Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 65779 Details for
Bug 100689
(highly experimental) hardened gcc 4.0.x
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
toolchain.eclass modifications to make it aware of gcc-4.x style native ssp support
toolchain.eclass.patch (text/plain), 3.44 KB, created by
Christophe Saout
on 2005-08-12 12:21:25 UTC
(
hide
)
Description:
toolchain.eclass modifications to make it aware of gcc-4.x style native ssp support
Filename:
MIME Type:
Creator:
Christophe Saout
Created:
2005-08-12 12:21:25 UTC
Size:
3.44 KB
patch
obsolete
>--- toolchain.eclass 2005-08-12 20:58:36.000000000 +0200 >+++ www/saout/gentoo/gcc/testing/toolchain.eclass 2005-08-12 21:00:52.000000000 +0200 >@@ -331,7 +331,9 @@ > fi > return 1 > elif [[ $1 == "ssp" ]] ; then >- [[ -z ${PP_VER} ]] && return 1 >+ if ! gcc_has_native_ssp ; then >+ [[ -z ${PP_VER} ]] && return 1 >+ fi > hardened_gcc_is_stable ssp && return 0 > if has ~$(tc-arch) ${ACCEPT_KEYWORDS} ; then > hardened_gcc_check_unsupported ssp && return 1 >@@ -402,6 +404,16 @@ > return 1 > } > >+gcc_has_native_ssp() { >+ [[ ${GCCMAJOR} -lt 4 ]] && return 1 >+ >+ # gcc 4.1 and above have native ssp support >+ [[ ( ${GCCMAJOR} -gt 4 || ${GCCMINOR} -ge 1 ) ]] && return 0 >+ >+ # gcc 4.0 might have the gcc 4.1 ssp support backport applied >+ grep -q '^fstack-protector' ${S}/gcc/common.opt >+} >+ > has_libssp() { > [[ -e /$(get_libdir)/libssp.so ]] && return 0 > return 1 >@@ -422,7 +434,7 @@ > } > want_boundschecking() { _want_stuff HTB_VER boundschecking ; } > want_pie() { _want_stuff PIE_VER !nopie ; } >-want_ssp() { _want_stuff PP_VER !nossp ; } >+want_ssp() { gcc_has_native_ssp || _want_stuff PP_VER !nossp ; } > > want_split_specs() { > [[ ${SPLIT_SPECS} == "true" ]] && want_pie >@@ -455,18 +467,24 @@ > > local my_libc=${ROOT}/${libc_prefix}/${libc_file} > >- # Check for the libc to have the __guard symbols >- if [[ -n $(readelf -s "${my_libc}" 2>/dev/null | \ >- grep 'OBJECT.*GLOBAL.*__guard') ]] && \ >- [[ -n $(readelf -s "${my_libc}" 2>/dev/null | \ >- grep 'FUNC.*GLOBAL.*__stack_smash_handler') ]] >- then >+ if [[ ${GCCMAJOR} -ge 4 ]] ; then >+ # Check for the libc to have the __stack_chk symbols >+ [[ -n $(readelf -s "${my_libc}" 2>/dev/null | \ >+ grep 'FUNC.*GLOBAL.*__stack_chk_fail') ]] && \ > return 0 >- elif is_crosscompile ; then >- die "'${my_libc}' was detected w/out ssp, that sucks (a lot)" > else >- return 1 >+ # Check for the libc to have the __guard symbols >+ [[ -n $(readelf -s "${my_libc}" 2>/dev/null | \ >+ grep 'OBJECT.*GLOBAL.*__guard') ]] && \ >+ [[ -n $(readelf -s "${my_libc}" 2>/dev/null | \ >+ grep 'FUNC.*GLOBAL.*__stack_smash_handler') ]] && \ >+ return 0 > fi >+ >+ is_crosscompile && \ >+ die "'${my_libc}' was detected w/out ssp, that sucks (a lot)" >+ >+ return 1 > } > > # This is to make sure we don't accidentally try to enable support for a >@@ -1209,6 +1227,11 @@ > BOOT_CFLAGS=${BOOT_CFLAGS-"$(get_abi_CFLAGS) ${CFLAGS}"} > fi > >+ if S=${OLDS} gcc_has_native_ssp ; then >+ STAGE1_CFLAGS="${STAGE1_CFLAGS} -DTARGET_LIBC_PROVIDES_SSP" >+ BOOT_CFLAGS="${BOOT_CFLAGS} -DTARGET_LIBC_PROVIDES_SSP" >+ fi >+ > pushd ${WORKDIR}/build > einfo "Running make LDFLAGS=\"${LDFLAGS}\" STAGE1_CFLAGS=\"${STAGE1_CFLAGS}\" LIBPATH=\"${LIBPATH}\" BOOT_CFLAGS=\"${BOOT_CFLAGS}\" ${GCC_MAKE_TARGET}" > >@@ -1677,7 +1700,7 @@ > [[ -n ${UCLIBC_VER} ]] && \ > unpack ${PN}-${UCLIBC_GCC_VER}-uclibc-patches-${UCLIBC_VER}.tar.bz2 > >- if want_ssp ; then >+ if want_ssp && ! gcc_has_native_ssp; then > if [[ -n ${PP_FVER} ]] ; then > # The gcc 3.4 propolice versions are meant to be unpacked to ${S} > pushd ${S:-$(gcc_get_s_dir)} > /dev/null >@@ -1758,6 +1781,14 @@ > > # patch in ProPolice Stack Smashing protection > do_gcc_SSP_patches() { >+ if gcc_has_native_ssp ; then >+ if [[ ${GCCMAJOR}.${GCCMINOR} == 4.0 ]] ; then >+ # Indicate that ssp support is a backport >+ release_version="${release_version}, ssp-4.1-backport" >+ fi >+ return 0 >+ fi >+ > # PARISC has no love ... it's our stack :( > if [[ $(tc-arch) == "hppa" ]] || \ > ! want_ssp || \
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=65779">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 100689
:
65779
|
65785
