Attachment #98814 for bug #149292

Lines 379-384 Link Here

(-)/usr/portage/eclass/toolchain.eclass (-18 / +93 lines)
379	fi	379	fi
380	return 1	380	return 1
381	elif [[ $1 == "ssp" ]] ; then	381	elif [[ $1 == "ssp" ]] ; then
		382	gcc_has_native_ssp && return 0
382	[[ -z ${PP_VER} ]] && return 1	383	[[ -z ${PP_VER} ]] && return 1
383	hardened_gcc_is_stable ssp && return 0	384	hardened_gcc_is_stable ssp && return 0
384	if has ~$(tc-arch) ${ACCEPT_KEYWORDS} ; then	385	if has ~$(tc-arch) ${ACCEPT_KEYWORDS} ; then
Lines 450-455 Link Here
450	return 1	451	return 1
451	}	452	}
452		453
		454	gcc_has_native_ssp() {
		455	[[ ${GCCMAJOR} -lt 4 ]] && return 1
		456
		457	# gcc 4.1 and above have native ssp support
		458	[[ ( ${GCCMAJOR} -gt 4 \|\| ${GCCMINOR} -ge 1 ) ]] && return 0
		459
		460	# gcc 4.0 might have the gcc 4.1 ssp support backport applied
		461	grep -q TARGET_LIBC_PROVIDES_SSP ${S}/gcc/gcc.c
		462	}
		463
453	has_libssp() {	464	has_libssp() {
454	[[ -e /$(get_libdir)/libssp.so ]] && return 0	465	[[ -e /$(get_libdir)/libssp.so ]] && return 0
455	return 1	466	return 1
Lines 470-476 Link Here
470	}	481	}
471	want_boundschecking() { _want_stuff HTB_VER boundschecking ; }	482	want_boundschecking() { _want_stuff HTB_VER boundschecking ; }
472	want_pie() { _want_stuff PIE_VER !nopie ; }	483	want_pie() { _want_stuff PIE_VER !nopie ; }
473	want_ssp() { _want_stuff PP_VER !nossp ; }	484	want_ssp() { gcc_has_native_ssp \|\| _want_stuff PP_VER !nossp ; }
474		485
475	want_split_specs() {	486	want_split_specs() {
476	[[ ${SPLIT_SPECS} == "true" ]] && want_pie	487	[[ ${SPLIT_SPECS} == "true" ]] && want_pie
Lines 592-602 Link Here
592	popd > /dev/null	603	popd > /dev/null
593	eend $([[ -s ${WORKDIR}/build/${name}.specs ]] ; echo $?)	604	eend $([[ -s ${WORKDIR}/build/${name}.specs ]] ; echo $?)
594	}	605	}
595	create_vanilla_specs_file() { _create_specs_file hardened vanilla ; }	606
596	create_hardened_specs_file() { _create_specs_file !hardened hardened ${gcc_common_hard} -DEFAULT_PIE_SSP ; }	607	# requires the multi GCC_SPECS patch from kevquinn and pie-ssp >= 9.0.3
597	create_hardenednossp_specs_file() { _create_specs_file "" hardenednossp ${gcc_common_hard} -DEFAULT_PIE ; }	608	__create_specs_file() {
598	create_hardenednopie_specs_file() { _create_specs_file "" hardenednopie ${gcc_common_hard} -DEFAULT_SSP ; }	609	# Usage: __create_specs_file <USE flag> <specs name> <CFLAGS>
599	create_hardenednopiessp_specs_file() { _create_specs_file "" hardenednopiessp ${gcc_common_hard} ; }	610	local uflag=$1 name=$2 flags=${*:3}
		611	ebegin "Copying a ${name} gcc specs file"
		612	cp ${GCC_FILESDIR}/${name}.specs "${WORKDIR}"/build/ \|\| die "failed copying specs file"
		613	eend $([[ -s ${WORKDIR}/build/${name}.specs ]] ; echo $?)
