From e89835b7d45a362bc47fee45c68102683921a761 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Tue, 25 Mar 2014 09:01:40 +0000
Subject: main/gcc: enable relro by default

ref #2614
---
 main/gcc/41_all_gcc48_config_esp_relro.patch | 30 +++++++++++++++++
 main/gcc/APKBUILD                            | 50 ++++++++++++++++++----------
 main/gcc/hardenednopie.specs                 | 12 +++++++
 main/gcc/hardenednopiessp.specs              |  4 +++
 main/gcc/hardenednossp.specs                 |  6 ++++
 main/gcc/vanilla.specs                       | 11 ++++++
 6 files changed, 96 insertions(+), 17 deletions(-)
 create mode 100644 main/gcc/41_all_gcc48_config_esp_relro.patch
 create mode 100644 main/gcc/hardenednopie.specs
 create mode 100644 main/gcc/hardenednopiessp.specs
 create mode 100644 main/gcc/hardenednossp.specs
 create mode 100644 main/gcc/vanilla.specs

(limited to 'main')

diff --git a/main/gcc/41_all_gcc48_config_esp_relro.patch b/main/gcc/41_all_gcc48_config_esp_relro.patch
new file mode 100644
index 000000000..3d6630299
--- /dev/null
+++ b/main/gcc/41_all_gcc48_config_esp_relro.patch
@@ -0,0 +1,30 @@
+--- gcc-4.8.2/gcc/config/esp.h.orig	2014-03-25 08:25:41.665838981 +0000
++++ gcc-4.8.2/gcc/config/esp.h	2014-03-25 08:28:24.415497899 +0000
+@@ -4,7 +4,7 @@
+ #ifndef GCC_ESP_H
+ #define GCC_ESP_H
+ 
+-/*	This file will add -fstack-protector-all, -fPIE, -pie and -z now 
++/*	This file will add -fstack-protector-all, -fPIE, -pie, -z now and -z relro
+ 	as default if the defines and the spec allow it.
+ 	Added a hack for gcc-specs-* in toolchain-funcs.eclass and _filter-hardened in flag-o-matic.eclass
+ 	to support older hardened GCC patches and we don't need to change the code on gcc-specs-* and _filter-hardened.
+@@ -34,8 +34,9 @@
+ 	/*	ESP_LINK_SPEC is added to LINK_PIE_SPEC if esp is enable
+ 		-z now will be added if we don't have -vanilla spec. We do a -pie incompatible check
+ 		Don't remove the specs in the end  */
+-	#define ESP_LINK_SPEC "%(esp_link_now) %(esp_link_pie_check) "
++	#define ESP_LINK_SPEC "%(esp_link_now) %(esp_link_relro) %(esp_link_pie_check) "
+ 	#define ESP_LINK_NOW_SPEC "%{!nonow:-z now}"
++	#define ESP_LINK_RELRO_SPEC "%{!norelro:-z relro}"
+ 
+ 	/*	We use ESP_ESP_DRIVER_SELF_SPEC to add pie and ssp command-line options.  */
+ 	#define ESP_DRIVER_SELF_SPEC "%{D__KERNEL__:;:%{!nopie:%(esp_options_pie) \
+@@ -114,6 +115,7 @@
+ 		{ "esp_cc1_strict_overflow",					ESP_CC1_STRICT_OVERFLOW_SPEC },	\
+ 		{ "esp_link",								ESP_LINK_SPEC },				\
+ 		{ "esp_link_now",							ESP_LINK_NOW_SPEC },			\
++		{ "esp_link_relro",							ESP_LINK_RELRO_SPEC },			\
+ 		{ "esp_link_pie",							ESP_LINK_PIE_SPEC },			\
+ 		{ "esp_link_pie_check",						ESP_LINK_PIE_CHECK_SPEC },		\
+ 		{ "esp_driver_self",							ESP_DRIVER_SELF_SPEC },		\
diff --git a/main/gcc/APKBUILD b/main/gcc/APKBUILD
index 206cc4dec..cba71842c 100644
--- a/main/gcc/APKBUILD
+++ b/main/gcc/APKBUILD
@@ -1,10 +1,6 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=gcc
 pkgver=4.8.2
-_pie_gcc_ver=4.8.1
-_piepatchver=0.5.7
-_specs_ver=0.2.0
-_specs_gcc_ver=4.4.3
 _uclibc_abiver=0.9.32
 _cross=""
 [ "$BOOTSTRAP" = "noheaders" ] && pkgname="gcc-pass1"
@@ -13,7 +9,7 @@ _cross=""
 	&& _cross="-$CTARGET"
 
