "$GCC" = yes -a "$ENABLE_BUILD_WITH_CXX" != yes; then
- saved_CFLAGS="$CFLAGS"
---- a/gcc/configure.ac 2011-04-13 19:12:53.000000000 +0200
-+++ b/gcc/configure.ac 2011-06-24 03:17:07.448179335 +0200
-@@ -4515,6 +4515,145 @@
- AC_SUBST(MAINT)dnl
++
+ AC_SUBST(stage1_cflags)
+
+ # Enable --enable-checking in stage1 of the compiler.
+--- a/gcc/configure.ac 2011-11-18 11:52:32.000000000 +0100
++++ b/gcc/configure.ac 2012-04-04 16:18:00.269968226 +0200
+@@ -5130,6 +5146,148 @@ if test x"${LINKER_HASH_STYLE}" != x; th
+ [The linker hash style])
+ fi
- # --------------
++# --------------
+# Espf checks
+# --------------
+
@@ -56,16 +51,15 @@
+AC_ARG_ENABLE([espf],
+[AS_HELP_STRING([--enable-espf],
+ [Enable Stack protector, Position independent executable and
-+ Fortify_sources as default if we have suppot for it when compiling
-+ and link with -z relro and -z now as default.
-+ Linux targets supported x86_64])],
++ Fortify_sources as default if we have suppot for it when compiling.
++ Linux targets supported i*86, x86_64, and x86_x32.])],
+ set_enable_espf=$enableval,
+ set_enable_espf=no)
+if test $set_enable_espf = yes ; then
+ AC_MSG_CHECKING(if $target support espf)
+if test $set_enable_espf = yes ; then
+ case "$target" in
-+ ?86-*-linux* | x86_64-*-linux*)
++ i?86*-*-linux* | x86_??*-*-linux*)
+ enable_espf=yes
+ AC_DEFINE(ENABLE_ESPF, 1,
+ [Define if your target support espf and you have enable it.])
@@ -82,112 +76,115 @@
+AC_SUBST([enable_espf])
+if test $enable_espf = yes ; then
+
-+ AC_CACHE_CHECK(linker -z relro support,
-+ gcc_cv_ld_relro,
-+ [gcc_cv_ld_relro=no
-+ if test $in_tree_ld = yes ; then
-+ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \
-+ && test $in_tree_ld_is_elf = yes; then
-+ gcc_cv_ld_relro=yes
-+ fi
-+ elif test x$gcc_cv_ld != x; then
-+ # Check if linker supports -z relro options
-+ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then
-+ gcc_cv_ld_relro=yes
-+ fi
-+ fi
-+ ])
-+
-+ AC_CACHE_CHECK(linker -z now support,
-+ gcc_cv_ld_now,
-+ [gcc_cv_ld_now=no
-+ if test $in_tree_ld = yes ; then
-+ if test "$gcc_cv_gld_major_version" -eq 2 -a "$gcc_cv_gld_minor_version" -ge 16 -o "$gcc_cv_gld_major_version" -gt 2 \
-+ && test $in_tree_ld_is_elf = yes; then
-+ gcc_cv_ld_now=yes
-+ fi
-+ elif test x$gcc_cv_ld != x; then
-+ # Check if linker supports -z now options
-+ if $gcc_cv_ld --help 2>/dev/null | grep now > /dev/null; then
-+ gcc_cv_ld_now=yes
-+ fi
-+ fi
-+ ])
-+
+# Check for FORTIFY_SOURCES support in target C library.
-+AC_CACHE_CHECK(for _FORTIFY_SOURCES support in target C library,
-+ gcc_cv_libc_provides_fortify,
-+ [gcc_cv_libc_provides_fortify=no
++ AC_CACHE_CHECK(for _FORTIFY_SOURCES support in target C library,
++ gcc_cv_libc_provides_fortify,
++ [gcc_cv_libc_provides_fortify=no
+ case "$target" in
-+ *-*-linux*)
-+ [# glibc 2.8 and later provides _FORTIFY_SOURCES.
