[gcc-6] 05/401: - update hardening patches for GCC 6

Ximin Luo infinity0 at debian.org
Wed Apr 5 15:47:55 UTC 2017


This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch pu/reproducible_builds
in repository gcc-6.

commit 7cf0c4ee69aef5309e41253914ae16fcaaf57e48
Author: doko <doko at 6ca36cf4-e1d1-0310-8c6f-e303bb2178ca>
Date:   Fri Dec 11 07:23:51 2015 +0000

     - update hardening patches for GCC 6
    
    
    git-svn-id: svn://anonscm.debian.org/gcccvs/branches/sid/gcc-6@8489 6ca36cf4-e1d1-0310-8c6f-e303bb2178ca
---
 debian/patches/gcc-as-needed.diff                  | 19 +++++++-------
 debian/patches/gcc-default-format-security.diff    |  4 +--
 debian/patches/gcc-default-fortify-source.diff     |  4 +--
 debian/patches/gcc-default-relro.diff              |  8 +++---
 debian/patches/gcc-default-ssp-strong.diff         |  8 +++---
 debian/patches/gcc-default-ssp.diff                | 30 +++++++++++-----------
 debian/patches/testsuite-hardening-format.diff     | 11 --------
 .../patches/testsuite-hardening-printf-types.diff  |  4 +--
 debian/patches/testsuite-hardening-updates.diff    |  4 +--
 9 files changed, 41 insertions(+), 51 deletions(-)

diff --git a/debian/patches/gcc-as-needed.diff b/debian/patches/gcc-as-needed.diff
index b9b9987..153dcf3 100644
--- a/debian/patches/gcc-as-needed.diff
+++ b/debian/patches/gcc-as-needed.diff
@@ -4,7 +4,7 @@ Index: b/src/gcc/config/aarch64/aarch64-linux.h
 ===================================================================
 --- a/src/gcc/config/aarch64/aarch64-linux.h
 +++ b/src/gcc/config/aarch64/aarch64-linux.h
-@@ -33,6 +33,7 @@
+@@ -36,6 +36,7 @@
  
  #define LINUX_TARGET_LINK_SPEC  "%{h*}		\
     --hash-style=gnu				\
@@ -55,27 +55,28 @@ Index: b/src/gcc/config/rs6000/linux64.h
 ===================================================================
 --- a/src/gcc/config/rs6000/linux64.h
 +++ b/src/gcc/config/rs6000/linux64.h
-@@ -407,11 +407,11 @@ extern int dot_symbols;
+@@ -466,12 +466,12 @@ extern int dot_symbols;
  					   " -m elf64ppc")
  #endif
  
 -#define LINK_OS_LINUX_SPEC32 LINK_OS_LINUX_EMUL32 " --hash-style=gnu %{!shared: %{!static: \
 +#define LINK_OS_LINUX_SPEC32 LINK_OS_LINUX_EMUL32 " --hash-style=gnu --as-needed %{!shared: %{!static: \
    %{rdynamic:-export-dynamic} \
-   -dynamic-linker " GNU_USER_DYNAMIC_LINKER32 "}}"
+   -dynamic-linker " GNU_USER_DYNAMIC_LINKER32 "}} \
+   %(link_os_extra_spec32)"
  
 -#define LINK_OS_LINUX_SPEC64 LINK_OS_LINUX_EMUL64 " --hash-style=gnu %{!shared: %{!static: \
 +#define LINK_OS_LINUX_SPEC64 LINK_OS_LINUX_EMUL64 " --hash-style=gnu --as-needed %{!shared: %{!static: \
    %{rdynamic:-export-dynamic} \
-   -dynamic-linker " GNU_USER_DYNAMIC_LINKER64 "}}"
- 
+   -dynamic-linker " GNU_USER_DYNAMIC_LINKER64 "}} \
+   %(link_os_extra_spec64)"
 Index: b/src/gcc/config/rs6000/sysv4.h
 ===================================================================
 --- a/src/gcc/config/rs6000/sysv4.h
 +++ b/src/gcc/config/rs6000/sysv4.h
-@@ -769,7 +769,7 @@ ENDIAN_SELECT(" -mbig", " -mlittle", DEF
- #define GNU_USER_DYNAMIC_LINKER \
-   CHOOSE_DYNAMIC_LINKER (GLIBC_DYNAMIC_LINKER, UCLIBC_DYNAMIC_LINKER)
+@@ -784,7 +784,7 @@ ENDIAN_SELECT(" -mbig", " -mlittle", DEF
+   CHOOSE_DYNAMIC_LINKER (GLIBC_DYNAMIC_LINKER, UCLIBC_DYNAMIC_LINKER, \
+ 			 MUSL_DYNAMIC_LINKER)
  