 pkgname="$pkgname$_cross"
-pkgrel=5
+pkgrel=6
 pkgdesc="The GNU Compiler Collection"
 url="http://gcc.gnu.org"
 arch="all"
@@ -144,7 +140,6 @@ if $LANG_ADA; then
 fi
 
 source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-$pkgver.tar.bz2
-	http://distfiles.gentoo.org/distfiles/gcc-$_specs_gcc_ver-specs-$_specs_ver.tar.bz2
 	ftp://sourceware.org/pub/java/ecj-latest.jar
 
 	01_all_gcc48_configure.patch
@@ -157,6 +152,7 @@ source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-$pkgver.tar.bz2
 	34_all_gcc48_config_i386.patch
 	35_all_gcc48_config_arm.patch
 	40_all_gcc48_config_esp.patch
+	41_all_gcc48_config_esp_relro.patch
 
 	12_all_default-warn-trampolines.patch
 	15_all_libgfortran-Werror.patch
@@ -193,6 +189,11 @@ source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-$pkgver.tar.bz2
 	ada-crossbuild.patch
 	ada-shared.patch
 	ada-musl.patch
+
+	vanilla.specs
+	hardenednossp.specs
+	hardenednopie.specs
+	hardenednopiessp.specs
 	"
 
 # we build out-of-tree
@@ -237,7 +238,7 @@ prepare() {
 	# building gcc wih PIE seem to hit some strange bug. we probably run
 	# out of some resource. so we disable PIE for gcc while enabling it
 	# by default for everything else.
-	local _hard_cflags="-DEFAULT_PIE_SSP -DEFAULT_RELRO -DEFAULT_BIND_NOW"
+	local _hard_cflags="-DEFAULT_PIE_SSP"
 	sed -e "/^ALL_CFLAGS/iHARD_CFLAGS = ${_hard_cflags}" \
 		-e 's|^ALL_CFLAGS = |ALL_CFLAGS = $(HARD_CFLAGS) |' \
 		-e 's|^ALL_CXXFLAGS = |ALL_CXXFLAGS = $(HARD_CFLAGS) |' \
@@ -370,10 +371,13 @@ package() {
 	rm -f "$pkgdir"/usr/lib/libiberty.a
 
 	# install the specs
-	cd "$srcdir"/specs
-	install -d "$pkgdir"/$_gcclibdir
-	for i in *.specs; do
-		install -m644 $i "$pkgdir"/$_gcclibdir/$i || return 1
+	local i
+	for i in $source; do
+		case "$i" in
+		*.specs)
+			install -m644 "$srcdir"/$i "$pkgdir"/$_gcclibdir/$i || return 1
+			;;
+		esac
 	done
 
