diff options
-rw-r--r-- | system/gcc/001_all_default-ssp-strong.patch | 215 | ||||
-rw-r--r-- | system/gcc/APKBUILD | 4 |
2 files changed, 2 insertions, 217 deletions
diff --git a/system/gcc/001_all_default-ssp-strong.patch b/system/gcc/001_all_default-ssp-strong.patch deleted file mode 100644 index 95949eb00..000000000 --- a/system/gcc/001_all_default-ssp-strong.patch +++ /dev/null @@ -1,215 +0,0 @@ -# DP: Turn on -fstack-protector by default for C, C++, ObjC, ObjC++. -# DP: Build libgcc using -fno-stack-protector. - ---- - gcc/Makefile.in | 2 ++ - gcc/cp/lang-specs.h | 6 +++--- - gcc/doc/invoke.texi | 4 ++++ - gcc/gcc.c | 18 ++++++++++++++---- - gcc/objc/lang-specs.h | 10 +++++----- - gcc/objcp/lang-specs.h | 8 ++++---- - 6 files changed, 32 insertions(+), 16 deletions(-) - -Index: b/gcc/gcc.c -=================================================================== ---- a/gcc/gcc.c -+++ b/gcc/gcc.c -@@ -858,6 +858,14 @@ proper position among the other output f - #define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G" - #endif - -+#ifndef SSP_DEFAULT_SPEC -+#ifdef TARGET_LIBC_PROVIDES_SSP -+#define SSP_DEFAULT_SPEC "%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:%{!fstack-protector:-fstack-protector-strong}}}}}" -+#else -+#define SSP_DEFAULT_SPEC "" -+#endif -+#endif -+ - #ifndef LINK_SSP_SPEC - #ifdef TARGET_LIBC_PROVIDES_SSP - #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \ -@@ -1057,6 +1065,7 @@ static const char *cc1_spec = CC1_SPEC; - static const char *cc1plus_spec = CC1PLUS_SPEC; - static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC; - static const char *link_ssp_spec = LINK_SSP_SPEC; -+static const char *ssp_default_spec = SSP_DEFAULT_SPEC; - static const char *asm_spec = ASM_SPEC; - static const char *asm_final_spec = ASM_FINAL_SPEC; - static const char *link_spec = LINK_SPEC; -@@ -1112,7 +1121,7 @@ static const char *cpp_unique_options = - static const char *cpp_options = - "%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\ - %{f*} %{g*:%{!g0:%{g*} %{!fno-working-directory:-fworking-directory}}} %{O*}\ -- %{undef} %{save-temps*:-fpch-preprocess}"; -+ %{undef} %{save-temps*:-fpch-preprocess} %(ssp_default)"; - - /* This contains cpp options which are not passed when the preprocessor - output will be used by another program. */ -@@ -1301,9 +1310,9 @@ static const struct compiler default_com - %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \ - %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\ - cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \ -- %(cc1_options)}\ -+ %(cc1_options) %(ssp_default)}\ - %{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\ -- cc1 %(cpp_unique_options) %(cc1_options)}}}\ -+ cc1 %(cpp_unique_options) %(cc1_options) %(ssp_default)}}}\ - %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1}, - {"-", - "%{!E:%e-E or -x required when input is from standard input}\ -@@ -1328,7 +1337,7 @@ static const struct compiler default_com - %W{o*:--output-pch=%*}}%V}}}}}}}", 0, 0, 0}, - {".i", "@cpp-output", 0, 0, 0}, - {"@cpp-output", -- "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, -+ "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %(ssp_default) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, - {".s", "@assembler", 0, 0, 0}, - {"@assembler", - "%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0}, -@@ -1560,6 +1569,7 @@ static struct spec_list static_specs[] = - INIT_STATIC_SPEC ("cc1plus", &cc1plus_spec), - INIT_STATIC_SPEC ("link_gcc_c_sequence", &link_gcc_c_sequence_spec), - INIT_STATIC_SPEC ("link_ssp", &link_ssp_spec), -+ INIT_STATIC_SPEC ("ssp_default", &ssp_default_spec), - INIT_STATIC_SPEC ("endfile", &endfile_spec), - INIT_STATIC_SPEC ("link", &link_spec), - INIT_STATIC_SPEC ("lib", &lib_spec), -Index: b/gcc/cp/lang-specs.h -=================================================================== ---- a/gcc/cp/lang-specs.h -+++ b/gcc/cp/lang-specs.h -@@ -46,7 +46,7 @@ along with GCC; see