 -#define LINK_OS_LINUX_SPEC "-m elf32ppclinux --hash-style=gnu %{!shared: %{!static: \
 +#define LINK_OS_LINUX_SPEC "-m elf32ppclinux --hash-style=gnu --as-needed %{!shared: %{!static: \
@@ -161,7 +162,7 @@ Index: b/src/libjava/Makefile.in
 ===================================================================
 --- a/src/libjava/Makefile.in
 +++ b/src/libjava/Makefile.in
-@@ -10600,7 +10600,7 @@ libgcj_bc.la: $(libgcj_bc_la_OBJECTS) $(
+@@ -10646,7 +10646,7 @@ libgcj_bc.la: $(libgcj_bc_la_OBJECTS) $(
  	rm .libs/libgcj_bc.so; \
  	mv .libs/libgcj_bc.so.1.0.0 .libs/libgcj_bc.so; \
  	$(libgcj_bc_dummy_LINK) -xc /dev/null -Wl,-soname,libgcj_bc.so.1 \
diff --git a/debian/patches/gcc-default-format-security.diff b/debian/patches/gcc-default-format-security.diff
index a391857..f82ff5e 100644
--- a/debian/patches/gcc-default-format-security.diff
+++ b/debian/patches/gcc-default-format-security.diff
@@ -4,7 +4,7 @@ Index: b/src/gcc/doc/invoke.texi
 ===================================================================
 --- a/src/gcc/doc/invoke.texi
 +++ b/src/gcc/doc/invoke.texi
-@@ -3685,6 +3685,11 @@ included in @option{-Wformat-nonliteral}
+@@ -3799,6 +3799,11 @@ included in @option{-Wformat-nonliteral}
  If @option{-Wformat} is specified, also warn if the format string
  requires an unsigned argument and the argument is signed and vice versa.
  
@@ -20,7 +20,7 @@ Index: b/src/gcc/gcc.c
 ===================================================================
 --- a/src/gcc/gcc.c
 +++ b/src/gcc/gcc.c
-@@ -727,11 +727,14 @@ proper position among the other output f
+@@ -858,11 +858,14 @@ proper position among the other output f
  #define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G"
  #endif
  
diff --git a/debian/patches/gcc-default-fortify-source.diff b/debian/patches/gcc-default-fortify-source.diff
index e20626f..d3ab164 100644
--- a/debian/patches/gcc-default-fortify-source.diff
+++ b/debian/patches/gcc-default-fortify-source.diff
@@ -10,7 +10,7 @@ Index: b/src/gcc/doc/invoke.texi
 ===================================================================
 --- a/src/gcc/doc/invoke.texi
 +++ b/src/gcc/doc/invoke.texi
-@@ -7533,6 +7533,12 @@ also turns on the following optimization
+@@ -7840,6 +7840,12 @@ also turns on the following optimization
  Please note the warning under @option{-fgcse} about
  invoking @option{-O2} on programs that use computed gotos.
  
@@ -27,7 +27,7 @@ Index: b/src/gcc/c-family/c-cppbuiltin.c
 ===================================================================
 --- a/src/gcc/c-family/c-cppbuiltin.c
 +++ b/src/gcc/c-family/c-cppbuiltin.c
-@@ -1171,6 +1171,10 @@ c_cpp_builtins (cpp_reader *pfile)
+@@ -1176,6 +1176,10 @@ c_cpp_builtins (cpp_reader *pfile)
    builtin_define_with_value ("__REGISTER_PREFIX__", REGISTER_PREFIX, 0);
    builtin_define_with_value ("__USER_LABEL_PREFIX__", user_label_prefix, 0);
  
diff --git a/debian/patches/gcc-default-relro.diff b/debian/patches/gcc-default-relro.diff
index 09ec820..40855f8 100644
--- a/debian/patches/gcc-default-relro.diff
+++ b/debian/patches/gcc-default-relro.diff
@@ -9,7 +9,7 @@ Index: b/src/gcc/doc/invoke.texi
 ===================================================================
 --- a/src/gcc/doc/invoke.texi
 +++ b/src/gcc/doc/invoke.texi
-@@ -11424,6 +11424,9 @@ For example, @option{-Wl,-Map,output.map
+@@ -11638,6 +11638,9 @@ For example, @option{-Wl,-Map,output.map
  linker.  When using the GNU linker, you can also get the same effect with
  @option{-Wl,-Map=output.map}.
  
