1 files changed, 67 insertions, 0 deletions
diff --git a/main/gcc/141_all_gcc49_config_esp_alpine.patch b/main/gcc/141_all_gcc49_config_esp_alpine.patch
new file mode 100644
index 000000000..b8c88e286
--- /dev/null
+++ b/main/gcc/141_all_gcc49_config_esp_alpine.patch
@@ -0,0 +1,67 @@
+Apply Alpine Linux specific differences to Gentoo ESP configuration:
+- default PIE and SSP by default without additional CFLAGS (to clean up APKBUILD)
+- do not enable -fstack-check by default (caused failures in programs that setup
+  small stack in musl)
+- enable -z relro by default
+- enable -fstack-protector-strong instead of -fstack-protector-all by default
+
+--- gcc-4.9.2/gcc/config/esp.h	2014-12-10 15:54:19.925060848 +0000
++++ gcc-4.9.2/gcc/config/esp.h	2014-12-10 15:59:16.793850060 +0000
+@@ -4,7 +4,7 @@
+ #ifndef GCC_ESP_H
+ #define GCC_ESP_H
+ 
+-/*	This file will add -fstack-protector-all, -fstack-check, -fPIE, -pie and -z now 
++/*	This file will add -fstack-protector-strong, -fPIE, -pie, -z relro and -z now 
+ 	as default if the defines and the spec allow it.
+ 	Added a hack for gcc-specs-* in toolchain-funcs.eclass and _filter-hardened in flag-o-matic.eclass
+ 	to support older hardened GCC patches and we don't need to change the code on gcc-specs-* and _filter-hardened.
+@@ -16,11 +16,14 @@
+ 	ENABLE_CRTBEGINP add support for crtbeginP.o, build -static with -fPIE or -fpie.
+ */
+ #ifdef ENABLE_ESP
++
++	/* Enable by default on Alpine */
++	#define EFAULT_PIE_SSP
+ 	
+ 	/* Hack to support gcc-specs-* in toolchain-funcs.eclass and _filter-hardened in flag-o-matic.eclass  */
+ 	#define ESP_CC1_SPEC " %(esp_cc1_ssp) %(esp_cc1_pie) %(esp_cc1_strict_overflow)"
+ 	#if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP )
+-		#define ESP_CC1_SSP_SPEC "%{!fno-stack-protector: %{!fno-stack-protector-all: %{!fno-stack-check: }}}"
++		#define ESP_CC1_SSP_SPEC "%{!fno-stack-protector: %{!fno-stack-protector-all: }}"
+ 	#else
+ 		#define ESP_CC1_SSP_SPEC ""
+ 	#endif
+@@ -34,20 +37,20 @@
+ 	/*	ESP_LINK_SPEC is added to LINK_PIE_SPEC if esp is enable
+ 		-z now will be added if we don't have -vanilla spec. We do a -pie incompatible check
+ 		Don't remove the specs in the end  */
+-	#define ESP_LINK_SPEC "%(esp_link_now) %(esp_link_pie_check) "
++	#define ESP_LINK_SPEC "%(esp_link_now) %(esp_link_relro) %(esp_link_pie_check) "
+ 	#define ESP_LINK_NOW_SPEC "%{!nonow:-z now}"
++	#define ESP_LINK_RELRO_SPEC "%{!norelro:-z relro}"
+ 
+ 	/*	We use ESP_DRIVER_SELF_SPEC to add pie and ssp command-line options.  */
+ 	#define ESP_DRIVER_SELF_SPEC "%{D__KERNEL__:;:%{!nopie:%(esp_options_pie) \
+ 		%(esp_link_pie)} %(esp_options_ssp) }"
+ 	
+-	/*  This will add -fstack-protector-all if we don't have -nostdlib -nodefaultlibs -fno-stack-protector -fstack-protector
++	/*  This will add -fstack-protector-strong if we don't have -nostdlib -nodefaultlibs -fno-stack-protector -fstack-protector
+ 		-fstack-protector-all and we have EFAULT_SSP or EFAULT_PIE_SSP defined.  */
+ 	#if defined ( EFAULT_SSP ) || defined ( EFAULT_PIE_SSP )
+ 		#define ESP_OPTIONS_SSP_SPEC \
+ 			"%{nostdlib|ffreestanding|fno-stack-protector|fstack-protector| \
+-			fstack-protector-all|fstack-protector-strong:;:-fstack-protector-all} \
+-			%{fstack-check|fstack-check=*:;: -fstack-check}"
++			fstack-protector-all|fstack-protector-strong:;:-fstack-protector-strong}"
+ 	#else
+ 		#define ESP_OPTIONS_SSP_SPEC ""
+ 	#endif
+@@ -115,6 +118,7 @@
+ 		{ "esp_cc1_strict_overflow",					ESP_CC1_STRICT_OVERFLOW_SPEC },	\
+ 		{ "esp_link",								ESP_LINK_SPEC },				\
+ 		{ "esp_link_now",							ESP_LINK_NOW_SPEC },			\
++		{ "esp_link_relro",							ESP_LINK_RELRO_SPEC },			\
+ 		{ "esp_link_pie",							ESP_LINK_PIE_SPEC },			\
+ 		{ "esp_link_pie_check",						ESP_LINK_PIE_CHECK_SPEC },		\
+ 		{ "esp_driver_self",							ESP_DRIVER_SELF_SPEC },		\