-+ if test -f $target_header_dir/features.h; then
-+ if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \
-+ $target_header_dir/features.h > /dev/null \
-+ && $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]|[8-9])' \
++ *-*-linux*)
++ [# glibc 2.8 and later provides _FORTIFY_SOURCES.
++ # uClibc 0.9.32 and later provides _FORTIFY_SOURCES.
++ if test -f $target_header_dir/features.h; then
++ if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \
++ $target_header_dir/features.h > /dev/null \
++ && $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]|[8-9])' \
++ $target_header_dir/features.h > /dev/null; then
++ gcc_cv_libc_provides_fortify=yes
++ elif $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]+1' \
+ $target_header_dir/features.h > /dev/null; then
-+ gcc_cv_libc_provides_fortify=yes
-+ elif $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]' \
-+ $target_header_dir/features.h > /dev/null ; then
-+ gcc_cv_libc_provides_fortify=no
-+ fi
-+ fi]
-+ ;;
-+ *) gcc_cv_libc_provides_fortify=no ;;
++ if test -f $target_header_dir/bits/uClibc_config.h && \
++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_SUBLEVEL__[ ]+([3-9][2-9]|[4-9][0-9])' \
++ $target_header_dir/bits/uClibc_config.h > /dev/null; then
++ gcc_cv_libc_provides_fortify=yes
++ else
++ gcc_cv_libc_provides_fortify=no
++ fi
++ fi
++ fi]
++ ;;
++ *) gcc_cv_libc_provides_fortify=no ;;
+ esac])
+
-+ AC_MSG_CHECKING(if the compiler default to use -fPIE and link with -pie)
-+ if test $set_enable_espf = yes && test x"$gcc_cv_ld_pie" = xyes; then
-+ enable_espf_pie=yes
++ AC_MSG_CHECKING(if we can default to use -fPIE and link with -pie)
++ if test x$gcc_cv_ld_pie = xyes; then
++ saved_LDFLAGS="$LDFLAGS"
++ saved_CFLAGS="$CFLAGS"
++ CFLAGS="$CFLAGS -fPIE -Werror"
++ LDFLAGS="$LDFLAGS -fPIE -pie"
++ AC_TRY_LINK(,,
++ [AC_MSG_RESULT([yes]); enable_espf_pie=yes],
++ [AC_MSG_RESULT([no]); enable_espf_pie=no])
++ LDFLAGS="$saved_LDFLAGS"
++ CFLAGS="$saved_CFLAGS"
++ else
++ AC_MSG_RESULT([no])
++ enable_espf_pie=no
++ fi
++
++ if test $enable_espf_pie = yes ; then
+ AC_DEFINE(ENABLE_ESPF_PIE, 1,
+ [Define if your compiler will default to use -fPIE and link with -pie.])