the file COPYING3. - %(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\ - cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\ - %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\ -- %(cc1_options) %2\ -+ %(cc1_options) %(ssp_default) %2\ - %{!fsyntax-only:-o %g.s \ - %{!fdump-ada-spec*:%{!o*:--output-pch=%i.gch}\ - %W{o*:--output-pch=%*}}%V}}}}", -@@ -58,11 +58,11 @@ along with GCC; see the file COPYING3. - %(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\ - cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\ - %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\ -- %(cc1_options) %2\ -+ %(cc1_options) %(ssp_default) %2\ - %{!fsyntax-only:%(invoke_as)}}}}", - CPLUSPLUS_CPP_SPEC, 0, 0}, - {".ii", "@c++-cpp-output", 0, 0, 0}, - {"@c++-cpp-output", - "%{!M:%{!MM:%{!E:\ -- cc1plus -fpreprocessed %i %(cc1_options) %2\ -+ cc1plus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\ - %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, -Index: b/gcc/params.def -=================================================================== ---- a/gcc/params.def -+++ b/gcc/params.def -@@ -673,7 +673,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT, - DEFPARAM (PARAM_SSP_BUFFER_SIZE, - "ssp-buffer-size", - "The lower bound for a buffer to be considered for stack smashing protection.", -- 8, 1, 0) -+ 4, 1, 0) - - DEFPARAM (PARAM_MIN_SIZE_FOR_STACK_SHARING, - "min-size-for-stack-sharing", -Index: b/gcc/objc/lang-specs.h -=================================================================== ---- a/gcc/objc/lang-specs.h -+++ b/gcc/objc/lang-specs.h -@@ -29,9 +29,9 @@ along with GCC; see the file COPYING3. - %{traditional|traditional-cpp:\ - %eGNU Objective C no longer supports traditional compilation}\ - %{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\ -- cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}\ -+ cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}\ - %{!save-temps*:%{!no-integrated-cpp:\ -- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}}\ -+ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}}\ - %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, - {"@objective-c-header", - "%{E|M|MM:cc1obj -E %{traditional|traditional-cpp:-traditional-cpp}\ -@@ -40,18 +40,18 @@ along with GCC; see the file COPYING3. - %{traditional|traditional-cpp:\ - %eGNU Objective C no longer supports traditional compilation}\ - %{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\ -- cc1obj -fpreprocessed %b.mi %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ -+ cc1obj -fpreprocessed %b.mi %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\ - -o %g.s %{!o*:--output-pch=%i.gch}\ - %W{o*:--output-pch=%*}%V}\ - %{!save-temps*:%{!no-integrated-cpp:\ -- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ -+ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\ - -o %g.s %{!o*:--output-pch=%i.gch}\ - %W{o*:--output-pch=%*}%V}}}}}", 0, 0, 0}, - {".mi", "@objective-c-cpp-output", 0, 0, 0}, - {"@objective-c-cpp-output", -- "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ -+ "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\ - %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, - {"@objc-cpp-output", - "%nobjc-cpp-output is deprecated; please use objective-c-cpp-output instead\n\ -- %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ -+ %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\ - %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, -Index: b/gcc/objcp/lang-specs.h -=================================================================== ---- a/gcc/objcp/lang-specs.h -+++ b/gcc/objcp/lang-specs.h -@@ -36,7 +36,7 @@ along with GCC; see the file COPYING3. - %(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\ - cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\ - %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\ -- %(cc1_options) %2\ -+ %(cc1_options) %(ssp_default) %2\ - -o %g.s %{!o*:--output-pch=%i.gch} %W{o*:--output-pch=%*}%V}}}", - CPLUSPLUS_CPP_SPEC, 