 	# we dont support gcj -static
@@ -645,7 +649,6 @@ gnat() {
 }
 
 md5sums="a3d7d63b9cb6b6ea049469a0c4a43c9d  gcc-4.8.2.tar.bz2
-441c76504e1d97170117c294e65c7a72  gcc-4.4.3-specs-0.2.0.tar.bz2
 d7cd6a27c8801e66cbaa964a039ecfdb  ecj-latest.jar
 485b2b9da364ad700f25de1c64d9cd06  01_all_gcc48_configure.patch
 2a8d6a9046efc9f44449b012cf12d7fd  02_all_gcc48_config.in.patch
@@ -657,6 +660,7 @@ ad7dbd7ac3fdcfb30d430b1d6069816f  20_all_gcc46_config_crtbeginp.patch
 b0910da9f2eb4fe6a684e680f6336491  34_all_gcc48_config_i386.patch
 adcc78e93f54b80210bc436041c1a6e7  35_all_gcc48_config_arm.patch
 4a3b0066ea21f5435ae51ddeb37ac173  40_all_gcc48_config_esp.patch
+8aab4963bceaee4d4448821bc7e1bbba  41_all_gcc48_config_esp_relro.patch
 f28e9334c58ce14f69a9e988026bc772  12_all_default-warn-trampolines.patch
 7eb9ad894dfdf1b3d4a8a407a339a6f1  15_all_libgfortran-Werror.patch
 452e457a0ac45e6f8f75eb6d6ba4d04b  16_all_libgomp-Werror.patch
@@ -689,9 +693,12 @@ e17bbb0fe802974e20645b4182b4c410  fix-gcj-iconv-musl.patch
 2b4235111d2e66f2c690eb340cb4178b  ada-fixes.patch
 d77c99bf7c03d082a540aaba1193be40  ada-crossbuild.patch
 20e2731c02ce50739ebdead2795f9c41  ada-shared.patch
-4e47bdae120129462244da0d89a573b3  ada-musl.patch"
+4e47bdae120129462244da0d89a573b3  ada-musl.patch
+a2f435d81e872a73a8b44a4581832af0  vanilla.specs
+17a31b8580de9dd9c06a1ed96886d538  hardenednossp.specs
+33ce2d221828a2d03978da52ba609524  hardenednopie.specs
+5c431710b72c6ec16ed21bcca83d9f87  hardenednopiessp.specs"
 sha256sums="09dc2276c73424bbbfda1dbddc62bbbf900c9f185acf7f3e1d773ce2d7e3cdc8  gcc-4.8.2.tar.bz2
-f6c7cb99beead66dd4d06f7004c5731a9360330cbe878ce79792c618e008eed2  gcc-4.4.3-specs-0.2.0.tar.bz2
 98fd128f1d374d9e42fd9d4836bdd249c6d511ebc6c0df17fbc1b9df96c3d781  ecj-latest.jar
 8dee116f723861166cfd137d5cc457e0c11fb2be8b1271e199b41e02bf70a102  01_all_gcc48_configure.patch
 f301cce95609650f57c5212b38daf5288b4e7c5fa37ae2892664d4c8ceaadfbf  02_all_gcc48_config.in.patch
@@ -703,6 +710,7 @@ f301cce95609650f57c5212b38daf5288b4e7c5fa37ae2892664d4c8ceaadfbf  02_all_gcc48_c
 150f17367d7f514fda9e0aac283e059b190a2251d7d9dfa2b5686b2bdc67b725  34_all_gcc48_config_i386.patch
 48e22b2794ae70985c418832f7845814d65e78abcf56d38205db4b760a1c5ffa  35_all_gcc48_config_arm.patch
 ff8c8d8f3f1444e274fb384859896e327101378fbace92c0ee65f02dd14503f1  40_all_gcc48_config_esp.patch
+11f1307cd8a0b2619ec9409a382ac63326c23abf8f9db429a167aa70d38c17b2  41_all_gcc48_config_esp_relro.patch
 ce7774aa13be5da274220258772ccbdd6f54abdad97a3798ba282865c809f042  12_all_default-warn-trampolines.patch
 8b1450d5a7756af2b890588005690785a663601e2b1533671b609aa8cce0f718  15_all_libgfortran-Werror.patch
 1f106fe03cede7c697bde7d81732e0d3bb2c7197e4967789182a5fd8db532900  16_all_libgomp-Werror.patch
