zorry 18/05/02 22:52:30 Modified: 13_all_default-ssp-fix.patch README.history Added: 35_all_i386_libgcc_note.GNU-stack.patch 55_all_extra-options.patch Log: Add more patches for gcc 8.1.0 patchset 1.1
Revision Changes Path 1.2 src/patchsets/gcc/8.1.0/gentoo/13_all_default-ssp-fix.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/13_all_default-ssp-fix.patch?rev=1.2&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/13_all_default-ssp-fix.patch?rev=1.2&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/13_all_default-ssp-fix.patch?r1=1.1&r2=1.2 Index: 13_all_default-ssp-fix.patch =================================================================== RCS file: /var/cvsroot/gentoo/src/patchsets/gcc/8.1.0/gentoo/13_all_default-ssp-fix.patch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- 13_all_default-ssp-fix.patch 2 May 2018 22:17:17 -0000 1.1 +++ 13_all_default-ssp-fix.patch 2 May 2018 22:52:30 -0000 1.2 @@ -1,48 +1,32 @@ -We disable ssp on -nostdlib and -ffreestanding as we did on older gcc -and change the buffer size. +Disable ssp on -nostdlib, -nodefaultlibs and -ffreestanding +Change the buffer size. ---- a/gcc/c-family/c-opts.c -+++ b/gcc/c-family/c-opts.c -@@ -450,7 +450,14 @@ +--- a/gcc/gcc.c 2017-07-04 09:15:57.740793000 +0200 ++++ b/gcc/gcc.c 2018-03-02 13:58:44.387741114 +0100 +@@ -857,6 +857,12 @@ proper position among the other output f + #define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G" + #endif - case OPT_ffreestanding: - value = !value; -+ if (global_options.x_flag_stack_protect == -1) -+ global_options.x_flag_stack_protect = 0; - /* Fall through. */ ++#ifdef ENABLE_DEFAULT_SSP ++#define NO_SSP_SPEC "%{nostdlib|nodefaultlibs|ffreestanding:-fno-stack-protector} " ++#else ++#define NO_SSP_SPEC "" ++#endif + -+ case OPT_nostdlib: -+ if (global_options.x_flag_stack_protect == -1) -+ global_options.x_flag_stack_protect = 0; -+ - case OPT_fhosted: - flag_hosted = value; - flag_no_builtin = !value; ---- a/gcc/c-family/c.opt -+++ b/gcc/c-family/c.opt -@@ -1647,6 +1647,10 @@ nostdinc++ - C++ ObjC++ - Do not search standard system include directories for C++. - -+nostdlib -+C ObjC C++ ObjC++ -+; Documented in common.opt -+ - o - C ObjC C++ ObjC++ Joined Separate - ; Documented in common.opt ---- a/gcc/gcc.c -+++ b/gcc/gcc.c -@@ -1145,6 +1145,7 @@ + #ifndef LINK_SSP_SPEC + #ifdef TARGET_LIBC_PROVIDES_SSP + #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \ +@@ -1131,7 +1148,7 @@ static const char *cc1_options = + %{-version:--version}\ %{-help=*:--help=%*}\ %{!fsyntax-only:%{S:%W{o*}%{!o*:-o %b.s}}}\ - %{fsyntax-only:-o %j} %{-param*}\ -+ %{nostdlib:-nostdlib}\ +- %{fsyntax-only:-o %j} %{-param*}\ ++ %{fsyntax-only:-o %j} %{-param*} " NO_SSP_SPEC "\ %{coverage:-fprofile-arcs -ftest-coverage}\ %{fprofile-arcs|fprofile-generate*|coverage:\ - %{!fprofile-update=single:\ ---- a/gcc/params.def -+++ b/gcc/params.def + %{!fprofile-update=singel:\ +--- a/gcc/params.def 2016-03-30 09:47:40.000000000 +0200 ++++ b/gcc/params.def 2016-09-19 12:56:58.443179039 +0200 @@ -673,7 +673,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT, DEFPARAM (PARAM_SSP_BUFFER_SIZE, "ssp-buffer-size", 1.2 src/patchsets/gcc/8.1.0/gentoo/README.history file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/README.history?rev=1.2&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/README.history?rev=1.2&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/README.history?r1=1.1&r2=1.2 