diff options
Diffstat (limited to 'system/gcc/001_all_default-ssp-strong.patch')
-rw-r--r-- | system/gcc/001_all_default-ssp-strong.patch | 215 |
1 files changed, 215 insertions, 0 deletions
diff --git a/system/gcc/001_all_default-ssp-strong.patch b/system/gcc/001_all_default-ssp-strong.patch new file mode 100644 index 000000000..95949eb00 --- /dev/null +++ b/system/gcc/001_all_default-ssp-strong.patch @@ -0,0 +1,215 @@ +# DP: Turn on -fstack-protector by default for C, C++, ObjC, ObjC++. +# DP: Build libgcc using -fno-stack-protector. + +--- + gcc/Makefile.in | 2 ++ + gcc/cp/lang-specs.h | 6 +++--- + gcc/doc/invoke.texi | 4 ++++ + gcc/gcc.c | 18 ++++++++++++++---- + gcc/objc/lang-specs.h | 10 +++++----- + gcc/objcp/lang-specs.h | 8 ++++---- + 6 files changed, 32 insertions(+), 16 deletions(-) + +Index: b/gcc/gcc.c +=================================================================== +--- a/gcc/gcc.c ++++ b/gcc/gcc.c +@@ -858,6 +858,14 @@ proper position among the other output f + #define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G" + #endif + ++#ifndef SSP_DEFAULT_SPEC ++#ifdef TARGET_LIBC_PROVIDES_SSP ++#define SSP_DEFAULT_SPEC "%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:%{!fstack-protector:-fstack-protector-strong}}}}}" ++#else ++#define SSP_DEFAULT_SPEC "" ++#endif ++#endif ++ + #ifndef LINK_SSP_SPEC + #ifdef TARGET_LIBC_PROVIDES_SSP + #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \ +@@ -1057,6 +1065,7 @@ static const char *cc1_spec = CC1_SPEC; + static const char *cc1plus_spec = CC1PLUS_SPEC; + static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC; + static const char *link_ssp_spec = LINK_SSP_SPEC; ++static const char *ssp_default_spec = SSP_DEFAULT_SPEC; + static const char *asm_spec = ASM_SPEC; + static const char *asm_final_spec = ASM_FINAL_SPEC; + static const char *link_spec = LINK_SPEC; +@@ -1112,7 +1121,7 @@ static const char *cpp_unique_options = + static const char *cpp_options = + "%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\ + %{f*} %{g*:%{!g0:%{g*} %{!fno-working-directory:-fworking-directory}}} %{O*}\ +- %{undef} %{save-temps*:-fpch-preprocess}"; ++ %{undef} %{save-temps*:-fpch-preprocess} %(ssp_default)"; + + /* This contains cpp options which are not passed when the preprocessor + output will be used by another program. */ +@@ -1301,9 +1310,9 @@ static const struct compiler default_com + %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \ + %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\ + cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \ +- %(cc1_options)}\ ++ %(cc1_options) %(ssp_default)}\ + %{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\ +- cc1 %(cpp_unique_options) %(cc1_options)}}}\ ++ cc1 %(cpp_unique_options) %(cc1_options) %(ssp_default)}}}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1}, + {"-", + "%{!E:%e-E or -x required when input is from standard input}\ +@@ -1328,7 +1337,7 @@ static const struct compiler default_com + %W{o*:--output-pch=%*}}%V}}}}}}}", 0, 0, 0}, + {".i", "@cpp-output", 0, 0, 0}, + {"@cpp-output", +- "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, ++ "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %(ssp_default) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {".s", "@assembler", 0, 0, 0}, + {"@assembler", + "%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0}, +@@ -1560,6 +1569,7 @@ static struct spec_list static_specs[] = + INIT_STATIC_SPEC ("cc1plus", &cc1plus_spec), + INIT_STATIC_SPEC ("link_gcc_c_sequence", &link_gcc_c_sequence_spec), + INIT_STATIC_SPEC ("link_ssp", &link_ssp_spec), ++ INIT_STATIC_SPEC ("ssp_default", &ssp_default_spec), + INIT_STATIC_SPEC ("endfile", &endfile_spec), + INIT_STATIC_SPEC ("link", &link_spec), + INIT_STATIC_SPEC ("lib", &lib_spec), +Index: b/gcc/cp/lang-specs.h +=================================================================== +--- a/gcc/cp/lang-specs.h ++++ b/gcc/cp/lang-specs.h +@@ -46,7 +46,7 @@ along with GCC; see the file COPYING3. + %(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\ + cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\ + %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\ +- %(cc1_options) %2\ ++ %(cc1_options) %(ssp_default) %2\ + %{!fsyntax-only:-o %g.s \ + %{!fdump-ada-spec*:%{!o*:--output-pch=%i.gch}\ + %W{o*:--output-pch=%*}}%V}}}}", +@@ -58,11 +58,11 @@ along with GCC; see the file COPYING3. + %(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\ + cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\ + %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\ +- %(cc1_options) %2\ ++ %(cc1_options) %(ssp_default) %2\ + %{!fsyntax-only:%(invoke_as)}}}}", + CPLUSPLUS_CPP_SPEC, 0, 0}, + {".ii", "@c++-cpp-output", 