diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2010-10-20 20:06:12 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2010-10-20 20:06:12 +0000 |
commit | 3e1613b949a65ae8d6c782334ecafb56cb3ba8d5 (patch) | |
tree | ec74e89f9730af751607353003312d5a7ab3f846 | |
parent | facc84c66328379eaa64b2643a309ead9eb50afe (diff) | |
download | aports-3e1613b949a65ae8d6c782334ecafb56cb3ba8d5.tar.bz2 aports-3e1613b949a65ae8d6c782334ecafb56cb3ba8d5.tar.xz |
main/gcc: enable ssp and pie
was disabled by mistake.
There was some issues with building last stage with PIE so we workaround by
removing -g from CFLAGS
-rw-r--r-- | main/gcc/APKBUILD | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/main/gcc/APKBUILD b/main/gcc/APKBUILD index f1a02c403f..b1260d5163 100644 --- a/main/gcc/APKBUILD +++ b/main/gcc/APKBUILD @@ -15,7 +15,7 @@ else _with_arch="i486" fi -pkgrel=5 +pkgrel=6 pkgdesc="The GNU Compiler Collection" url="http://gcc.gnu.org" license="GPL LGPL" @@ -30,7 +30,6 @@ source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-core-$pkgver.tar.bz2 09_all_gcc-4.5-Wtrampolines.patch 15_all_gcc-libgomp-no-werror.patch - 50_all_pr45312-kernel-miscompile.patch 51_all_gcc-3.4-libiberty-pic.patch gcc-spec-env.patch @@ -39,6 +38,7 @@ source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-core-$pkgver.tar.bz2 gcc-4.5-dynamic-linker.patch PR32219.patch " +# 50_all_pr45312-kernel-miscompile.patch _gccdir="$srcdir"/gcc-$pkgver prepare() { @@ -60,12 +60,26 @@ prepare() { ;; esac done - sed -i 's/use_fixproto=yes/:/' gcc/config.gcc #PR33200 + + #PR33200 + sed -i 's/use_fixproto=yes/:/' gcc/config.gcc || return 1 + + # enable hardened cflags by default + local _hard_cflags="-DEFAULT_PIE_SSP -DEFAULT_RELRO -DEFAULT_BIND_NOW" + sed -e "/^ALL_CFLAGS/iHARD_CFLAGS = ${_hard_cflags}" \ + -e 's|^ALL_CFLAGS = |ALL_CFLAGS = $(HARD_CFLAGS) |' \ + -i gcc/Makefile.in || return 1 + # in stage3 building insn-attrtab.o seems to run out of some kind + # of resource. This doesnt happen in earlier stages due to PIE is + # not enabled. It seems to also help to disable debug so we do so. + sed -e '/^BOOT_CFLAGS/s/-g//' \ + -i Makefile.in || return 1 } build() { cd "$_gccdir" echo ${pkgver} > gcc/BASE-VER + export CFLAGS="-fno-stack-protector" mkdir build cd build ../configure --prefix=/usr \ @@ -84,7 +98,7 @@ build() { --disable-werror \ --enable-__cxa_atexit \ --enable-cld \ - --enable-espf \ + --enable-esp \ --enable-languages=c,c++,objc \ --enable-shared \ --enable-target-optspace \ @@ -97,7 +111,6 @@ build() { --with-system-zlib \ --without-system-libunwind - make || return 1 } @@ -169,7 +182,6 @@ b294953ff0bb2f20c7acb2bf005d832a gcc-g++-4.5.1.tar.bz2 441c76504e1d97170117c294e65c7a72 gcc-4.4.3-specs-0.2.0.tar.bz2 ab090760506eb70aa4436a349c6bd788 09_all_gcc-4.5-Wtrampolines.patch 1c00bd9d12891a3e2311b32b98deb6fa 15_all_gcc-libgomp-no-werror.patch -01d331b786b4884b8a2663ea5f921b71 50_all_pr45312-kernel-miscompile.patch 45951dd3bbc979c9e043c7203745cf31 51_all_gcc-3.4-libiberty-pic.patch c4045bfa85d8be780affd465be9d8ca8 gcc-spec-env.patch 2db1e3482c5dd59dab70f701afa2ca80 pt_gnu_eh_frame.patch |