Lines 331-337
Link Here
|
331 |
fi |
331 |
fi |
332 |
return 1 |
332 |
return 1 |
333 |
elif [[ $1 == "ssp" ]] ; then |
333 |
elif [[ $1 == "ssp" ]] ; then |
334 |
[[ -z ${PP_VER} ]] && return 1 |
334 |
if ! gcc_has_native_ssp ; then |
|
|
335 |
[[ -z ${PP_VER} ]] && return 1 |
336 |
fi |
335 |
hardened_gcc_is_stable ssp && return 0 |
337 |
hardened_gcc_is_stable ssp && return 0 |
336 |
if has ~$(tc-arch) ${ACCEPT_KEYWORDS} ; then |
338 |
if has ~$(tc-arch) ${ACCEPT_KEYWORDS} ; then |
337 |
hardened_gcc_check_unsupported ssp && return 1 |
339 |
hardened_gcc_check_unsupported ssp && return 1 |
Lines 402-407
Link Here
|
402 |
return 1 |
404 |
return 1 |
403 |
} |
405 |
} |
404 |
|
406 |
|
|
|
407 |
gcc_has_native_ssp() { |
408 |
[[ ${GCCMAJOR} -lt 4 ]] && return 1 |
409 |
|
410 |
# gcc 4.1 and above have native ssp support |
411 |
[[ ( ${GCCMAJOR} -gt 4 || ${GCCMINOR} -ge 1 ) ]] && return 0 |
412 |
|
413 |
# gcc 4.0 might have the gcc 4.1 ssp support backport applied |
414 |
grep -q '^fstack-protector' ${S}/gcc/common.opt |
415 |
} |
416 |
|
405 |
has_libssp() { |
417 |
has_libssp() { |
406 |
[[ -e /$(get_libdir)/libssp.so ]] && return 0 |
418 |
[[ -e /$(get_libdir)/libssp.so ]] && return 0 |
407 |
return 1 |
419 |
return 1 |
Lines 422-428
Link Here
|
422 |
} |
434 |
} |
423 |
want_boundschecking() { _want_stuff HTB_VER boundschecking ; } |
435 |
want_boundschecking() { _want_stuff HTB_VER boundschecking ; } |
424 |
want_pie() { _want_stuff PIE_VER !nopie ; } |
436 |
want_pie() { _want_stuff PIE_VER !nopie ; } |
425 |
want_ssp() { _want_stuff PP_VER !nossp ; } |
437 |
want_ssp() { gcc_has_native_ssp || _want_stuff PP_VER !nossp ; } |
426 |
|
438 |
|
427 |
want_split_specs() { |
439 |
want_split_specs() { |
428 |
[[ ${SPLIT_SPECS} == "true" ]] && want_pie |
440 |
[[ ${SPLIT_SPECS} == "true" ]] && want_pie |
Lines 455-472
Link Here
|
455 |
|
467 |
|
456 |
local my_libc=${ROOT}/${libc_prefix}/${libc_file} |
468 |
local my_libc=${ROOT}/${libc_prefix}/${libc_file} |
457 |
|
469 |
|
458 |
# Check for the libc to have the __guard symbols |
470 |
if [[ ${GCCMAJOR} -ge 4 ]] ; then |
459 |
if [[ -n $(readelf -s "${my_libc}" 2>/dev/null | \ |
471 |
# Check for the libc to have the __stack_chk symbols |
460 |
grep 'OBJECT.*GLOBAL.*__guard') ]] && \ |
472 |
[[ -n $(readelf -s "${my_libc}" 2>/dev/null | \ |
461 |
[[ -n $(readelf -s "${my_libc}" 2>/dev/null | \ |
473 |
grep 'FUNC.*GLOBAL.*__stack_chk_fail') ]] && \ |
462 |
grep 'FUNC.*GLOBAL.*__stack_smash_handler') ]] |
|
|
463 |
then |
464 |
return 0 |
474 |
return 0 |
465 |
elif is_crosscompile ; then |
|
|
466 |
die "'${my_libc}' was detected w/out ssp, that sucks (a lot)" |
467 |
else |
475 |
else |
468 |
return 1 |
476 |
# Check for the libc to have the __guard symbols |
|
|
477 |