0, 0}, - {"@objective-c++", -@@ -46,16 +46,16 @@ along with GCC; see the file COPYING3. - %(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\ - cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\ - %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\ -- %(cc1_options) %2\ -+ %(cc1_options) %(ssp_default) %2\ - %{!fsyntax-only:%(invoke_as)}}}}", - CPLUSPLUS_CPP_SPEC, 0, 0}, - {".mii", "@objective-c++-cpp-output", 0, 0, 0}, - {"@objective-c++-cpp-output", - "%{!M:%{!MM:%{!E:\ -- cc1objplus -fpreprocessed %i %(cc1_options) %2\ -+ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\ - %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, - {"@objc++-cpp-output", - "%nobjc++-cpp-output is deprecated; please use objective-c++-cpp-output instead\n\ - %{!M:%{!MM:%{!E:\ -- cc1objplus -fpreprocessed %i %(cc1_options) %2\ -+ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\ - %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, -Index: b/gcc/doc/invoke.texi -=================================================================== ---- a/gcc/doc/invoke.texi -+++ b/gcc/doc/invoke.texi -@@ -9247,6 +9247,9 @@ - The minimum size of variables taking part in stack slot sharing when not - optimizing. The default value is 32. - -+The Alpine Linux default is "4", to increase -+the number of functions protected by the stack protector. -+ - @item max-jump-thread-duplication-stmts - Maximum number of statements allowed in a block that needs to be - duplicated when threading jumps. -@@ -10185,6 +10188,11 @@ - Like @option{-fstack-protector} but includes additional functions to - be protected --- those that have local array definitions, or have - references to local frame addresses. -+ -+NOTE: In Alpine Linux, -+@option{-fstack-protector-strong} is enabled by default for C, -+C++, ObjC, ObjC++, if none of @option{-fno-stack-protector}, -+@option{-nostdlib}, nor @option{-ffreestanding} are found. - - @item -fstack-protector-explicit - @opindex fstack-protector-explicit diff --git a/system/gcc/APKBUILD b/system/gcc/APKBUILD index f95655eb6..fdac8dbf6 100644 --- a/system/gcc/APKBUILD +++ b/system/gcc/APKBUILD @@ -146,7 +146,6 @@ source="https://ftp.gnu.org/gnu/gcc/gcc-$pkgver/gcc-$pkgver.tar.xz 0011-m68k.patch 0012-static-pie.patch - 001_all_default-ssp-strong.patch 002_all_default-relro.patch 005_all_default-as-needed.patch 011_all_default-warn-format-security.patch @@ -288,11 +287,13 @@ build() { --enable-checking=release \ --disable-fixed-point \ --disable-libstdcxx-pch \ + --disable-multiarch \ --disable-multilib \ --disable-werror \ $_symvers \ --enable-__cxa_atexit \ --enable-default-pie \ + --enable-default-ssp \ --enable-cloog-backend \ --enable-languages=$_languages \ $_arch_configure \ @@ -535,7 +536,6 @@ b8207c1be82b20fdad2596bb0a60469db52257456d0925bacf48b44899f4c6ece93c501347e1ffe9 66085c5555e6b91b6874d1782d5a1dc0ab1792889f9400f48cde9483f82b51b9e3a5de1efbba21a19fc5e664334f2188d0c2bc988d42335efa26118b3c85cc7f 0010-ldbl128-config.patch cd3ba928121e8578ba9f73215e4d81ee3ebbab33e00b04cdfd62b46d21f9536297ae12dc021aad6e56f3b28d9d544727331bbe6db1e3438d7b9545b2c3250906 0011-m68k.patch 45d5bc11a89e5af77503ca06eec52d6d84e6fea0be021aaee1bcc39f8dd3c7b4baa4200cfa2b0688faa0f207d005db89c029eff32f362207aa3d2365b2f2363e 0012-static-pie.patch -a1335adc2fbee98e36c4437ff2587771b98ed4180726779020f65039498235626a411cdb0100dbd20cd19d12f0d94f9a21af179ff624676c28cead9d60598b5d 001_all_default-ssp-strong.patch 625c02e03c2f1db04da12cc6a086ec85790a031a13df36486243fd9569cd17f7c8ebeec91ac16cc1f87c3ec1ffe4c421153e98a9aeb5eea35943a6f015d81f50 002_all_default-relro.patch 02b725b220e540077efef741e9d457f9e004fe53ae642a138e214875d076a60f7c2f27de0ed9a4225db2030fc9c3d2c5b0414c895b9eec0f5f48fad70e2fb029 005_all_default-as-needed.patch 622fdbcbbf2feb86bd839af627ec3613c6d2c77b14d37d31165b19f73f45b3663a203efff5d224f194edb15eb62d3d5885e32f85d1b584f071e580fea4e12664 011_all_default-warn-format-security.patch |