1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
--- gcc-4.8.2/gcc/config/esp.h.orig 2014-03-25 08:25:41.665838981 +0000
+++ gcc-4.8.2/gcc/config/esp.h 2014-03-25 08:28:24.415497899 +0000
@@ -4,7 +4,7 @@
#ifndef GCC_ESP_H
#define GCC_ESP_H
-/* This file will add -fstack-protector-all, -fPIE, -pie and -z now
+/* This file will add -fstack-protector-all, -fPIE, -pie, -z now and -z relro
as default if the defines and the spec allow it.
Added a hack for gcc-specs-* in toolchain-funcs.eclass and _filter-hardened in flag-o-matic.eclass
to support older hardened GCC patches and we don't need to change the code on gcc-specs-* and _filter-hardened.
@@ -34,8 +34,9 @@
/* ESP_LINK_SPEC is added to LINK_PIE_SPEC if esp is enable
-z now will be added if we don't have -vanilla spec. We do a -pie incompatible check
Don't remove the specs in the end */
- #define ESP_LINK_SPEC "%(esp_link_now) %(esp_link_pie_check) "
+ #define ESP_LINK_SPEC "%(esp_link_now) %(esp_link_relro) %(esp_link_pie_check) "
#define ESP_LINK_NOW_SPEC "%{!nonow:-z now}"
+ #define ESP_LINK_RELRO_SPEC "%{!norelro:-z relro}"
/* We use ESP_ESP_DRIVER_SELF_SPEC to add pie and ssp command-line options. */
#define ESP_DRIVER_SELF_SPEC "%{D__KERNEL__:;:%{!nopie:%(esp_options_pie) \
@@ -114,6 +115,7 @@
{ "esp_cc1_strict_overflow", ESP_CC1_STRICT_OVERFLOW_SPEC }, \
{ "esp_link", ESP_LINK_SPEC }, \
{ "esp_link_now", ESP_LINK_NOW_SPEC }, \
+ { "esp_link_relro", ESP_LINK_RELRO_SPEC }, \
{ "esp_link_pie", ESP_LINK_PIE_SPEC }, \
{ "esp_link_pie_check", ESP_LINK_PIE_CHECK_SPEC }, \
{ "esp_driver_self", ESP_DRIVER_SELF_SPEC }, \
|