0, 0, 0}, + {"@c++-cpp-output", + "%{!M:%{!MM:%{!E:\ +- cc1plus -fpreprocessed %i %(cc1_options) %2\ ++ cc1plus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, +Index: b/gcc/params.def +=================================================================== +--- a/gcc/params.def ++++ b/gcc/params.def +@@ -673,7 +673,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT, + DEFPARAM (PARAM_SSP_BUFFER_SIZE, + "ssp-buffer-size", + "The lower bound for a buffer to be considered for stack smashing protection.", +- 8, 1, 0) ++ 4, 1, 0) + + DEFPARAM (PARAM_MIN_SIZE_FOR_STACK_SHARING, + "min-size-for-stack-sharing", +Index: b/gcc/objc/lang-specs.h +=================================================================== +--- a/gcc/objc/lang-specs.h ++++ b/gcc/objc/lang-specs.h +@@ -29,9 +29,9 @@ along with GCC; see the file COPYING3. + %{traditional|traditional-cpp:\ + %eGNU Objective C no longer supports traditional compilation}\ + %{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\ +- cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}\ ++ cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}\ + %{!save-temps*:%{!no-integrated-cpp:\ +- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}}\ ++ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {"@objective-c-header", + "%{E|M|MM:cc1obj -E %{traditional|traditional-cpp:-traditional-cpp}\ +@@ -40,18 +40,18 @@ along with GCC; see the file COPYING3. + %{traditional|traditional-cpp:\ + %eGNU Objective C no longer supports traditional compilation}\ + %{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\ +- cc1obj -fpreprocessed %b.mi %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ cc1obj -fpreprocessed %b.mi %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\ + -o %g.s %{!o*:--output-pch=%i.gch}\ + %W{o*:--output-pch=%*}%V}\ + %{!save-temps*:%{!no-integrated-cpp:\ +- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\ + -o %g.s %{!o*:--output-pch=%i.gch}\ + %W{o*:--output-pch=%*}%V}}}}}", 0, 0, 0}, + {".mi", "@objective-c-cpp-output", 0, 0, 0}, + {"@objective-c-cpp-output", +- "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {"@objc-cpp-output", + "%nobjc-cpp-output is deprecated; please use objective-c-cpp-output instead\n\ +- %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, +Index: b/gcc/objcp/lang-specs.h +=================================================================== +--- a/gcc/objcp/lang-specs.h ++++ b/gcc/objcp/lang-specs.h +@@ -36,7 +36,7 @@ along with GCC; see the file COPYING3. + %(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\ + cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\ + %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\ +- %(cc1_options) %2\ ++ %(cc1_options) %(ssp_default) %2\ + -o %g.s %{!o*:--output-pch=%i.gch} %W{o*:--output-pch=%*}%V}}}", + CPLUSPLUS_CPP_SPEC, 0, 0}, + {"@objective-c++", +@@ -46,16 +46,16 @@ along with GCC; see the file COPYING3. + %(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\ + cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\ + %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\ +- %(cc1_options) %2\ ++ %(cc1_options) %(ssp_default) %2\ + %{!fsyntax-only:%(invoke_as)}}}}", + CPLUSPLUS_CPP_SPEC, 0, 0}, + {".mii", "@objective-c++-cpp-output", 0, 0, 0}, + {"@objective-c++-cpp-output", + "%{!M:%{!MM:%{!E:\ +- cc1objplus -fpreprocessed %i %(cc1_options) %2\ ++ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {"@objc++-cpp-output", + "%nobjc++-cpp-output is deprecated; please use objective-c++-cpp-output instead\n\ + %{!M:%{!MM:%{!E:\ +- cc1objplus -fpreprocessed %i %(cc1_options) %2\ ++ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, +Index: b/gcc/doc/invoke.texi +=================================================================== +--- a/gcc/doc/invoke.texi ++++ b/gcc/doc/invoke.texi +@@ -9247,6 +9247,9 @@ + The minimum size of variables taking part in stack slot sharing when not + optimizing. The default value is 32. + ++The Alpine Linux default is "4", to increase ++the number of functions protected by the stack protector. ++ + @item max-jump-thread-duplication-stmts + Maximum number of statements allowed in a block that needs to be + duplicated when threading jumps. +@@ -10185,6 +10188,11 @@ + Like @option{-fstack-protector} but includes additional functions to + be protected --- those that have local array definitions, or have + references to local frame addresses. ++ ++NOTE: In Alpine Linux, ++@option{-fstack-protector-strong} is enabled by default for C, ++C++, ObjC, ObjC++, if none of @option{-fno-stack-protector}, ++@option{-nostdlib}, nor @option{-ffreestanding} are found. + + @item -fstack-protector-explicit + @opindex fstack-protector-explicit |