summaryrefslogtreecommitdiff
path: root/system/gcc/002_all_default-relro.patch
diff options
context:
space:
mode:
Diffstat (limited to 'system/gcc/002_all_default-relro.patch')
-rw-r--r--system/gcc/002_all_default-relro.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/system/gcc/002_all_default-relro.patch b/system/gcc/002_all_default-relro.patch
new file mode 100644
index 000000000..c461017dc
--- /dev/null
+++ b/system/gcc/002_all_default-relro.patch
@@ -0,0 +1,33 @@
+# Turn on -Wl,-z,relro,-z,now by default.
+
+---
+ gcc/doc/invoke.texi | 3 +++
+ gcc/gcc.c | 1 +
+ 2 files changed, 4 insertions(+), 0 deletions(-)
+
+Index: b/gcc/doc/invoke.texi
+===================================================================
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -11424,6 +11424,9 @@ For example, @option{-Wl,-Map,output.map
+ linker. When using the GNU linker, you can also get the same effect with
+ @option{-Wl,-Map=output.map}.
+
++NOTE: In Alpine Linux, for LDFLAGS, the option
++@option{-Wl,-z,relro,now} is used. To disable, use @option{-Wl,-z,norelro}.
++
+ @item -u @var{symbol}
+ @opindex u
+ Pretend the symbol @var{symbol} is undefined, to force linking of
+Index: b/gcc/gcc.c
+===================================================================
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -890,6 +890,7 @@ proper position among the other output f
+ "%{flto|flto=*:%<fcompare-debug*} \
+ %{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC \
+ "%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \
++ "-z relro -z now " \
+ "%X %{o*} %{e*} %{N} %{n} %{r}\
+ %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}} " VTABLE_VERIFICATION_SPEC " \
+ %{static:} %{L*} %(mfwrap) %(link_libgcc) " SANITIZER_EARLY_SPEC " %o\