[gcc-6] 05/401: - update hardening patches for GCC 6
Ximin Luo
infinity0 at debian.org
Wed Apr 5 15:47:55 UTC 2017
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch pu/reproducible_builds
in repository gcc-6.
commit 7cf0c4ee69aef5309e41253914ae16fcaaf57e48
Author: doko <doko at 6ca36cf4-e1d1-0310-8c6f-e303bb2178ca>
Date: Fri Dec 11 07:23:51 2015 +0000
- update hardening patches for GCC 6
git-svn-id: svn://anonscm.debian.org/gcccvs/branches/sid/gcc-6@8489 6ca36cf4-e1d1-0310-8c6f-e303bb2178ca
---
debian/patches/gcc-as-needed.diff | 19 +++++++-------
debian/patches/gcc-default-format-security.diff | 4 +--
debian/patches/gcc-default-fortify-source.diff | 4 +--
debian/patches/gcc-default-relro.diff | 8 +++---
debian/patches/gcc-default-ssp-strong.diff | 8 +++---
debian/patches/gcc-default-ssp.diff | 30 +++++++++++-----------
debian/patches/testsuite-hardening-format.diff | 11 --------
.../patches/testsuite-hardening-printf-types.diff | 4 +--
debian/patches/testsuite-hardening-updates.diff | 4 +--
9 files changed, 41 insertions(+), 51 deletions(-)
diff --git a/debian/patches/gcc-as-needed.diff b/debian/patches/gcc-as-needed.diff
index b9b9987..153dcf3 100644
--- a/debian/patches/gcc-as-needed.diff
+++ b/debian/patches/gcc-as-needed.diff
@@ -4,7 +4,7 @@ Index: b/src/gcc/config/aarch64/aarch64-linux.h
===================================================================
--- a/src/gcc/config/aarch64/aarch64-linux.h
+++ b/src/gcc/config/aarch64/aarch64-linux.h
-@@ -33,6 +33,7 @@
+@@ -36,6 +36,7 @@
#define LINUX_TARGET_LINK_SPEC "%{h*} \
--hash-style=gnu \
@@ -55,27 +55,28 @@ Index: b/src/gcc/config/rs6000/linux64.h
===================================================================
--- a/src/gcc/config/rs6000/linux64.h
+++ b/src/gcc/config/rs6000/linux64.h
-@@ -407,11 +407,11 @@ extern int dot_symbols;
+@@ -466,12 +466,12 @@ extern int dot_symbols;
" -m elf64ppc")
#endif
-#define LINK_OS_LINUX_SPEC32 LINK_OS_LINUX_EMUL32 " --hash-style=gnu %{!shared: %{!static: \
+#define LINK_OS_LINUX_SPEC32 LINK_OS_LINUX_EMUL32 " --hash-style=gnu --as-needed %{!shared: %{!static: \
%{rdynamic:-export-dynamic} \
- -dynamic-linker " GNU_USER_DYNAMIC_LINKER32 "}}"
+ -dynamic-linker " GNU_USER_DYNAMIC_LINKER32 "}} \
+ %(link_os_extra_spec32)"
-#define LINK_OS_LINUX_SPEC64 LINK_OS_LINUX_EMUL64 " --hash-style=gnu %{!shared: %{!static: \
+#define LINK_OS_LINUX_SPEC64 LINK_OS_LINUX_EMUL64 " --hash-style=gnu --as-needed %{!shared: %{!static: \
%{rdynamic:-export-dynamic} \
- -dynamic-linker " GNU_USER_DYNAMIC_LINKER64 "}}"
-
+ -dynamic-linker " GNU_USER_DYNAMIC_LINKER64 "}} \
+ %(link_os_extra_spec64)"
Index: b/src/gcc/config/rs6000/sysv4.h
===================================================================
--- a/src/gcc/config/rs6000/sysv4.h
+++ b/src/gcc/config/rs6000/sysv4.h
-@@ -769,7 +769,7 @@ ENDIAN_SELECT(" -mbig", " -mlittle", DEF
- #define GNU_USER_DYNAMIC_LINKER \
- CHOOSE_DYNAMIC_LINKER (GLIBC_DYNAMIC_LINKER, UCLIBC_DYNAMIC_LINKER)
+@@ -784,7 +784,7 @@ ENDIAN_SELECT(" -mbig", " -mlittle", DEF
+ CHOOSE_DYNAMIC_LINKER (GLIBC_DYNAMIC_LINKER, UCLIBC_DYNAMIC_LINKER, \
+ MUSL_DYNAMIC_LINKER)
-#define LINK_OS_LINUX_SPEC "-m elf32ppclinux --hash-style=gnu %{!shared: %{!static: \
+#define LINK_OS_LINUX_SPEC "-m elf32ppclinux --hash-style=gnu --as-needed %{!shared: %{!static: \
