aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2014-03-25 09:01:40 +0000
committerTimo Teräs <timo.teras@iki.fi>2014-03-25 09:03:38 +0000
commite89835b7d45a362bc47fee45c68102683921a761 (patch)
tree0525474f0fefba2cfe3e27705aa685ce854065f7
parent004e11501ed52ff496278931517fe3f2db08b267 (diff)
downloadaports-e89835b7d45a362bc47fee45c68102683921a761.tar.bz2
aports-e89835b7d45a362bc47fee45c68102683921a761.tar.xz
main/gcc: enable relro by default
ref #2614
-rw-r--r--main/gcc/41_all_gcc48_config_esp_relro.patch30
-rw-r--r--main/gcc/APKBUILD50
-rw-r--r--main/gcc/hardenednopie.specs12
-rw-r--r--main/gcc/hardenednopiessp.specs4
-rw-r--r--main/gcc/hardenednossp.specs6
-rw-r--r--main/gcc/vanilla.specs11
6 files changed, 96 insertions, 17 deletions
diff --git a/main/gcc/41_all_gcc48_config_esp_relro.patch b/main/gcc/41_all_gcc48_config_esp_relro.patch
new file mode 100644
index 0000000000..3d6630299e
--- /dev/null
+++ b/main/gcc/41_all_gcc48_config_esp_relro.patch
@@ -0,0 +1,30 @@
+--- gcc-4.8.2/gcc/config/esp.h.orig 2014-03-25 08:25:41.665838981 +0000
++++ gcc-4.8.2/gcc/config/esp.h 2014-03-25 08:28:24.415497899 +0000
+@@ -4,7 +4,7 @@
+ #ifndef GCC_ESP_H
+ #define GCC_ESP_H
+
+-/* This file will add -fstack-protector-all, -fPIE, -pie and -z now
++/* This file will add -fstack-protector-all, -fPIE, -pie, -z now and -z relro
+ as default if the defines and the spec allow it.
+ Added a hack for gcc-specs-* in toolchain-funcs.eclass and _filter-hardened in flag-o-matic.eclass
+ to support older hardened GCC patches and we don't need to change the code on gcc-specs-* and _filter-hardened.
+@@ -34,8 +34,9 @@
+ /* ESP_LINK_SPEC is added to LINK_PIE_SPEC if esp is enable
+ -z now will be added if we don't have -vanilla spec. We do a -pie incompatible check
+ Don't remove the specs in the end */
+- #define ESP_LINK_SPEC "%(esp_link_now) %(esp_link_pie_check) "
++ #define ESP_LINK_SPEC "%(esp_link_now) %(esp_link_relro) %(esp_link_pie_check) "
+ #define ESP_LINK_NOW_SPEC "%{!nonow:-z now}"
++ #define ESP_LINK_RELRO_SPEC "%{!norelro:-z relro}"
+
+ /* We use ESP_ESP_DRIVER_SELF_SPEC to add pie and ssp command-line options. */
+ #define ESP_DRIVER_SELF_SPEC "%{D__KERNEL__:;:%{!nopie:%(esp_options_pie) \
+@@ -114,6 +115,7 @@
+ { "esp_cc1_strict_overflow", ESP_CC1_STRICT_OVERFLOW_SPEC }, \
+ { "esp_link", ESP_LINK_SPEC }, \
+ { "esp_link_now", ESP_LINK_NOW_SPEC }, \
++ { "esp_link_relro", ESP_LINK_RELRO_SPEC }, \
+ { "esp_link_pie", ESP_LINK_PIE_SPEC }, \
+ { "esp_link_pie_check", ESP_LINK_PIE_CHECK_SPEC }, \
+ { "esp_driver_self", ESP_DRIVER_SELF_SPEC }, \