@@ -23,11 +23,11 @@ Index: b/src/gcc/gcc.c
 ===================================================================
 --- a/src/gcc/gcc.c
 +++ b/src/gcc/gcc.c
-@@ -890,6 +890,7 @@ proper position among the other output f
+@@ -1027,6 +1027,7 @@ proper position among the other output f
     "%{flto|flto=*:%<fcompare-debug*} \
      %{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC \
     "%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \
 +   "-z relro " \
     "%X %{o*} %{e*} %{N} %{n} %{r}\
-     %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}} " VTABLE_VERIFICATION_SPEC " \
-     %{static:} %{L*} %(mfwrap) %(link_libgcc) " SANITIZER_EARLY_SPEC " %o\
+     %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}} \
+     %{static:} %{L*} %(mfwrap) %(link_libgcc) " \
diff --git a/debian/patches/gcc-default-ssp-strong.diff b/debian/patches/gcc-default-ssp-strong.diff
index 4748c0e..40c31a9 100644
--- a/debian/patches/gcc-default-ssp-strong.diff
+++ b/debian/patches/gcc-default-ssp-strong.diff
@@ -4,7 +4,7 @@ Index: b/src/gcc/gcc.c
 ===================================================================
 --- a/src/gcc/gcc.c
 +++ b/src/gcc/gcc.c
-@@ -732,7 +732,7 @@ proper position among the other output f
+@@ -863,7 +863,7 @@ proper position among the other output f
  
  #ifndef SSP_DEFAULT_SPEC
  #ifdef TARGET_LIBC_PROVIDES_SSP
@@ -17,7 +17,7 @@ Index: b/src/gcc/doc/invoke.texi
 ===================================================================
 --- a/src/gcc/doc/invoke.texi
 +++ b/src/gcc/doc/invoke.texi
-@@ -10034,10 +10034,6 @@ functions with buffers larger than 8 byt
+@@ -10264,10 +10264,6 @@ functions with buffers larger than 8 byt
  when a function is entered and then checked when the function exits.
  If a guard check fails, an error message is printed and the program exits.
  
@@ -28,7 +28,7 @@ Index: b/src/gcc/doc/invoke.texi
  @item -fstack-protector-all
  @opindex fstack-protector-all
  Like @option{-fstack-protector} except that all functions are protected.
-@@ -10058,6 +10054,11 @@ have the @code{stack_protect} attribute
+@@ -10288,6 +10284,11 @@ have the @code{stack_protect} attribute
  Optimize the prologue of variadic argument functions with respect to usage of
  those arguments.
  
@@ -40,7 +40,7 @@ Index: b/src/gcc/doc/invoke.texi
  @item -fsection-anchors
  @opindex fsection-anchors
  Try to reduce the number of symbolic address calculations by using
-@@ -10658,13 +10659,13 @@ value of a shared integer constant.  The
+@@ -10860,13 +10861,13 @@ value of a shared integer constant.  The
  The minimum size of buffers (i.e.@: arrays) that receive stack smashing
  protection when @option{-fstack-protection} is used.
  
diff --git a/debian/patches/gcc-default-ssp.diff b/debian/patches/gcc-default-ssp.diff
index 72346e7..e1458fa 100644
--- a/debian/patches/gcc-default-ssp.diff
+++ b/debian/patches/gcc-default-ssp.diff
@@ -14,7 +14,7 @@ Index: b/src/gcc/gcc.c
 ===================================================================
 --- a/src/gcc/gcc.c
 +++ b/src/gcc/gcc.c
-@@ -727,6 +727,14 @@ proper position among the other output f
+@@ -858,6 +858,14 @@ proper position among the other output f
  #define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G"
  #endif
  
