Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 98814 Details for
Bug 149292
sys-devel/gcc-4.1.1 fails to compile on hardened sys-libs/uclibc due to stack smashing attack in ix86_split_to_parts()
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
toolchain.eclass diff for gcc-4.1 hardened
toolchain.eclass.diff (text/plain), 7.89 KB, created by
Peter S. Mazinger
on 2006-10-05 00:32:22 UTC
(
hide
)
Description:
toolchain.eclass diff for gcc-4.1 hardened
Filename:
MIME Type:
Creator:
Peter S. Mazinger
Created:
2006-10-05 00:32:22 UTC
Size:
7.89 KB
patch
obsolete
>--- /usr/portage/eclass/toolchain.eclass 2006-09-30 01:35:46 +0200 >+++ ./toolchain.eclass 2006-10-04 21:17:57 +0200 >@@ -379,6 +379,7 @@ > fi > return 1 > elif [[ $1 == "ssp" ]] ; then >+ gcc_has_native_ssp && return 0 > [[ -z ${PP_VER} ]] && return 1 > hardened_gcc_is_stable ssp && return 0 > if has ~$(tc-arch) ${ACCEPT_KEYWORDS} ; then >@@ -450,6 +451,16 @@ > return 1 > } > >+gcc_has_native_ssp() { >+ [[ ${GCCMAJOR} -lt 4 ]] && return 1 >+ >+ # gcc 4.1 and above have native ssp support >+ [[ ( ${GCCMAJOR} -gt 4 || ${GCCMINOR} -ge 1 ) ]] && return 0 >+ >+ # gcc 4.0 might have the gcc 4.1 ssp support backport applied >+ grep -q TARGET_LIBC_PROVIDES_SSP ${S}/gcc/gcc.c >+} >+ > has_libssp() { > [[ -e /$(get_libdir)/libssp.so ]] && return 0 > return 1 >@@ -470,7 +481,7 @@ > } > want_boundschecking() { _want_stuff HTB_VER boundschecking ; } > want_pie() { _want_stuff PIE_VER !nopie ; } >-want_ssp() { _want_stuff PP_VER !nossp ; } >+want_ssp() { gcc_has_native_ssp || _want_stuff PP_VER !nossp ; } > > want_split_specs() { > [[ ${SPLIT_SPECS} == "true" ]] && want_pie >@@ -592,11 +603,21 @@ > popd > /dev/null > eend $([[ -s ${WORKDIR}/build/${name}.specs ]] ; echo $?) > } >-create_vanilla_specs_file() { _create_specs_file hardened vanilla ; } >-create_hardened_specs_file() { _create_specs_file !hardened hardened ${gcc_common_hard} -DEFAULT_PIE_SSP ; } >-create_hardenednossp_specs_file() { _create_specs_file "" hardenednossp ${gcc_common_hard} -DEFAULT_PIE ; } >-create_hardenednopie_specs_file() { _create_specs_file "" hardenednopie ${gcc_common_hard} -DEFAULT_SSP ; } >-create_hardenednopiessp_specs_file() { _create_specs_file "" hardenednopiessp ${gcc_common_hard} ; } >+ >+# requires the multi GCC_SPECS patch from kevquinn and pie-ssp >= 9.0.3 >+__create_specs_file() { >+ # Usage: __create_specs_file <USE flag> <specs name> <CFLAGS> >+ local uflag=$1 name=$2 flags=${*:3} >+ ebegin "Copying a ${name} gcc specs file" >+ cp ${GCC_FILESDIR}/${name}.specs "${WORKDIR}"/build/ || die "failed copying specs file" >+ eend $([[ -s ${WORKDIR}/build/${name}.specs ]] ; echo $?) >+} >+ >+create_vanilla_specs_file() { __create_specs_file hardened vanilla ; } >+create_hardened_specs_file() { __create_specs_file !hardened hardened ${gcc_common_hard} -DEFAULT_PIE_SSP ; } >+create_hardenednossp_specs_file() { __create_specs_file "" hardenednossp ${gcc_common_hard} -DEFAULT_PIE ; } >+create_hardenednopie_specs_file() { __create_specs_file "" hardenednopie ${gcc_common_hard} -DEFAULT_SSP ; } >+create_hardenednopiessp_specs_file() { __create_specs_file "" hardenednopiessp ${gcc_common_hard} ; } > > split_out_specs_files() { > local s spec_list="hardenednopiessp vanilla" >@@ -1021,6 +1042,19 @@ > epatch "${WORKDIR}"/patch > fi > if [[ -n ${UCLIBC_VER} ]] ; then >+ if tc_version_is_at_least 4.1.2 ; then >+ if [[ ! -d libstdc++-v3/config/locale/uclibc ]] ; then >+ mkdir libstdc++-v3/config/locale/uclibc && >+ cp libstdc++-v3/config/locale/gnu/* \ >+ libstdc++-v3/config/locale/uclibc/ >+ # gcc-4.2.0 has this already >+ if [[ ! -d libstdc++-v3/config/os/uclibc ]] ; then >+ mkdir libstdc++-v3/config/os/uclibc && >+ cp libstdc++-v3/config/os/gnu-linux/* \ >+ libstdc++-v3/config/os/uclibc/ >+ fi >+ fi >+ fi > guess_patch_type_in_dir "${WORKDIR}"/uclibc > EPATCH_MULTI_MSG="Applying uClibc patches ..." \ > epatch "${WORKDIR}"/uclibc >@@ -1294,7 +1328,8 @@ > # for statically linked apps but not dynamic > # so use setjmp/longjmp exceptions by default > if [[ ${CTARGET} == *-uclibc* ]] ; then >- confgcc="${confgcc} --disable-__cxa_atexit --enable-target-optspace" >+ [[ ${GCCMAJOR} < 4 ]] && confgcc="${confgcc} --enable-sjlj-exceptions" >+ confgcc="${confgcc} --enable-__cxa_atexit --enable-target-optspace" > [[ ${GCCMAJOR}.${GCCMINOR} == 3.3 ]] && \ > confgcc="${confgcc} --enable-sjlj-exceptions" > elif [[ ${CTARGET} == *-gnu* ]] ; then >@@ -1315,6 +1350,12 @@ > einfo "Configuring GCC with: ${confgcc//--/\n\t--} ${@} ${EXTRA_ECONF}" > echo > >+ if ! ( use build || use nocxx ) && [[ ${CTARGET} == *-uclibc* ]] ; then >+ pushd ${S}/libstdc++-v3 >+ [[ ${GCCMAJOR}.${GCCMINOR} < 3.4 ]] && autoconf >+ popd >+ fi >+ > # Build in a separate build tree > mkdir -p "${WORKDIR}"/build > pushd "${WORKDIR}"/build > /dev/null >@@ -1396,6 +1437,11 @@ > BOOT_CFLAGS=${BOOT_CFLAGS-"$(get_abi_CFLAGS) ${CFLAGS}"} > fi > >+ if gcc_has_native_ssp ; then >+ STAGE1_CFLAGS="${STAGE1_CFLAGS} -DTARGET_LIBC_PROVIDES_SSP" >+ BOOT_CFLAGS="${BOOT_CFLAGS} -DTARGET_LIBC_PROVIDES_SSP" >+ fi >+ > pushd "${WORKDIR}"/build > einfo "Running make LDFLAGS=\"${LDFLAGS}\" STAGE1_CFLAGS=\"${STAGE1_CFLAGS}\" LIBPATH=\"${LIBPATH}\" BOOT_CFLAGS=\"${BOOT_CFLAGS}\" ${GCC_MAKE_TARGET}" > >@@ -1845,7 +1891,7 @@ > [[ -n ${UCLIBC_VER} ]] && \ > unpack gcc-${UCLIBC_GCC_VER}-uclibc-patches-${UCLIBC_VER}.tar.bz2 > >- if want_ssp ; then >+ if want_ssp && ! gcc_has_native_ssp; then > if [[ -n ${PP_FVER} ]] ; then > # The gcc 3.4 propolice versions are meant to be unpacked to ${S} > pushd ${S:-$(gcc_get_s_dir)} > /dev/null >@@ -1935,6 +1981,7 @@ > return 0 > fi > >+ if ! gcc_has_native_ssp ; then > local ssppatch > local sspdocs > >@@ -1969,30 +2016,52 @@ > if [[ ${PN} == "gcc" && ${sspdocs} == "no" ]] ; then > epatch "${GCC_FILESDIR}"/pro-police-docs.patch > fi >+# gcc_has_native_ssp >+ fi > > # Don't build crtbegin/end with ssp > sed -e 's|^CRTSTUFF_CFLAGS = |CRTSTUFF_CFLAGS = -fno-stack-protector |'\ > -i gcc/Makefile.in || die "Failed to update crtstuff!" > >+ # Don't build libgcc with ssp >+ sed -e 's|^LIBGCC2_CFLAGS = |LIBGCC2_CFLAGS = -fno-stack-protector |'\ >+ -i gcc/Makefile.in || die "Failed to update gcc!" >+ > # if gcc in a stage3 defaults to ssp, is version 3.4.0 and a stage1 is built >- # the build fails building timevar.o w/: >+ # the build fails building timevar.o (3.4.x) or ggc-common.o (4.x) w/: > # cc1: stack smashing attack in function ix86_split_to_parts() >- if use build && tc_version_is_at_least 3.4.0 ; then >- if gcc -dumpspecs | grep -q "fno-stack-protector:" ; then >- epatch "${GCC_FILESDIR}"/3.4.0/gcc-3.4.0-cc1-no-stack-protector.patch >+ # it fails also on normal update from 3.4.4 to 4.x >+ # this should be moved out of do_GCC_ssp_patches(), because it fails if gcc >+ # is hardened, but we build w/ nossp as well >+ if tc_version_is_at_least 3.4.0 ; then >+ # useless check >+ #if gcc -dumpspecs | grep -q "fno-stack-protector:" ; then >+ if tc_version_is_at_least 4.0.0 ; then >+ if [[ ${GCCMINOR} -lt 2 ]] ; then >+ epatch "${GCC_FILESDIR}"/4.0.2/gcc-4.0.2-cc1-no-stack-protector.patch >+ else >+ epatch "${GCC_FILESDIR}"/4.2.0/gcc-4.2.0-cc1-no-stack-protector.patch >+ fi >+ else >+ epatch "${GCC_FILESDIR}"/3.4.0/gcc-3.4.0-cc1-no-stack-protector.patch >+ fi >+ #fi >+ fi >+ >+ if gcc_has_native_ssp ; then >+ if [[ ${GCCMAJOR}.${GCCMINOR} == 4.0 ]] ; then >+ # Indicate that ssp support is a backport >+ release_version="${release_version}, ssp-4.1-backport" > fi >+ else >+ release_version="${release_version}, ssp-${PP_FVER:-${PP_GCC_VER}-${PP_VER}}" > fi > >- release_version="${release_version}, ssp-${PP_FVER:-${PP_GCC_VER}-${PP_VER}}" > if want_libssp ; then > update_gcc_for_libssp > else > update_gcc_for_libc_ssp > fi >- >- # Don't build libgcc with ssp >- sed -e 's|^\(LIBGCC2_CFLAGS.*\)$|\1 -fno-stack-protector|' \ >- -i gcc/Makefile.in || die "Failed to update gcc!" > } > > # If glibc or uclibc has been patched to provide the necessary symbols itself, >@@ -2000,8 +2069,14 @@ > update_gcc_for_libc_ssp() { > if libc_has_ssp ; then > einfo "Updating gcc to use SSP from libc ..." >- sed -e 's|^\(LIBGCC2_CFLAGS.*\)$|\1 -D_LIBC_PROVIDES_SSP_|' \ >+ if ! gcc_has_native_ssp ; then >+ # we should better correct the configure check for this, uclibc ok >+ #sed -e 's|^LIBGCC2_CFLAGS = |LIBGCC2_CFLAGS = -DTARGET_LIBC_PROVIDES_SSP |'\ >+ #-i "${S}"/gcc/Makefile.in || die "Failed to update gcc!" >+ #else >+ sed -e 's|^LIBGCC2_CFLAGS = |LIBGCC2_CFLAGS = -D_LIBC_PROVIDES_SSP_ |'\ > -i "${S}"/gcc/Makefile.in || die "Failed to update gcc!" >+ fi > fi > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=98814">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 149292
:
98765
| 98814 |
98815
|
98816
|
98817
|
98818
|
98819
|
98820
|
173413
|
200600
|
200602