diff --git a/main/gcc/APKBUILD b/main/gcc/APKBUILD
index 206cc4dec1..cba71842c9 100644
--- a/main/gcc/APKBUILD
+++ b/main/gcc/APKBUILD
@@ -1,10 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gcc
pkgver=4.8.2
-_pie_gcc_ver=4.8.1
-_piepatchver=0.5.7
-_specs_ver=0.2.0
-_specs_gcc_ver=4.4.3
_uclibc_abiver=0.9.32
_cross=""
[ "$BOOTSTRAP" = "noheaders" ] && pkgname="gcc-pass1"
@@ -13,7 +9,7 @@ _cross=""
&& _cross="-$CTARGET"
pkgname="$pkgname$_cross"
-pkgrel=5
+pkgrel=6
pkgdesc="The GNU Compiler Collection"
url="http://gcc.gnu.org"
arch="all"
@@ -144,7 +140,6 @@ if $LANG_ADA; then
fi
source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-$pkgver.tar.bz2
- http://distfiles.gentoo.org/distfiles/gcc-$_specs_gcc_ver-specs-$_specs_ver.tar.bz2
ftp://sourceware.org/pub/java/ecj-latest.jar
01_all_gcc48_configure.patch
@@ -157,6 +152,7 @@ source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-$pkgver.tar.bz2
34_all_gcc48_config_i386.patch
35_all_gcc48_config_arm.patch
40_all_gcc48_config_esp.patch
+ 41_all_gcc48_config_esp_relro.patch
12_all_default-warn-trampolines.patch
15_all_libgfortran-Werror.patch
@@ -193,6 +189,11 @@ source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-$pkgver.tar.bz2
ada-crossbuild.patch
ada-shared.patch
ada-musl.patch
+
+ vanilla.specs
+ hardenednossp.specs
+ hardenednopie.specs
+ hardenednopiessp.specs
"
# we build out-of-tree
@@ -237,7 +238,7 @@ prepare() {
# building gcc wih PIE seem to hit some strange bug. we probably run
# out of some resource. so we disable PIE for gcc while enabling it
# by default for everything else.
- local _hard_cflags="-DEFAULT_PIE_SSP -DEFAULT_RELRO -DEFAULT_BIND_NOW"
+ local _hard_cflags="-DEFAULT_PIE_SSP"
sed -e "/^ALL_CFLAGS/iHARD_CFLAGS = ${_hard_cflags}" \
-e 's|^ALL_CFLAGS = |ALL_CFLAGS = $(HARD_CFLAGS) |' \
-e 's|^ALL_CXXFLAGS = |ALL_CXXFLAGS = $(HARD_CFLAGS) |' \
@@ -370,10 +371,13 @@ package() {
rm -f "$pkgdir"/usr/lib/libiberty.a
# install the specs
- cd "$srcdir"/specs
- install -d "$pkgdir"/$_gcclibdir
- for i in *.specs; do
- install -m644 $i "$pkgdir"/$_gcclibdir/$i || return 1
+ local i
+ for i in $source; do
+ case "$i" in
+ *.specs)
+ install -m644 "$srcdir"/$i "$pkgdir"/$_gcclibdir/$i || return 1
+ ;;
+ esac
done
# we dont support gcj -static
@@ -645,7 +649,6 @@ gnat() {
}
md5sums="a3d7d63b9cb6b6ea049469a0c4a43c9d gcc-4.8.2.tar.bz2
-441c76504e1d97170117c294e65c7a72 gcc-4.4.3-specs-0.2.0.tar.bz2
d7cd6a27c8801e66cbaa964a039ecfdb ecj-latest.jar
485b2b9da364ad700f25de1c64d9cd06 01_all_gcc48_configure.patch
2a8d6a9046efc9f44449b012cf12d7fd 02_all_gcc48_config.in.patch