@@ -29,7 +29,7 @@ Index: b/src/gcc/gcc.c
  #ifndef LINK_SSP_SPEC
  #ifdef TARGET_LIBC_PROVIDES_SSP
  #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
-@@ -919,6 +927,7 @@ static const char *cc1_spec = CC1_SPEC;
+@@ -1057,6 +1065,7 @@ static const char *cc1_spec = CC1_SPEC;
  static const char *cc1plus_spec = CC1PLUS_SPEC;
  static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
  static const char *link_ssp_spec = LINK_SSP_SPEC;
@@ -37,7 +37,7 @@ Index: b/src/gcc/gcc.c
  static const char *asm_spec = ASM_SPEC;
  static const char *asm_final_spec = ASM_FINAL_SPEC;
  static const char *link_spec = LINK_SPEC;
-@@ -973,7 +982,7 @@ static const char *cpp_unique_options =
+@@ -1112,7 +1121,7 @@ static const char *cpp_unique_options =
  static const char *cpp_options =
  "%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\
   %{f*} %{g*:%{!g0:%{g*} %{!fno-working-directory:-fworking-directory}}} %{O*}\
@@ -46,7 +46,7 @@ Index: b/src/gcc/gcc.c
  
  /* This contains cpp options which are not passed when the preprocessor
     output will be used by another program.  */
-@@ -1161,9 +1170,9 @@ static const struct compiler default_com
+@@ -1300,9 +1309,9 @@ static const struct compiler default_com
        %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \
  	  %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\
  	    cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \
@@ -58,8 +58,8 @@ Index: b/src/gcc/gcc.c
        %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1},
    {"-",
     "%{!E:%e-E or -x required when input is from standard input}\
-@@ -1186,7 +1195,7 @@ static const struct compiler default_com
-                     %W{o*:--output-pch=%*}}%V}}}}}}", 0, 0, 0},
+@@ -1327,7 +1336,7 @@ static const struct compiler default_com
+ 					   %W{o*:--output-pch=%*}}%V}}}}}}}", 0, 0, 0},
    {".i", "@cpp-output", 0, 0, 0},
    {"@cpp-output",
 -   "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
@@ -67,7 +67,7 @@ Index: b/src/gcc/gcc.c
    {".s", "@assembler", 0, 0, 0},
    {"@assembler",
     "%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0},
-@@ -1416,6 +1425,7 @@ static struct spec_list static_specs[] =
+@@ -1559,6 +1568,7 @@ static struct spec_list static_specs[] =
    INIT_STATIC_SPEC ("cc1plus",			&cc1plus_spec),
    INIT_STATIC_SPEC ("link_gcc_c_sequence",	&link_gcc_c_sequence_spec),
    INIT_STATIC_SPEC ("link_ssp",			&link_ssp_spec),
@@ -85,10 +85,10 @@ Index: b/src/gcc/cp/lang-specs.h
  	      %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
 -	%(cc1_options) %2\
 +	%(cc1_options) %(ssp_default) %2\
- 	%{!fsyntax-only:%{!fdump-ada-spec*:-o %g.s %{!o*:--output-pch=%i.gch}\
-         %W{o*:--output-pch=%*}}%V}}}}",
-      CPLUSPLUS_CPP_SPEC, 0, 0},
-@@ -57,11 +57,11 @@ along with GCC; see the file COPYING3.
+ 	%{!fsyntax-only:-o %g.s \
+ 	    %{!fdump-ada-spec*:%{!o*:--output-pch=%i.gch}\
+ 			       %W{o*:--output-pch=%*}}%V}}}}",
+@@ -58,11 +58,11 @@ along with GCC; see the file COPYING3.
  		%(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\
        cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\
  	      %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
@@ -106,10 +106,10 @@ Index: b/src/gcc/params.def
 ===================================================================
 --- a/src/gcc/params.def
 +++ b/src/gcc/params.def
-@@ -695,7 +695,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT,
+@@ -673,7 +673,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT,
  DEFPARAM (PARAM_SSP_BUFFER_SIZE,
  	  "ssp-buffer-size",
- 	  "The lower bound for a buffer to be considered for stack smashing protection",
+ 	  "The lower bound for a buffer to be considered for stack smashing protection.",
 -	  8, 1, 0)
 +	  4, 1, 0)
  
@@ -191,7 +191,7 @@ Index: b/src/gcc/doc/invoke.texi
 ===================================================================
 --- a/src/gcc/doc/invoke.texi
 +++ b/src/gcc/doc/invoke.texi
-@@ -10029,6 +10029,10 @@ functions with buffers larger than 8 byt
+@@ -10259,6 +10259,10 @@ functions with buffers larger than 8 byt
  when a function is entered and then checked when the function exits.
  If a guard check fails, an error message is printed and the program exits.
  