@@ -735,9 +743,12 @@ de3c8606015ebda0dc574f904aa4d23c44c5e261b34dce2ef4d08eed21cb99b9  ada-no-pie.pat
 ca0db7f59e7af0c621751eee9e3775d4c00c4b663f82f9e04c53a2efb16edca1  ada-fixes.patch
 324524490c60d84ef040f79589e0f93fbaeb253dbe031484afaf963b881047e9  ada-crossbuild.patch
 d6c7fc1820a4fa285297c299c255fe2f19ce1695486f20edd098252a97545e6a  ada-shared.patch
-f20c34f3e0a1bf717f5e22fd66b57c8b69f0411d063203c017ed8209f349e1d4  ada-musl.patch"
+f20c34f3e0a1bf717f5e22fd66b57c8b69f0411d063203c017ed8209f349e1d4  ada-musl.patch
+1315d4c430b4d81c61d14a252d7681125fd7d79fde457c014c18c62c4f1aa1de  vanilla.specs
+50a46bb1c4d209ce687d13e74cc9e4e0b87cef4a8165d22fb9be243c9cf08374  hardenednossp.specs
+8eccfcf282fb54aadede7c23a8b5b843c0a63a55485e74d4332ab49025d38e78  hardenednopie.specs
+af85685ff501f5e0eaaa394628365425486dafe4780f0f683a4536ab60173cdf  hardenednopiessp.specs"
 sha512sums="2a3927481707b3bb7171076b596d9b69084edac82460df6fb35395592dd1e8fc5665577702ca746d5b454dec68b1c4e31b9de6adc9865d482f4b8736ec648b10  gcc-4.8.2.tar.bz2
-779ecb0a064d2138b54569c8ae501975b8a6b72e5a3acbf8597619a8db77ee42ef9b0e62608d5192a15e4393e7dfc009bb50b994782236faa744b2c46b5fe517  gcc-4.4.3-specs-0.2.0.tar.bz2
 d4e1bf7538ace56e3d69fa91da5bbd16c272923b4de0a9d8dee23ea2b75f9f38c603de72fc4061df49285c450b63f3df211cee5270e9fffc5447445d1a9c9e4e  ecj-latest.jar
 da16931bd0103388991cfc932540a1641ee3b81c10184baefa1e6a90061f0910efedc1118e45eb4a65a34965315d12a3ff2802a2058b31c8f57fa4f3655f8eee  01_all_gcc48_configure.patch
 21770259c7916e55568027926e4a543eea468b04436cc61c28f749be5a6635c48e68b7924a8eb19a76733a9d2f00921ba06faddaedbf14b1cdad5ab1810cc6c6  02_all_gcc48_config.in.patch
@@ -749,6 +760,7 @@ b0dd448e25d4ca8313eb2004b2bb020d5e1c0ff51d347686312625d1102093ba95a3b1267b4ec10b
 dd5b9b30eb7716cb3c010ca79a83ed6219ff6e6f2557deb4e1d26cecac0f2b14c4ef7bf4dc5c2aec88aae5463763f5f64454b8a627ebd1d0a5c92984017025ad  34_all_gcc48_config_i386.patch
 8829f85323d8b11e26e3c19ced4a51875fc63f1483cfdc4d0f579a6cb37e1b6e23fcf33a87a574a6e0007250374ea46d117a136e73a40fbe43f0e39d9b2dd1a8  35_all_gcc48_config_arm.patch
 a476a0163563c393557c30ea326a168d5ef88d88e8ca38dcacb0d29b7eed7ebcc283ab8d64fb5a34b0b2b20d1fd0075b33d4a1651a1f185f8475014a6d3ff983  40_all_gcc48_config_esp.patch
+f8428d88409e6c630d5cf4ddb932e7cdc9e1aeb97c9a09f82efe4a1c168937e58b55114f6afdd726e38b08898b6d9bf3c28361e445a1b51c14852124a71b96b9  41_all_gcc48_config_esp_relro.patch
 5069e4b741488913a646a9b5d871af8e7f7a606158ea09305d0ddd46257c5b659770627bc2ca3abeaae039da1717b3ba6c9cd90554a441da74eb4ecf24c13074  12_all_default-warn-trampolines.patch
 c18a99b7303a734fe4dca9d4e90e21d18e5bd71c7d91e1a26c86b1354c73f567590a875941bfe64ce59f0393023b91c606c96b30885c55b98a790c3ab0c84ca7  15_all_libgfortran-Werror.patch