@@ -657,6 +660,7 @@ ad7dbd7ac3fdcfb30d430b1d6069816f 20_all_gcc46_config_crtbeginp.patch
b0910da9f2eb4fe6a684e680f6336491 34_all_gcc48_config_i386.patch
adcc78e93f54b80210bc436041c1a6e7 35_all_gcc48_config_arm.patch
4a3b0066ea21f5435ae51ddeb37ac173 40_all_gcc48_config_esp.patch
+8aab4963bceaee4d4448821bc7e1bbba 41_all_gcc48_config_esp_relro.patch
f28e9334c58ce14f69a9e988026bc772 12_all_default-warn-trampolines.patch
7eb9ad894dfdf1b3d4a8a407a339a6f1 15_all_libgfortran-Werror.patch
452e457a0ac45e6f8f75eb6d6ba4d04b 16_all_libgomp-Werror.patch
@@ -689,9 +693,12 @@ e17bbb0fe802974e20645b4182b4c410 fix-gcj-iconv-musl.patch
2b4235111d2e66f2c690eb340cb4178b ada-fixes.patch
d77c99bf7c03d082a540aaba1193be40 ada-crossbuild.patch
20e2731c02ce50739ebdead2795f9c41 ada-shared.patch
-4e47bdae120129462244da0d89a573b3 ada-musl.patch"
+4e47bdae120129462244da0d89a573b3 ada-musl.patch
+a2f435d81e872a73a8b44a4581832af0 vanilla.specs
+17a31b8580de9dd9c06a1ed96886d538 hardenednossp.specs
+33ce2d221828a2d03978da52ba609524 hardenednopie.specs
+5c431710b72c6ec16ed21bcca83d9f87 hardenednopiessp.specs"
sha256sums="09dc2276c73424bbbfda1dbddc62bbbf900c9f185acf7f3e1d773ce2d7e3cdc8 gcc-4.8.2.tar.bz2
-f6c7cb99beead66dd4d06f7004c5731a9360330cbe878ce79792c618e008eed2 gcc-4.4.3-specs-0.2.0.tar.bz2
98fd128f1d374d9e42fd9d4836bdd249c6d511ebc6c0df17fbc1b9df96c3d781 ecj-latest.jar
8dee116f723861166cfd137d5cc457e0c11fb2be8b1271e199b41e02bf70a102 01_all_gcc48_configure.patch
f301cce95609650f57c5212b38daf5288b4e7c5fa37ae2892664d4c8ceaadfbf 02_all_gcc48_config.in.patch
@@ -703,6 +710,7 @@ f301cce95609650f57c5212b38daf5288b4e7c5fa37ae2892664d4c8ceaadfbf 02_all_gcc48_c
150f17367d7f514fda9e0aac283e059b190a2251d7d9dfa2b5686b2bdc67b725 34_all_gcc48_config_i386.patch
48e22b2794ae70985c418832f7845814d65e78abcf56d38205db4b760a1c5ffa 35_all_gcc48_config_arm.patch
ff8c8d8f3f1444e274fb384859896e327101378fbace92c0ee65f02dd14503f1 40_all_gcc48_config_esp.patch
+11f1307cd8a0b2619ec9409a382ac63326c23abf8f9db429a167aa70d38c17b2 41_all_gcc48_config_esp_relro.patch
ce7774aa13be5da274220258772ccbdd6f54abdad97a3798ba282865c809f042 12_all_default-warn-trampolines.patch
8b1450d5a7756af2b890588005690785a663601e2b1533671b609aa8cce0f718 15_all_libgfortran-Werror.patch
1f106fe03cede7c697bde7d81732e0d3bb2c7197e4967789182a5fd8db532900 16_all_libgomp-Werror.patch
@@ -735,9 +743,12 @@ de3c8606015ebda0dc574f904aa4d23c44c5e261b34dce2ef4d08eed21cb99b9 ada-no-pie.pat
ca0db7f59e7af0c621751eee9e3775d4c00c4b663f82f9e04c53a2efb16edca1 ada-fixes.patch