Index: README.history =================================================================== RCS file: /var/cvsroot/gentoo/src/patchsets/gcc/8.1.0/gentoo/README.history,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- README.history 2 May 2018 22:17:17 -0000 1.1 +++ README.history 2 May 2018 22:52:30 -0000 1.2 @@ -1,4 +1,8 @@ -1.0 05 May 2018 +1.1 03 May 2018 + U 13_all_default-ssp-fix.patch + + 35_all_i386_libgcc_note.GNU-stack.patch + + 55_all_extra-options.patch +1.0 03 May 2018 + 92_all_sh-drop-sysroot-suffix.patch + 10_all_default-fortify-source.patch + 11_all_default-warn-format-security.patch 1.1 src/patchsets/gcc/8.1.0/gentoo/35_all_i386_libgcc_note.GNU-stack.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/35_all_i386_libgcc_note.GNU-stack.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/35_all_i386_libgcc_note.GNU-stack.patch?rev=1.1&content-type=text/plain Index: 35_all_i386_libgcc_note.GNU-stack.patch =================================================================== --- a/libgcc/config/i386/resms64.h 2018-01-03 11:03:58.000000000 +0100 +++ b/libgcc/config/i386/resms64.h 2018-05-01 12:59:48.942833419 +0200 @@ -57,3 +57,6 @@ MS2SYSV_STUB_END(resms64_17) MS2SYSV_STUB_END(resms64_18) #endif /* __x86_64__ */ +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif --- a/libgcc/config/i386/resms64f.h 2018-01-03 11:03:58.000000000 +0100 +++ b/libgcc/config/i386/resms64f.h 2018-05-01 13:00:23.422832853 +0200 @@ -55,3 +55,6 @@ MS2SYSV_STUB_END(resms64f_16) MS2SYSV_STUB_END(resms64f_17) #endif /* __x86_64__ */ +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif --- a/libgcc/config/i386/resms64fx.h 2018-02-26 20:46:34.000000000 +0100 +++ b/libgcc/config/i386/resms64fx.h 2018-05-01 13:06:49.682826518 +0200 @@ -62,3 +62,6 @@ MS2SYSV_STUB_END(resms64fx_16) MS2SYSV_STUB_END(resms64fx_17) #endif /* __x86_64__ */ +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif --- a/libgcc/config/i386/resms64x.h 2018-02-26 20:46:34.000000000 +0100 +++ b/libgcc/config/i386/resms64x.h 2018-05-01 13:07:21.702825993 +0200 @@ -63,3 +63,6 @@ MS2SYSV_STUB_END(resms64x_17) MS2SYSV_STUB_END(resms64x_18) #endif /* __x86_64__ */ +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif --- a/libgcc/config/i386/savms64.h 2018-01-03 11:03:58.000000000 +0100 +++ b/libgcc/config/i386/savms64.h 2018-05-01 13:07:48.952825546 +0200 @@ -57,3 +57,6 @@ MS2SYSV_STUB_END(savms64_17) MS2SYSV_STUB_END(savms64_18) #endif /* __x86_64__ */ +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif --- a/libgcc/config/i386/savms64f.h 2018-01-03 11:03:58.000000000 +0100 +++ b/libgcc/config/i386/savms64f.h 2018-05-01 13:08:30.082824871 +0200 @@ -55,3 +55,6 @@ MS2SYSV_STUB_END(savms64f_16) MS2SYSV_STUB_END(savms64f_17) #endif /* __x86_64__ */ +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif 1.1 src/patchsets/gcc/8.1.0/gentoo/55_all_extra-options.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/55_all_extra-options.