Attachment #366644 for bug #484714

Lines 473-479 toolchain_src_prepare() { Link Here

(-)a/eclass/toolchain.eclass (-26 / +34 lines)
473	do_gcc_PIE_patches	473	do_gcc_PIE_patches
474	epatch_user	474	epatch_user
475		475
476	use hardened && make_gcc_hard	476	if ( tc_version_is_at_least 4.8 \|\| use hardened ) && ! use vanilla ; then
		477	make_gcc_hard
		478	fi
477		479
478	# install the libstdc++ python into the right location	480	# install the libstdc++ python into the right location
479	# http://gcc.gnu.org/PR51368	481	# http://gcc.gnu.org/PR51368
Lines 606-611 do_gcc_PIE_patches() { Link Here
606	epatch "${WORKDIR}"/piepatch/def	608	epatch "${WORKDIR}"/piepatch/def
607	fi	609	fi
608		610
		611	BRANDING_GCC_PKGVERSION="${BRANDING_GCC_PKGVERSION}, pie-${PIE_VER}"
		612	}
		613
		614	# configure to build with the hardened GCC specs as the default
		615	make_gcc_hard() {
		616
609	# we want to be able to control the pie patch logic via something other	617	# we want to be able to control the pie patch logic via something other
610	# than ALL_CFLAGS...	618	# than ALL_CFLAGS...
611	sed -e '/^ALL_CFLAGS/iHARD_CFLAGS = ' \	619	sed -e '/^ALL_CFLAGS/iHARD_CFLAGS = ' \
Lines 618-655 do_gcc_PIE_patches() { Link Here
618	-i "${S}"/gcc/Makefile.in	626	-i "${S}"/gcc/Makefile.in
619	fi	627	fi
620		628
621	BRANDING_GCC_PKGVERSION="${BRANDING_GCC_PKGVERSION}, pie-${PIE_VER}"	629	# defaults to enable for all toolchains
622	}	630	local gcc_hard_flags=""
623		631	if use hardened ; then
624	# configure to build with the hardened GCC specs as the default	632	if hardened_gcc_works ; then
625	make_gcc_hard() {	633	einfo "Updating gcc to use automatic PIE + SSP building ..."
626	# defaults to enable for all hardened toolchains	634	gcc_hard_flags+=" -DEFAULT_PIE_SSP"
627	local gcc_hard_flags="-DEFAULT_RELRO -DEFAULT_BIND_NOW"	635	elif hardened_gcc_works pie ; then
628		636	einfo "Updating gcc to use automatic PIE building ..."
629	if hardened_gcc_works ; then	637	ewarn "SSP has not been enabled by default"
630	einfo "Updating gcc to use automatic PIE + SSP building ..."	638	gcc_hard_flags+=" -DEFAULT_PIE"
631	gcc_hard_flags+=" -DEFAULT_PIE_SSP"	639	elif hardened_gcc_works ssp ; then
632	elif hardened_gcc_works pie ; then	640	einfo "Updating gcc to use automatic SSP building ..."
633	einfo "Updating gcc to use automatic PIE building ..."	641	ewarn "PIE has not been enabled by default"
634	ewarn "SSP has not been enabled by default"	642	gcc_hard_flags+=" -DEFAULT_SSP"
635	gcc_hard_flags+=" -DEFAULT_PIE"	643	else
636	elif hardened_gcc_works ssp ; then	644	# do nothing if hardened is't supported, but don't die either
637	einfo "Updating gcc to use automatic SSP building ..."	645	ewarn "hardened is not supported for this arch in this gcc version"
638	ewarn "PIE has not been enabled by default"	646	return 0
639	gcc_hard_flags+=" -DEFAULT_SSP"	647	fi
		648	# rebrand to make bug reports easier
		649	BRANDING_GCC_PKGVERSION=${BRANDING_GCC_PKGVERSION/Gentoo/Gentoo Hardened}
640	else	650	else
641	# do nothing if hardened isnt supported, but dont die either	651	if hardened_gcc_works ssp ; then
642	ewarn "hardened is not supported for this arch in this gcc version"	652	einfo "Updating gcc to use automatic SSP building ..."
643	ebeep	653	gcc_hard_flags+=" -DEFAULT_SSP"
644	return 0	654	fi
645	fi	655	fi
646		656
647	sed -i \	657	sed -i \
648	-e "/^HARD_CFLAGS = /s\|=\|= ${gcc_hard_flags} \|" \	658	-e "/^HARD_CFLAGS = /s\|=\|= ${gcc_hard_flags} \|" \
649	"${S}"/gcc/Makefile.in \|\| die	659	"${S}"/gcc/Makefile.in \|\| die
650		660
651	# rebrand to make bug reports easier
652	BRANDING_GCC_PKGVERSION=${BRANDING_GCC_PKGVERSION/Gentoo/Gentoo Hardened}
653	}	661	}
654		662
655	# This is a historical wart. The original Gentoo/amd64 port used:	663	# This is a historical wart. The original Gentoo/amd64 port used:

Return to bug 484714