324524490c60d84ef040f79589e0f93fbaeb253dbe031484afaf963b881047e9 ada-crossbuild.patch
d6c7fc1820a4fa285297c299c255fe2f19ce1695486f20edd098252a97545e6a ada-shared.patch
-f20c34f3e0a1bf717f5e22fd66b57c8b69f0411d063203c017ed8209f349e1d4 ada-musl.patch"
+f20c34f3e0a1bf717f5e22fd66b57c8b69f0411d063203c017ed8209f349e1d4 ada-musl.patch
+1315d4c430b4d81c61d14a252d7681125fd7d79fde457c014c18c62c4f1aa1de vanilla.specs
+50a46bb1c4d209ce687d13e74cc9e4e0b87cef4a8165d22fb9be243c9cf08374 hardenednossp.specs
+8eccfcf282fb54aadede7c23a8b5b843c0a63a55485e74d4332ab49025d38e78 hardenednopie.specs
+af85685ff501f5e0eaaa394628365425486dafe4780f0f683a4536ab60173cdf hardenednopiessp.specs"
sha512sums="2a3927481707b3bb7171076b596d9b69084edac82460df6fb35395592dd1e8fc5665577702ca746d5b454dec68b1c4e31b9de6adc9865d482f4b8736ec648b10 gcc-4.8.2.tar.bz2
-779ecb0a064d2138b54569c8ae501975b8a6b72e5a3acbf8597619a8db77ee42ef9b0e62608d5192a15e4393e7dfc009bb50b994782236faa744b2c46b5fe517 gcc-4.4.3-specs-0.2.0.tar.bz2
d4e1bf7538ace56e3d69fa91da5bbd16c272923b4de0a9d8dee23ea2b75f9f38c603de72fc4061df49285c450b63f3df211cee5270e9fffc5447445d1a9c9e4e ecj-latest.jar
da16931bd0103388991cfc932540a1641ee3b81c10184baefa1e6a90061f0910efedc1118e45eb4a65a34965315d12a3ff2802a2058b31c8f57fa4f3655f8eee 01_all_gcc48_configure.patch
21770259c7916e55568027926e4a543eea468b04436cc61c28f749be5a6635c48e68b7924a8eb19a76733a9d2f00921ba06faddaedbf14b1cdad5ab1810cc6c6 02_all_gcc48_config.in.patch
@@ -749,6 +760,7 @@ b0dd448e25d4ca8313eb2004b2bb020d5e1c0ff51d347686312625d1102093ba95a3b1267b4ec10b
dd5b9b30eb7716cb3c010ca79a83ed6219ff6e6f2557deb4e1d26cecac0f2b14c4ef7bf4dc5c2aec88aae5463763f5f64454b8a627ebd1d0a5c92984017025ad 34_all_gcc48_config_i386.patch
8829f85323d8b11e26e3c19ced4a51875fc63f1483cfdc4d0f579a6cb37e1b6e23fcf33a87a574a6e0007250374ea46d117a136e73a40fbe43f0e39d9b2dd1a8 35_all_gcc48_config_arm.patch
a476a0163563c393557c30ea326a168d5ef88d88e8ca38dcacb0d29b7eed7ebcc283ab8d64fb5a34b0b2b20d1fd0075b33d4a1651a1f185f8475014a6d3ff983 40_all_gcc48_config_esp.patch
+f8428d88409e6c630d5cf4ddb932e7cdc9e1aeb97c9a09f82efe4a1c168937e58b55114f6afdd726e38b08898b6d9bf3c28361e445a1b51c14852124a71b96b9 41_all_gcc48_config_esp_relro.patch
5069e4b741488913a646a9b5d871af8e7f7a606158ea09305d0ddd46257c5b659770627bc2ca3abeaae039da1717b3ba6c9cd90554a441da74eb4ecf24c13074 12_all_default-warn-trampolines.patch
c18a99b7303a734fe4dca9d4e90e21d18e5bd71c7d91e1a26c86b1354c73f567590a875941bfe64ce59f0393023b91c606c96b30885c55b98a790c3ab0c84ca7 15_all_libgfortran-Werror.patch
433404fd9bfa172d69fff4a5505e8648cbbbf5f052d2b4235608ff7af0c4063d557d25d80c85c5bd0d1e1ed64b568e7bbc0cdbce11cc74db4c0189af3a01634a 16_all_libgomp-Werror.patch