++ fi
++
++ AC_MSG_CHECKING(if we can default to use -fstack-protector)
++ ssp_link_test=no
++ if test x$gcc_cv_libc_provides_ssp = xyes && test x$set_have_as_tls = yes; then
++ if $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC__[ ]+1' \
++ $target_header_dir/features.h > /dev/null; then
++ if test -f $target_header_dir/bits/uClibc_config.h && \
++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_SUBLEVEL__[ ]+([3-9][2-9]|[4-9][0-9])' \
++ $target_header_dir/bits/uClibc_config.h > /dev/null && \
++ $EGREP '^[ ]*#[ ]*define[ ]+__UCLIBC_HAS_TLS__[ ]+1' \
++ $target_header_dir/bits/uClibc_config.h > /dev/null; then
++ ssp_link_test=yes
++ fi
++ else
++ ssp_link_test=yes
++ fi
++ fi
++ if test x$ssp_link_test=xyes ; then
++ saved_CFLAGS="$CFLAGS"
++ CFLAGS="$CFLAGS -O2 -fstack-protector -Werror"
++ AC_TRY_LINK(,,
++ [AC_MSG_RESULT([yes]); enable_espf_ssp=yes],
++ [AC_MSG_RESULT([no]); enable_espf_ssp=no])
++ CFLAGS="$saved_CFLAGS"
+ else
-+ enable_espf_pie=no
++ AC_MSG_RESULT([no])
++ enable_espf_ssp=no
+ fi
-+ AC_MSG_RESULT($enable_espf_pie)
-+AC_MSG_CHECKING(if the compiler default to use -fstack-protector)
-+ if test $set_enable_espf = yes && test x$gcc_cv_libc_provides_ssp = xyes \
-+ && test $set_have_as_tls = yes ; then
-+ enable_espf_ssp=yes
++ if test $enable_espf_ssp = yes ; then
+ AC_DEFINE(ENABLE_ESPF_SSP, 1,
+ [Define if your compiler will default to use -fstack-protector.])
-+ else
-+ enable_espf_ssp=no
+ fi
-+ AC_MSG_RESULT($enable_espf_ssp)
+
-+AC_MSG_CHECKING(if the compiler default to use -D_FORTIFY_SOURCES=2)
-+ if test $set_enable_espf = yes && test x$gcc_cv_libc_provides_fortify = xyes; then
-+ enable_espf_fortify=yes
++ AC_MSG_CHECKING(if we can default to use -D_FORTIFY_SOURCES=2)
++ if test x$gcc_cv_libc_provides_fortify = xyes; then
++ saved_CFLAGS="$CFLAGS"
++ saved_CPPFLAGS="$CPPFLAGS"
++ CFLAGS="$CFLAGS -O2 -Werror"
++ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCES=2"
++ AC_TRY_LINK([
++ #include <sys/types.h>
++ #include <sys/stat.h>
++ #include <fcntl.h>
++ ],[
++ open ("/tmp/foo", O_WRONLY | O_CREAT);
++ ],
++ [AC_MSG_RESULT([no]); enable_espf_fortify=no],
++ [AC_MSG_RESULT([yes]); enable_espf_fortify=yes])
++ CFLAGS="$saved_CFLAGS"
++ CPPFLAGS="$saved_CPPFLAGS"
++ else
++ [AC_MSG_RESULT([no]); enable_espf_fortify=no]
++ fi
++ if test x$enable_espf_fortify = xyes ; then
+ AC_DEFINE(ENABLE_ESPF_FORTIFY, 1,
+ [Define if your compiler will default to use -D_FORTIFY_SOURCES=2.])
-+ else
-+ enable_espf_fortify=no
+ fi
-+ AC_MSG_RESULT($enable_espf_fortify)
+
-+ AC_MSG_CHECKING(if the compiler will pass -z relro to the linker)
-+ if test $set_enable_espf = yes && test x$gcc_cv_ld_relro = xyes; then
-+ enable_espf_relro=yes
-+ AC_DEFINE(ENABLE_ESPF_RELRO, 1,
-+ [Define if your compiler will pass -z relro to the linker.])
-+ else
-+ enable_espf_relro=no
-+ fi
-+ AC_MSG_RESULT($enable_espf_relro)
-+
-+ AC_MSG_CHECKING(if the compiler will pass -z now to the linker)
-+ if test $set_enable_espf = yes && test x$gcc_cv_ld_now = xyes; then
-+ enable_espf_now=yes
-+ AC_DEFINE(ENABLE_ESPF_NOW, 1,
-+ [Define if your compiler will pass -z now to the linker.])
-+ else
-+ enable_espf_now=no
-+ fi
-+ AC_MSG_RESULT($enable_espf_now)
+fi
+
-+# --------------
- # Language hooks
- # --------------
+ # Configure the subdirectories
+ # AC_CONFIG_SUBDIRS($subdirs)