		614	}
		615
		616	create_vanilla_specs_file() { __create_specs_file hardened vanilla ; }
		617	create_hardened_specs_file() { __create_specs_file !hardened hardened ${gcc_common_hard} -DEFAULT_PIE_SSP ; }
		618	create_hardenednossp_specs_file() { __create_specs_file "" hardenednossp ${gcc_common_hard} -DEFAULT_PIE ; }
		619	create_hardenednopie_specs_file() { __create_specs_file "" hardenednopie ${gcc_common_hard} -DEFAULT_SSP ; }
		620	create_hardenednopiessp_specs_file() { __create_specs_file "" hardenednopiessp ${gcc_common_hard} ; }
600		621
601	split_out_specs_files() {	622	split_out_specs_files() {
602	local s spec_list="hardenednopiessp vanilla"	623	local s spec_list="hardenednopiessp vanilla"
Lines 1021-1026 Link Here
1021	epatch "${WORKDIR}"/patch	1042	epatch "${WORKDIR}"/patch
1022	fi	1043	fi
1023	if [[ -n ${UCLIBC_VER} ]] ; then	1044	if [[ -n ${UCLIBC_VER} ]] ; then
		1045	if tc_version_is_at_least 4.1.2 ; then
		1046	if [[ ! -d libstdc++-v3/config/locale/uclibc ]] ; then
		1047	mkdir libstdc++-v3/config/locale/uclibc &&
		1048	cp libstdc++-v3/config/locale/gnu/* \
		1049	libstdc++-v3/config/locale/uclibc/
		1050	# gcc-4.2.0 has this already
		1051	if [[ ! -d libstdc++-v3/config/os/uclibc ]] ; then
		1052	mkdir libstdc++-v3/config/os/uclibc &&
		1053	cp libstdc++-v3/config/os/gnu-linux/* \
		1054	libstdc++-v3/config/os/uclibc/
		1055	fi
		1056	fi
		1057	fi
1024	guess_patch_type_in_dir "${WORKDIR}"/uclibc	1058	guess_patch_type_in_dir "${WORKDIR}"/uclibc
1025	EPATCH_MULTI_MSG="Applying uClibc patches ..." \	1059	EPATCH_MULTI_MSG="Applying uClibc patches ..." \
1026	epatch "${WORKDIR}"/uclibc	1060	epatch "${WORKDIR}"/uclibc
Lines 1294-1300 Link Here
1294	# for statically linked apps but not dynamic	1328	# for statically linked apps but not dynamic
1295	# so use setjmp/longjmp exceptions by default	1329	# so use setjmp/longjmp exceptions by default
1296	if [[ ${CTARGET} == -uclibc ]] ; then	1330	if [[ ${CTARGET} == -uclibc ]] ; then
1297	confgcc="${confgcc} --disable-__cxa_atexit --enable-target-optspace"	1331	[[ ${GCCMAJOR} < 4 ]] && confgcc="${confgcc} --enable-sjlj-exceptions"
		1332	confgcc="${confgcc} --enable-__cxa_atexit --enable-target-optspace"
1298	[[ ${GCCMAJOR}.${GCCMINOR} == 3.3 ]] && \	1333	[[ ${GCCMAJOR}.${GCCMINOR} == 3.3 ]] && \
1299	confgcc="${confgcc} --enable-sjlj-exceptions"	1334	confgcc="${confgcc} --enable-sjlj-exceptions"
1300	elif [[ ${CTARGET} == -gnu ]] ; then	1335	elif [[ ${CTARGET} == -gnu ]] ; then
Lines 1315-1320 Link Here
1315	einfo "Configuring GCC with: ${confgcc//--/\n\t--} ${@} ${EXTRA_ECONF}"	1350	einfo "Configuring GCC with: ${confgcc//--/\n\t--} ${@} ${EXTRA_ECONF}"
1316	echo	1351	echo
1317		1352
		1353	if ! ( use build \|\| use nocxx ) && [[ ${CTARGET} == -uclibc ]] ; then