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/8.1.0/gentoo/55_all_extra-options.patch?rev=1.1&content-type=text/plain Index: 55_all_extra-options.patch =================================================================== On Hardened we add some options like -fstack-clash-protection and -z now --- a/gcc/common.opt 2018-03-28 16:51:09.000000000 +0200 +++ a/gcc/common.opt 2018-04-30 15:35:55.274096877 +0200 @@ -2367,7 +2367,7 @@ Common Alias(fstack-check=, specific, no Insert stack checking code into the program. Same as -fstack-check=specific. fstack-clash-protection -Common Report Var(flag_stack_clash_protection) Optimization +Common Report Var(flag_stack_clash_protection) Optimization Init(-1) Insert code to probe each page of stack space as it is allocated to protect from stack-clash style attacks. --- a/gcc/defaults.h 2018-01-03 11:03:58.000000000 +0100 +++ b/gcc/defaults.h 2018-05-01 12:41:29.522851451 +0200 @@ -1435,6 +1435,15 @@ see the files COPYING3 and COPYING.RUNTI #define STACK_CHECK_MAX_VAR_SIZE (STACK_CHECK_MAX_FRAME_SIZE / 100) #endif +/* Default value for flag_clash_protector when flag_clash_protector is + initialized to -1. */ +#ifdef ENABLE_ESP +#define DEFAULT_FLAG_SCP 1 +#endif +#ifndef DEFAULT_FLAG_SCP +#define DEFAULT_FLAG_SCP 0 +#endif + /* By default, the C++ compiler will use function addresses in the vtable entries. Setting this nonzero tells the compiler to use function descriptors instead. The value of this macro says how --- a/gcc/toplev.c 2018-02-13 17:18:37.000000000 +0100 +++ b/toplev.c 2018-04-30 16:46:37.244027303 +0200 @@ -1682,6 +1682,10 @@ process_options (void) /* -fstack-clash-protection is not currently supported on targets where the stack grows up. */ + if (flag_stack_clash_protection == -1) + { + flag_stack_clash_protection = DEFAULT_FLAG_SCP; + } if (flag_stack_clash_protection && !STACK_GROWS_DOWNWARD) { warning_at (UNKNOWN_LOCATION, 0, --- a/libgcc/Makefile.in 2011-11-22 04:01:02.000000000 +0100 +++ b/libgcc/Makefile.in 2011-12-25 15:18:22.449610631 +0100 @@ -225,7 +225,7 @@ endif LIBGCC2_DEBUG_CFLAGS = -g LIBGCC2_CFLAGS = -O2 $(LIBGCC2_INCLUDES) $(GCC_CFLAGS) $(HOST_LIBGCC2_CFLAGS) \ $(LIBGCC2_DEBUG_CFLAGS) -DIN_LIBGCC2 \ - -fbuilding-libgcc -fno-stack-protector \ + -fbuilding-libgcc -fno-stack-protector -fno-stack-clash-protection \ $(INHIBIT_LIBC_CFLAGS) # Additional options to use when compiling libgcc2.a. @@ -279,7 +290,7 @@ INTERNAL_CFLAGS = $(CFLAGS) $(LIBGCC2_CF -finhibit-size-directive -fno-inline -fno-exceptions \ -fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \ -fbuilding-libgcc -fno-stack-protector $(FORCE_EXPLICIT_EH_REGISTRY) \ - $(INHIBIT_LIBC_CFLAGS) + -fno-stack-clash-protection $(INHIBIT_LIBC_CFLAGS) # Extra flags to use when compiling crt{begin,end}.o. CRTSTUFF_T_CFLAGS = --- a/gcc/gcc.c 2016-02-19 23:18:38.000000000 +0100 +++ b/gcc/gcc.c 2016-05-02 22:56:10.185721270 +0200 @@ -868,6 +868,12 @@ proper position among the other output f #endif #endif +#ifdef EXTRA_OPTIONS +#define LINK_NOW_SPEC "%{!nonow:-z now} " +#else +#define LINK_NOW_SPEC "" +#endif + #ifdef ENABLE_DEFAULT_PIE #define NO_PIE_SPEC "no-pie|static" #define PIE_SPEC NO_PIE_SPEC "|r|shared:;" @@ -1013,7 +1020,7 @@ proper position among the other output f %(linker) " \ LINK_PLUGIN_SPEC \ "%{flto|flto=*:%<fcompare-debug*} \ - %{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC \ + %{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC LINK_NOW_SPEC \ "%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \ "%X %{o*} %{e*} %{N} %{n} %{r}\ %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}} \