@@ -161,7 +162,7 @@ Index: b/src/libjava/Makefile.in
===================================================================
--- a/src/libjava/Makefile.in
+++ b/src/libjava/Makefile.in
-@@ -10600,7 +10600,7 @@ libgcj_bc.la: $(libgcj_bc_la_OBJECTS) $(
+@@ -10646,7 +10646,7 @@ libgcj_bc.la: $(libgcj_bc_la_OBJECTS) $(
rm .libs/libgcj_bc.so; \
mv .libs/libgcj_bc.so.1.0.0 .libs/libgcj_bc.so; \
$(libgcj_bc_dummy_LINK) -xc /dev/null -Wl,-soname,libgcj_bc.so.1 \
diff --git a/debian/patches/gcc-default-format-security.diff b/debian/patches/gcc-default-format-security.diff
index a391857..f82ff5e 100644
--- a/debian/patches/gcc-default-format-security.diff
+++ b/debian/patches/gcc-default-format-security.diff
@@ -4,7 +4,7 @@ Index: b/src/gcc/doc/invoke.texi
===================================================================
--- a/src/gcc/doc/invoke.texi
+++ b/src/gcc/doc/invoke.texi
-@@ -3685,6 +3685,11 @@ included in @option{-Wformat-nonliteral}
+@@ -3799,6 +3799,11 @@ included in @option{-Wformat-nonliteral}
If @option{-Wformat} is specified, also warn if the format string
requires an unsigned argument and the argument is signed and vice versa.
@@ -20,7 +20,7 @@ Index: b/src/gcc/gcc.c
===================================================================
--- a/src/gcc/gcc.c
+++ b/src/gcc/gcc.c
-@@ -727,11 +727,14 @@ proper position among the other output f
+@@ -858,11 +858,14 @@ proper position among the other output f
#define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G"
#endif
diff --git a/debian/patches/gcc-default-fortify-source.diff b/debian/patches/gcc-default-fortify-source.diff
index e20626f..d3ab164 100644
--- a/debian/patches/gcc-default-fortify-source.diff
+++ b/debian/patches/gcc-default-fortify-source.diff
@@ -10,7 +10,7 @@ Index: b/src/gcc/doc/invoke.texi
===================================================================
--- a/src/gcc/doc/invoke.texi
+++ b/src/gcc/doc/invoke.texi
-@@ -7533,6 +7533,12 @@ also turns on the following optimization
+@@ -7840,6 +7840,12 @@ also turns on the following optimization
Please note the warning under @option{-fgcse} about
invoking @option{-O2} on programs that use computed gotos.
@@ -27,7 +27,7 @@ Index: b/src/gcc/c-family/c-cppbuiltin.c
===================================================================
--- a/src/gcc/c-family/c-cppbuiltin.c
+++ b/src/gcc/c-family/c-cppbuiltin.c
-@@ -1171,6 +1171,10 @@ c_cpp_builtins (cpp_reader *pfile)
+@@ -1176,6 +1176,10 @@ c_cpp_builtins (cpp_reader *pfile)
builtin_define_with_value ("__REGISTER_PREFIX__", REGISTER_PREFIX, 0);
builtin_define_with_value ("__USER_LABEL_PREFIX__", user_label_prefix, 0);
diff --git a/debian/patches/gcc-default-relro.diff b/debian/patches/gcc-default-relro.diff
index 09ec820..40855f8 100644
--- a/debian/patches/gcc-default-relro.diff
+++ b/debian/patches/gcc-default-relro.diff
@@ -9,7 +9,7 @@ Index: b/src/gcc/doc/invoke.texi
===================================================================
--- a/src/gcc/doc/invoke.texi
+++ b/src/gcc/doc/invoke.texi
-@@ -11424,6 +11424,9 @@ For example, @option{-Wl,-Map,output.map
+@@ -11638,6 +11638,9 @@ For example, @option{-Wl,-Map,output.map
linker. When using the GNU linker, you can also get the same effect with
@option{-Wl,-Map=output.map}.