 433404fd9bfa172d69fff4a5505e8648cbbbf5f052d2b4235608ff7af0c4063d557d25d80c85c5bd0d1e1ed64b568e7bbc0cdbce11cc74db4c0189af3a01634a  16_all_libgomp-Werror.patch
@@ -781,4 +793,8 @@ c731f4aaaa65c8950e1b2bd9331410f92d378fd8c7e718532dccaa27ee11984d51d74216c3611e89
 b37195a126476775e2ef16e0adc9173664c514339fb319f628debd8a4133fa53e022278387c68fc260cf813e58602617e9e629ea8177133bfdf5972398fe1c55  ada-fixes.patch
 4d411563f6a3ea06bc3a1f4fa77d10250cc275e2496df6039d93f9b2229bc1f5334e484494dbd08881cf046f98aaca8bdddaa6b4a8f947b936d0bdc9e91f2f2b  ada-crossbuild.patch
 3f5bc334d9f73d06f5f7c876738d02356acdd08958bea0e4d2095ebf15c2c2ec4e411abdae0297505ae9a1699ca01b17338e853184e84663203b192b0d35fc19  ada-shared.patch
-7f6dc922a2c80b1c8c5ed0b6d6e4c1e672984f54bb217f28517929af129892e42c45f7aea4b9c50d8bbc008384b7ae19e1475c79f08b78775709720fe317c8f3  ada-musl.patch"
+7f6dc922a2c80b1c8c5ed0b6d6e4c1e672984f54bb217f28517929af129892e42c45f7aea4b9c50d8bbc008384b7ae19e1475c79f08b78775709720fe317c8f3  ada-musl.patch
+83a0996a48096032bcc674a6d28524f1cd2d81837621ebe4c15b5aedbd551c77ce5576b6307adb673ef0e4ac0431d935ad6a427edca2af5c21b6be9176bfaddb  vanilla.specs
+e4d38905527c500c61c421d782a8ac6ef2b034b15fd81d868486ac330a70922937d3c47e0684e9f3250744569b56a8df199499a4a5c107a6d544dca84458dc12  hardenednossp.specs
+b56f7c308c5aefd0cfc647abd75939508a6640c53fce7c19da7c7d8ef4405d29b0d88800117fc7ff8d0022b035d511fb6d478e745bb2ed12a1b63f9f8cf3e168  hardenednopie.specs
+f5ac7282201006548ed2bd835234af64d6f79f13f0b9a3410f5c794537e0ea91601361ae72180f49870b6b0f9af5f16002c86660feb94df346b9b1d9602e9d3a  hardenednopiessp.specs"
diff --git a/main/gcc/hardenednopie.specs b/main/gcc/hardenednopie.specs
new file mode 100644
index 000000000..ccc4d7643
--- /dev/null
+++ b/main/gcc/hardenednopie.specs
@@ -0,0 +1,12 @@
+*esp_cc1_pie:
+
+
+*esp_options_pie:
+
+
+*esp_link_pie_check:
+
+
+*esp_link_pie:
+
+
diff --git a/main/gcc/hardenednopiessp.specs b/main/gcc/hardenednopiessp.specs
new file mode 100644
index 000000000..307abbdaa
--- /dev/null
+++ b/main/gcc/hardenednopiessp.specs
@@ -0,0 +1,4 @@
+%include <hardenednossp.specs>
+%include <hardenednopie.specs>
+
+
diff --git a/main/gcc/hardenednossp.specs b/main/gcc/hardenednossp.specs
new file mode 100644
index 000000000..2c6a8d095
--- /dev/null
+++ b/main/gcc/hardenednossp.specs
@@ -0,0 +1,6 @@
+*esp_cc1_ssp:
+
+
+*esp_options_ssp:
+
+
diff --git a/main/gcc/vanilla.specs b/main/gcc/vanilla.specs
new file mode 100644
index 000000000..545699de3
--- /dev/null
+++ b/main/gcc/vanilla.specs
@@ -0,0 +1,11 @@
+%include <hardenednossp.specs>
+%include <hardenednopie.specs>
+*esp_link_now:
+
+
+*esp_link_relro:
+
+
+*esp_cc1_strict_overflow:
+
+
-- 
cgit v1.2.3