@@ -202,7 +202,7 @@ Index: b/src/gcc/doc/invoke.texi
  @item -fstack-protector-all
  @opindex fstack-protector-all
  Like @option{-fstack-protector} except that all functions are protected.
-@@ -10653,6 +10657,9 @@ protection when @option{-fstack-protecti
+@@ -10855,6 +10859,9 @@ protection when @option{-fstack-protecti
  The minimum size of variables taking part in stack slot sharing when not
  optimizing. The default value is 32.
  
diff --git a/debian/patches/testsuite-hardening-format.diff b/debian/patches/testsuite-hardening-format.diff
index 220084a..7d977fe 100644
--- a/debian/patches/testsuite-hardening-format.diff
+++ b/debian/patches/testsuite-hardening-format.diff
@@ -174,17 +174,6 @@ Index: b/src/gcc/testsuite/c-c++-common/torture/vector-compare-1.c
  #define vector(elcount, type)  \
  __attribute__((vector_size((elcount)*sizeof(type)))) type
  
-Index: b/src/gcc/testsuite/gcc.dg/tree-ssa/isolate-4.c
-===================================================================
---- a/src/gcc/testsuite/gcc.dg/tree-ssa/isolate-4.c
-+++ b/src/gcc/testsuite/gcc.dg/tree-ssa/isolate-4.c
-@@ -1,5 +1,5 @@
- /* { dg-do compile } */ 
--/* { dg-options "-O2 -fisolate-erroneous-paths-attribute -fdump-tree-isolate-paths -fdump-tree-phicprop1" } */
-+/* { dg-options "-O2 -fisolate-erroneous-paths-attribute -fdump-tree-isolate-paths -fdump-tree-phicprop1 -Wno-nonnull" } */
- /* { dg-skip-if "" keeps_null_pointer_checks } */
- 
- 
 Index: b/src/gcc/testsuite/gcc.dg/tree-ssa/builtin-vprintf-chk-1.c
 ===================================================================
 --- a/src/gcc/testsuite/gcc.dg/tree-ssa/builtin-vprintf-chk-1.c
diff --git a/debian/patches/testsuite-hardening-printf-types.diff b/debian/patches/testsuite-hardening-printf-types.diff
index fb16fb9..248cb5e 100644
--- a/debian/patches/testsuite-hardening-printf-types.diff
+++ b/debian/patches/testsuite-hardening-printf-types.diff
@@ -42,7 +42,7 @@ Index: b/src/gcc/testsuite/gcc.dg/torture/matrix-2.c
        /*if (i!=1 || j!=1)*/
        /*if (i==1 && j==1)
          continue;
-@@ -83,14 +83,14 @@ mem_init (void)
+@@ -82,14 +82,14 @@ mem_init (void)
        for (j = 0; j < 3; j++)
  	{
  	  vel[i][j] = (int *) malloc (ARCHnodes1 * sizeof (int));
@@ -59,7 +59,7 @@ Index: b/src/gcc/testsuite/gcc.dg/torture/matrix-2.c
          }
      }
  
-@@ -99,7 +99,7 @@ mem_init (void)
+@@ -98,7 +98,7 @@ mem_init (void)
      {
        for (j = 0; j < 3; j++)
  	{
diff --git a/debian/patches/testsuite-hardening-updates.diff b/debian/patches/testsuite-hardening-updates.diff
index 44a8969..0f3f7e7 100644
--- a/debian/patches/testsuite-hardening-updates.diff
+++ b/debian/patches/testsuite-hardening-updates.diff
@@ -80,9 +80,9 @@ Index: b/src/gcc/testsuite/gcc.dg/stack-usage-1.c
  /* { dg-do compile } */
 -/* { dg-options "-fstack-usage" } */
 +/* { dg-options "-fstack-usage -fno-stack-protector" } */
+ /* nvptx doesn't have a reg allocator, and hence no stack usage data.  */
+ /* { dg-skip-if "" { nvptx-*-* } { "*" } { "" } } */
  
- /* This is aimed at testing basic support for -fstack-usage in the back-ends.
-    See the SPARC back-end for example (grep flag_stack_usage_info in sparc.c).
 Index: b/src/gcc/testsuite/gcc.target/i386/sw-1.c
 ===================================================================
 --- a/src/gcc/testsuite/gcc.target/i386/sw-1.c

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/gcc-6.git



More information about the Reproducible-commits mailing list