@@ -23,11 +23,11 @@ Index: b/src/gcc/gcc.c
===================================================================
--- a/src/gcc/gcc.c
+++ b/src/gcc/gcc.c
-@@ -890,6 +890,7 @@ proper position among the other output f
+@@ -1027,6 +1027,7 @@ proper position among the other output f
"%{flto|flto=*:%<fcompare-debug*} \
%{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC \
"%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \
+ "-z relro " \
"%X %{o*} %{e*} %{N} %{n} %{r}\
- %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}} " VTABLE_VERIFICATION_SPEC " \
- %{static:} %{L*} %(mfwrap) %(link_libgcc) " SANITIZER_EARLY_SPEC " %o\
+ %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}} \
+ %{static:} %{L*} %(mfwrap) %(link_libgcc) " \
diff --git a/debian/patches/gcc-default-ssp-strong.diff b/debian/patches/gcc-default-ssp-strong.diff
index 4748c0e..40c31a9 100644
--- a/debian/patches/gcc-default-ssp-strong.diff
+++ b/debian/patches/gcc-default-ssp-strong.diff
@@ -4,7 +4,7 @@ Index: b/src/gcc/gcc.c
===================================================================
--- a/src/gcc/gcc.c
+++ b/src/gcc/gcc.c
-@@ -732,7 +732,7 @@ proper position among the other output f
+@@ -863,7 +863,7 @@ proper position among the other output f
#ifndef SSP_DEFAULT_SPEC
#ifdef TARGET_LIBC_PROVIDES_SSP
@@ -17,7 +17,7 @@ Index: b/src/gcc/doc/invoke.texi
===================================================================
--- a/src/gcc/doc/invoke.texi
+++ b/src/gcc/doc/invoke.texi
-@@ -10034,10 +10034,6 @@ functions with buffers larger than 8 byt
+@@ -10264,10 +10264,6 @@ functions with buffers larger than 8 byt
when a function is entered and then checked when the function exits.
If a guard check fails, an error message is printed and the program exits.
@@ -28,7 +28,7 @@ Index: b/src/gcc/doc/invoke.texi
@item -fstack-protector-all
@opindex fstack-protector-all
Like @option{-fstack-protector} except that all functions are protected.
-@@ -10058,6 +10054,11 @@ have the @code{stack_protect} attribute
+@@ -10288,6 +10284,11 @@ have the @code{stack_protect} attribute
Optimize the prologue of variadic argument functions with respect to usage of
those arguments.
@@ -40,7 +40,7 @@ Index: b/src/gcc/doc/invoke.texi
@item -fsection-anchors
@opindex fsection-anchors
Try to reduce the number of symbolic address calculations by using
-@@ -10658,13 +10659,13 @@ value of a shared integer constant. The
+@@ -10860,13 +10861,13 @@ value of a shared integer constant. The
The minimum size of buffers (i.e.@: arrays) that receive stack smashing
protection when @option{-fstack-protection} is used.
diff --git a/debian/patches/gcc-default-ssp.diff b/debian/patches/gcc-default-ssp.diff
index 72346e7..e1458fa 100644
--- a/debian/patches/gcc-default-ssp.diff
+++ b/debian/patches/gcc-default-ssp.diff
@@ -14,7 +14,7 @@ Index: b/src/gcc/gcc.c
===================================================================
--- a/src/gcc/gcc.c
+++ b/src/gcc/gcc.c
-@@ -727,6 +727,14 @@ proper position among the other output f
+@@ -858,6 +858,14 @@ proper position among the other output f
#define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G"
#endif
@@ -29,7 +29,7 @@ Index: b/src/gcc/gcc.c
#ifndef LINK_SSP_SPEC
#ifdef TARGET_LIBC_PROVIDES_SSP
#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
-@@ -919,6 +927,7 @@ static const char *cc1_spec = CC1_SPEC;
+@@ -1057,6 +1065,7 @@ static const char *cc1_spec = CC1_SPEC;
static const char *cc1plus_spec = CC1PLUS_SPEC;
static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
static const char *link_ssp_spec = LINK_SSP_SPEC;
@@ -37,7 +37,7 @@ Index: b/src/gcc/gcc.c
static const char *asm_spec = ASM_SPEC;
static const char *asm_final_spec = ASM_FINAL_SPEC;
static const char *link_spec = LINK_SPEC;
-@@ -973,7 +982,7 @@ static const char *cpp_unique_options =
+@@ -1112,7 +1121,7 @@ static const char *cpp_unique_options =
static const char *cpp_options =
"%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\