[[ -n $(readelf -s "${my_libc}" 2>/dev/null | \ |
478 |
grep 'OBJECT.*GLOBAL.*__guard') ]] && \ |
479 |
[[ -n $(readelf -s "${my_libc}" 2>/dev/null | \ |
480 |
grep 'FUNC.*GLOBAL.*__stack_smash_handler') ]] && \ |
481 |
return 0 |
469 |
fi |
482 |
fi |
|
|
483 |
|
484 |
is_crosscompile && \ |
485 |
die "'${my_libc}' was detected w/out ssp, that sucks (a lot)" |
486 |
|
487 |
return 1 |
470 |
} |
488 |
} |
471 |
|
489 |
|
472 |
# This is to make sure we don't accidentally try to enable support for a |
490 |
# This is to make sure we don't accidentally try to enable support for a |
Lines 1209-1214
Link Here
|
1209 |
BOOT_CFLAGS=${BOOT_CFLAGS-"$(get_abi_CFLAGS) ${CFLAGS}"} |
1227 |
BOOT_CFLAGS=${BOOT_CFLAGS-"$(get_abi_CFLAGS) ${CFLAGS}"} |
1210 |
fi |
1228 |
fi |
1211 |
|
1229 |
|
|
|
1230 |
if S=${OLDS} gcc_has_native_ssp ; then |
1231 |
STAGE1_CFLAGS="${STAGE1_CFLAGS} -DTARGET_LIBC_PROVIDES_SSP" |
1232 |
BOOT_CFLAGS="${BOOT_CFLAGS} -DTARGET_LIBC_PROVIDES_SSP" |
1233 |
fi |
1234 |
|
1212 |
pushd ${WORKDIR}/build |
1235 |
pushd ${WORKDIR}/build |
1213 |
einfo "Running make LDFLAGS=\"${LDFLAGS}\" STAGE1_CFLAGS=\"${STAGE1_CFLAGS}\" LIBPATH=\"${LIBPATH}\" BOOT_CFLAGS=\"${BOOT_CFLAGS}\" ${GCC_MAKE_TARGET}" |
1236 |
einfo "Running make LDFLAGS=\"${LDFLAGS}\" STAGE1_CFLAGS=\"${STAGE1_CFLAGS}\" LIBPATH=\"${LIBPATH}\" BOOT_CFLAGS=\"${BOOT_CFLAGS}\" ${GCC_MAKE_TARGET}" |
1214 |
|
1237 |
|
Lines 1677-1683
Link Here
|
1677 |
[[ -n ${UCLIBC_VER} ]] && \ |
1700 |
[[ -n ${UCLIBC_VER} ]] && \ |
1678 |
unpack ${PN}-${UCLIBC_GCC_VER}-uclibc-patches-${UCLIBC_VER}.tar.bz2 |
1701 |
unpack ${PN}-${UCLIBC_GCC_VER}-uclibc-patches-${UCLIBC_VER}.tar.bz2 |
1679 |
|
1702 |
|
1680 |
if want_ssp ; then |
1703 |
if want_ssp && ! gcc_has_native_ssp; then |
1681 |
if [[ -n ${PP_FVER} ]] ; then |
1704 |
if [[ -n ${PP_FVER} ]] ; then |
1682 |
# The gcc 3.4 propolice versions are meant to be unpacked to ${S} |
1705 |
# The gcc 3.4 propolice versions are meant to be unpacked to ${S} |
1683 |
pushd ${S:-$(gcc_get_s_dir)} > /dev/null |
1706 |
pushd ${S:-$(gcc_get_s_dir)} > /dev/null |
Lines 1758-1763
Link Here
|
1758 |
|
1781 |
|
1759 |
# patch in ProPolice Stack Smashing protection |
1782 |
# patch in ProPolice Stack Smashing protection |
1760 |
do_gcc_SSP_patches() { |
1783 |
do_gcc_SSP_patches() { |
|
|
1784 |
if gcc_has_native_ssp ; then |
1785 |
if [[ ${GCCMAJOR}.${GCCMINOR} == 4.0 ]] ; then |
1786 |
# Indicate that ssp support is a backport |
1787 |
release_version="${release_version}, ssp-4.1-backport" |
1788 |
fi |
1789 |
return 0 |
1790 |
fi |
1791 |
|
1761 |
# PARISC has no love ... it's our stack :( |
1792 |
# PARISC has no love ... it's our stack :( |
1762 |
if [[ $(tc-arch) == "hppa" ]] || \ |
1793 |
if [[ $(tc-arch) == "hppa" ]] || \ |
1763 |
! want_ssp || \ |
1794 |
! want_ssp || \ |