		1354	pushd ${S}/libstdc++-v3
		1355	[[ ${GCCMAJOR}.${GCCMINOR} < 3.4 ]] && autoconf
		1356	popd
		1357	fi
		1358
1318	# Build in a separate build tree	1359	# Build in a separate build tree
1319	mkdir -p "${WORKDIR}"/build	1360	mkdir -p "${WORKDIR}"/build
1320	pushd "${WORKDIR}"/build > /dev/null	1361	pushd "${WORKDIR}"/build > /dev/null
Lines 1396-1401 Link Here
1396	BOOT_CFLAGS=${BOOT_CFLAGS-"$(get_abi_CFLAGS) ${CFLAGS}"}	1437	BOOT_CFLAGS=${BOOT_CFLAGS-"$(get_abi_CFLAGS) ${CFLAGS}"}
1397	fi	1438	fi
1398		1439
		1440	if gcc_has_native_ssp ; then
		1441	STAGE1_CFLAGS="${STAGE1_CFLAGS} -DTARGET_LIBC_PROVIDES_SSP"
		1442	BOOT_CFLAGS="${BOOT_CFLAGS} -DTARGET_LIBC_PROVIDES_SSP"
		1443	fi
		1444
1399	pushd "${WORKDIR}"/build	1445	pushd "${WORKDIR}"/build
1400	einfo "Running make LDFLAGS=\"${LDFLAGS}\" STAGE1_CFLAGS=\"${STAGE1_CFLAGS}\" LIBPATH=\"${LIBPATH}\" BOOT_CFLAGS=\"${BOOT_CFLAGS}\" ${GCC_MAKE_TARGET}"	1446	einfo "Running make LDFLAGS=\"${LDFLAGS}\" STAGE1_CFLAGS=\"${STAGE1_CFLAGS}\" LIBPATH=\"${LIBPATH}\" BOOT_CFLAGS=\"${BOOT_CFLAGS}\" ${GCC_MAKE_TARGET}"
1401		1447
Lines 1845-1851 Link Here
1845	[[ -n ${UCLIBC_VER} ]] && \	1891	[[ -n ${UCLIBC_VER} ]] && \
1846	unpack gcc-${UCLIBC_GCC_VER}-uclibc-patches-${UCLIBC_VER}.tar.bz2	1892	unpack gcc-${UCLIBC_GCC_VER}-uclibc-patches-${UCLIBC_VER}.tar.bz2
1847		1893
1848	if want_ssp ; then	1894	if want_ssp && ! gcc_has_native_ssp; then
1849	if [[ -n ${PP_FVER} ]] ; then	1895	if [[ -n ${PP_FVER} ]] ; then
1850	# The gcc 3.4 propolice versions are meant to be unpacked to ${S}	1896	# The gcc 3.4 propolice versions are meant to be unpacked to ${S}
1851	pushd ${S:-$(gcc_get_s_dir)} > /dev/null	1897	pushd ${S:-$(gcc_get_s_dir)} > /dev/null
Lines 1935-1940 Link Here
1935	return 0	1981	return 0
1936	fi	1982	fi
1937		1983
		1984	if ! gcc_has_native_ssp ; then
1938	local ssppatch	1985	local ssppatch
1939	local sspdocs	1986	local sspdocs
1940		1987
Lines 1969-1998 Link Here
1969	if [[ ${PN} == "gcc" && ${sspdocs} == "no" ]] ; then	2016	if [[ ${PN} == "gcc" && ${sspdocs} == "no" ]] ; then
1970	epatch "${GCC_FILESDIR}"/pro-police-docs.patch	2017	epatch "${GCC_FILESDIR}"/pro-police-docs.patch
1971	fi	2018	fi
		2019	# gcc_has_native_ssp
		2020	fi
1972		2021
1973	# Don't build crtbegin/end with ssp	2022	# Don't build crtbegin/end with ssp
1974	sed -e 's\|^CRTSTUFF_CFLAGS = \|CRTSTUFF_CFLAGS = -fno-stack-protector \|'\	2023	sed -e 's\|^CRTSTUFF_CFLAGS = \|CRTSTUFF_CFLAGS = -fno-stack-protector \|'\
1975	-i gcc/Makefile.in \|\| die "Failed to update crtstuff!"	2024	-i gcc/Makefile.in \|\| die "Failed to update crtstuff!"
1976		2025
		2026	# Don't build libgcc with ssp
		2027	sed -e 's\|^LIBGCC2_CFLAGS = \|LIBGCC2_CFLAGS = -fno-stack-protector \|'\
		2028	-i gcc/Makefile.in \|\| die "Failed to update gcc!"
