diff options
Diffstat (limited to 'main/gcc/141_all_gcc49_config_esp_alpine.patch')
-rw-r--r-- | main/gcc/141_all_gcc49_config_esp_alpine.patch | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/main/gcc/141_all_gcc49_config_esp_alpine.patch b/main/gcc/141_all_gcc49_config_esp_alpine.patch new file mode 100644 index 000000000..b8c88e286 --- /dev/null +++ b/main/gcc/141_all_gcc49_config_esp_alpine.patch @@ -0,0 +1,67 @@ +Apply Alpine Linux specific differences to Gentoo ESP configuration: +- default PIE and SSP by default without additional CFLAGS (to clean up APKBUILD) +- do not enable -fstack-check by default (caused failures in programs that setup + small stack in musl) +- enable -z relro by default +- enable -fstack-protector-strong instead of -fstack-protector-all by default + +--- gcc-4.9.2/gcc/config/esp.h 2014-12-10 15:54:19.925060848 +0000 ++++ gcc-4.9.2/gcc/config/esp.h 2014-12-10 15:59:16.793850060 +0000 +@@ -4,7 +4,7 @@ + #ifndef GCC_ESP_H + #define GCC_ESP_H + +-/* This file will add -fstack-protector-all, -fstack-check, -fPIE, -pie and -z now ++/* This file will add -fstack-protector-strong, -fPIE, -pie, -z relro and -z now + as default if the defines and the spec allow it. + Added a hack for gcc-specs-* in toolchain-funcs.eclass and _filter-hardened in flag-o-matic.eclass + to support older hardened GCC patches and we don't need to change the code on gcc-specs-* and _filter-hardened. +@@ -16,11 +16,14 @@ + ENABLE_CRTBEGINP add support for crtbeginP.o, build -static with -fPIE or -fpie. + */ + #ifdef ENABLE_ESP ++ ++ /* Enable by default on Alpine */ ++ #define EFAULT_PIE_SSP + + /* Hack to support gcc-specs-* in toolchain-funcs.eclass and _filter-hardened in flag-o-matic.eclass */ + #define ESP_CC1_SPEC " %(esp_cc1_ssp) %(esp_cc1_pie) %(esp_cc1_strict_overflow)" + #if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP ) +- #define ESP_CC1_SSP_SPEC "%{!fno-stack-protector: %{!fno-stack-protector-all: %{!fno-stack-check: }}}" ++ #define ESP_CC1_SSP_SPEC "%{!fno-stack-protector: %{!fno-stack-protector-all: }}" + #else + #define ESP_CC1_SSP_SPEC "" + #endif +@@ -34,20 +37,20 @@ + /* ESP_LINK_SPEC is added to LINK_PIE_SPEC if esp is enable + -z now will be added if we don't have -vanilla spec. We do a -pie incompatible check + Don't remove the specs in the end */ +- #define ESP_LINK_SPEC "%(esp_link_now) %(esp_link_pie_check) " ++ #define ESP_LINK_SPEC "%(esp_link_now) %(esp_link_relro) %(esp_link_pie_check) " + #define ESP_LINK_NOW_SPEC "%{!nonow:-z now}" ++ #define ESP_LINK_RELRO_SPEC "%{!norelro:-z relro}" + + /* We use ESP_DRIVER_SELF_SPEC to add pie and ssp command-line options. */ + #define ESP_DRIVER_SELF_SPEC "%{D__KERNEL__:;:%{!nopie:%(esp_options_pie) \ + %(esp_link_pie)} %(esp_options_ssp) }" + +- /* This will add -fstack-protector-all if we don't have -nostdlib -nodefaultlibs -fno-stack-protector -fstack-protector ++ /* This will add -fstack-protector-strong if we don't have -nostdlib -nodefaultlibs -fno-stack-protector -fstack-protector + -fstack-protector-all and we have EFAULT_SSP or EFAULT_PIE_SSP defined. */ + #if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP ) + #define ESP_OPTIONS_SSP_SPEC \ + "%{nostdlib|ffreestanding|fno-stack-protector|fstack-protector| \ +- fstack-protector-all|fstack-protector-strong:;:-fstack-protector-all} \ +- %{fstack-check|fstack-check=*:;: -fstack-check}" ++ fstack-protector-all|fstack-protector-strong:;:-fstack-protector-strong}" + #else + #define ESP_OPTIONS_SSP_SPEC "" + #endif +@@ -115,6 +118,7 @@ + { "esp_cc1_strict_overflow", ESP_CC1_STRICT_OVERFLOW_SPEC }, \ + { "esp_link", ESP_LINK_SPEC }, \ + { "esp_link_now", ESP_LINK_NOW_SPEC }, \ ++ { "esp_link_relro", ESP_LINK_RELRO_SPEC }, \ + { "esp_link_pie", ESP_LINK_PIE_SPEC }, \ + { "esp_link_pie_check", ESP_LINK_PIE_CHECK_SPEC }, \ + { "esp_driver_self", ESP_DRIVER_SELF_SPEC }, \ |