@@ -781,4 +793,8 @@ c731f4aaaa65c8950e1b2bd9331410f92d378fd8c7e718532dccaa27ee11984d51d74216c3611e89
b37195a126476775e2ef16e0adc9173664c514339fb319f628debd8a4133fa53e022278387c68fc260cf813e58602617e9e629ea8177133bfdf5972398fe1c55 ada-fixes.patch
4d411563f6a3ea06bc3a1f4fa77d10250cc275e2496df6039d93f9b2229bc1f5334e484494dbd08881cf046f98aaca8bdddaa6b4a8f947b936d0bdc9e91f2f2b ada-crossbuild.patch
3f5bc334d9f73d06f5f7c876738d02356acdd08958bea0e4d2095ebf15c2c2ec4e411abdae0297505ae9a1699ca01b17338e853184e84663203b192b0d35fc19 ada-shared.patch
-7f6dc922a2c80b1c8c5ed0b6d6e4c1e672984f54bb217f28517929af129892e42c45f7aea4b9c50d8bbc008384b7ae19e1475c79f08b78775709720fe317c8f3 ada-musl.patch"
+7f6dc922a2c80b1c8c5ed0b6d6e4c1e672984f54bb217f28517929af129892e42c45f7aea4b9c50d8bbc008384b7ae19e1475c79f08b78775709720fe317c8f3 ada-musl.patch
+83a0996a48096032bcc674a6d28524f1cd2d81837621ebe4c15b5aedbd551c77ce5576b6307adb673ef0e4ac0431d935ad6a427edca2af5c21b6be9176bfaddb vanilla.specs
+e4d38905527c500c61c421d782a8ac6ef2b034b15fd81d868486ac330a70922937d3c47e0684e9f3250744569b56a8df199499a4a5c107a6d544dca84458dc12 hardenednossp.specs
+b56f7c308c5aefd0cfc647abd75939508a6640c53fce7c19da7c7d8ef4405d29b0d88800117fc7ff8d0022b035d511fb6d478e745bb2ed12a1b63f9f8cf3e168 hardenednopie.specs
+f5ac7282201006548ed2bd835234af64d6f79f13f0b9a3410f5c794537e0ea91601361ae72180f49870b6b0f9af5f16002c86660feb94df346b9b1d9602e9d3a hardenednopiessp.specs"
diff --git a/main/gcc/hardenednopie.specs b/main/gcc/hardenednopie.specs
new file mode 100644
index 0000000000..ccc4d76437
--- /dev/null
+++ b/main/gcc/hardenednopie.specs
@@ -0,0 +1,12 @@
+*esp_cc1_pie:
+
+
+*esp_options_pie:
+
+
+*esp_link_pie_check:
+
+
+*esp_link_pie:
+
+
diff --git a/main/gcc/hardenednopiessp.specs b/main/gcc/hardenednopiessp.specs
new file mode 100644
index 0000000000..307abbdaaf
--- /dev/null
+++ b/main/gcc/hardenednopiessp.specs
@@ -0,0 +1,4 @@
+%include <hardenednossp.specs>
+%include <hardenednopie.specs>
+
+
diff --git a/main/gcc/hardenednossp.specs b/main/gcc/hardenednossp.specs
new file mode 100644
index 0000000000..2c6a8d0953
--- /dev/null
+++ b/main/gcc/hardenednossp.specs
@@ -0,0 +1,6 @@
+*esp_cc1_ssp:
+
+
+*esp_options_ssp:
+
+
diff --git a/main/gcc/vanilla.specs b/main/gcc/vanilla.specs
new file mode 100644
index 0000000000..545699de36
--- /dev/null
+++ b/main/gcc/vanilla.specs
@@ -0,0 +1,11 @@
+%include <hardenednossp.specs>
+%include <hardenednopie.specs>
+*esp_link_now:
+
+
+*esp_link_relro:
+
+
+*esp_cc1_strict_overflow:
+
+