		2029
1977	# if gcc in a stage3 defaults to ssp, is version 3.4.0 and a stage1 is built	2030	# if gcc in a stage3 defaults to ssp, is version 3.4.0 and a stage1 is built
1978	# the build fails building timevar.o w/:	2031	# the build fails building timevar.o (3.4.x) or ggc-common.o (4.x) w/:
1979	# cc1: stack smashing attack in function ix86_split_to_parts()	2032	# cc1: stack smashing attack in function ix86_split_to_parts()
1980	if use build && tc_version_is_at_least 3.4.0 ; then	2033	# it fails also on normal update from 3.4.4 to 4.x
1981	if gcc -dumpspecs \| grep -q "fno-stack-protector:" ; then	2034	# this should be moved out of do_GCC_ssp_patches(), because it fails if gcc
1982	epatch "${GCC_FILESDIR}"/3.4.0/gcc-3.4.0-cc1-no-stack-protector.patch	2035	# is hardened, but we build w/ nossp as well
		2036	if tc_version_is_at_least 3.4.0 ; then
		2037	# useless check
		2038	#if gcc -dumpspecs \| grep -q "fno-stack-protector:" ; then
		2039	if tc_version_is_at_least 4.0.0 ; then
		2040	if [[ ${GCCMINOR} -lt 2 ]] ; then
		2041	epatch "${GCC_FILESDIR}"/4.0.2/gcc-4.0.2-cc1-no-stack-protector.patch
		2042	else
		2043	epatch "${GCC_FILESDIR}"/4.2.0/gcc-4.2.0-cc1-no-stack-protector.patch
		2044	fi
		2045	else
		2046	epatch "${GCC_FILESDIR}"/3.4.0/gcc-3.4.0-cc1-no-stack-protector.patch
		2047	fi
		2048	#fi
		2049	fi
		2050
		2051	if gcc_has_native_ssp ; then
		2052	if [[ ${GCCMAJOR}.${GCCMINOR} == 4.0 ]] ; then
		2053	# Indicate that ssp support is a backport
		2054	release_version="${release_version}, ssp-4.1-backport"
1983	fi	2055	fi
		2056	else
		2057	release_version="${release_version}, ssp-${PP_FVER:-${PP_GCC_VER}-${PP_VER}}"
1984	fi	2058	fi
1985		2059
1986	release_version="${release_version}, ssp-${PP_FVER:-${PP_GCC_VER}-${PP_VER}}"
1987	if want_libssp ; then	2060	if want_libssp ; then
1988	update_gcc_for_libssp	2061	update_gcc_for_libssp
1989	else	2062	else
1990	update_gcc_for_libc_ssp	2063	update_gcc_for_libc_ssp
1991	fi	2064	fi
1992
1993	# Don't build libgcc with ssp
1994	sed -e 's\|^$LIBGCC2_CFLAGS.*$$\|\1 -fno-stack-protector\|' \
1995	-i gcc/Makefile.in \|\| die "Failed to update gcc!"
1996	}	2065	}
1997		2066
1998	# If glibc or uclibc has been patched to provide the necessary symbols itself,	2067	# If glibc or uclibc has been patched to provide the necessary symbols itself,
Lines 2000-2007 Link Here
2000	update_gcc_for_libc_ssp() {	2069	update_gcc_for_libc_ssp() {
2001	if libc_has_ssp ; then	2070	if libc_has_ssp ; then
2002	einfo "Updating gcc to use SSP from libc ..."	2071	einfo "Updating gcc to use SSP from libc ..."
2003	sed -e 's\|^$LIBGCC2_CFLAGS.*$$\|\1 -D_LIBC_PROVIDES_SSP_\|' \	2072	if ! gcc_has_native_ssp ; then
		2073	# we should better correct the configure check for this, uclibc ok
		2074	#sed -e 's\|^LIBGCC2_CFLAGS = \|LIBGCC2_CFLAGS = -DTARGET_LIBC_PROVIDES_SSP \|'\
		2075	#-i "${S}"/gcc/Makefile.in \|\| die "Failed to update gcc!"
		2076	#else
		2077	sed -e 's\|^LIBGCC2_CFLAGS = \|LIBGCC2_CFLAGS = -D_LIBC_PROVIDES_SSP_ \|'\
2004	-i "${S}"/gcc/Makefile.in \|\| die "Failed to update gcc!"	2078	-i "${S}"/gcc/Makefile.in \|\| die "Failed to update gcc!"
		2079	fi
2005	fi	2080	fi
2006	}	2081	}
2007		2082

Return to bug 149292