%{f*} %{g*:%{!g0:%{g*} %{!fno-working-directory:-fworking-directory}}} %{O*}\
@@ -46,7 +46,7 @@ Index: b/src/gcc/gcc.c
/* This contains cpp options which are not passed when the preprocessor
output will be used by another program. */
-@@ -1161,9 +1170,9 @@ static const struct compiler default_com
+@@ -1300,9 +1309,9 @@ static const struct compiler default_com
%{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \
%(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\
cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \
@@ -58,8 +58,8 @@ Index: b/src/gcc/gcc.c
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1},
{"-",
"%{!E:%e-E or -x required when input is from standard input}\
-@@ -1186,7 +1195,7 @@ static const struct compiler default_com
- %W{o*:--output-pch=%*}}%V}}}}}}", 0, 0, 0},
+@@ -1327,7 +1336,7 @@ static const struct compiler default_com
+ %W{o*:--output-pch=%*}}%V}}}}}}}", 0, 0, 0},
{".i", "@cpp-output", 0, 0, 0},
{"@cpp-output",
- "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
@@ -67,7 +67,7 @@ Index: b/src/gcc/gcc.c
{".s", "@assembler", 0, 0, 0},
{"@assembler",
"%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0},
-@@ -1416,6 +1425,7 @@ static struct spec_list static_specs[] =
+@@ -1559,6 +1568,7 @@ static struct spec_list static_specs[] =
INIT_STATIC_SPEC ("cc1plus", &cc1plus_spec),
INIT_STATIC_SPEC ("link_gcc_c_sequence", &link_gcc_c_sequence_spec),
INIT_STATIC_SPEC ("link_ssp", &link_ssp_spec),
@@ -85,10 +85,10 @@ Index: b/src/gcc/cp/lang-specs.h
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
- %(cc1_options) %2\
+ %(cc1_options) %(ssp_default) %2\
- %{!fsyntax-only:%{!fdump-ada-spec*:-o %g.s %{!o*:--output-pch=%i.gch}\
- %W{o*:--output-pch=%*}}%V}}}}",
- CPLUSPLUS_CPP_SPEC, 0, 0},
-@@ -57,11 +57,11 @@ along with GCC; see the file COPYING3.
+ %{!fsyntax-only:-o %g.s \
+ %{!fdump-ada-spec*:%{!o*:--output-pch=%i.gch}\
+ %W{o*:--output-pch=%*}}%V}}}}",
+@@ -58,11 +58,11 @@ along with GCC; see the file COPYING3.
%(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\
cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
@@ -106,10 +106,10 @@ Index: b/src/gcc/params.def
===================================================================
--- a/src/gcc/params.def
+++ b/src/gcc/params.def
-@@ -695,7 +695,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT,
+@@ -673,7 +673,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT,
DEFPARAM (PARAM_SSP_BUFFER_SIZE,
"ssp-buffer-size",
- "The lower bound for a buffer to be considered for stack smashing protection",
+ "The lower bound for a buffer to be considered for stack smashing protection.",
- 8, 1, 0)
+ 4, 1, 0)
@@ -191,7 +191,7 @@ Index: b/src/gcc/doc/invoke.texi
===================================================================
--- a/src/gcc/doc/invoke.texi
+++ b/src/gcc/doc/invoke.texi
-@@ -10029,6 +10029,10 @@ functions with buffers larger than 8 byt
+@@ -10259,6 +10259,10 @@ functions with buffers larger than 8 byt
when a function is entered and then checked when the function exits.
If a guard check fails, an error message is printed and the program exits.
@@ -202,7 +202,7 @@ Index: b/src/gcc/doc/invoke.texi
@item -fstack-protector-all
@opindex fstack-protector-all
Like @option{-fstack-protector} except that all functions are protected.
-@@ -10653,6 +10657,9 @@ protection when @option{-fstack-protecti
+@@ -10855,6 +10859,9 @@ protection when @option{-fstack-protecti
The minimum size of variables taking part in stack slot sharing when not
optimizing. The default value is 32.
diff --git a/debian/patches/testsuite-hardening-format.diff b/debian/patches/testsuite-hardening-format.diff
index 220084a..7d977fe 100644
--- a/debian/patches/testsuite-hardening-format.diff
+++ b/debian/patches/testsuite-hardening-format.diff
@@ -174,17 +174,6 @@ Index: b/src/gcc/testsuite/c-c++-common/torture/vector-compare-1.c
#define vector(elcount, type) \
__attribute__((vector_size((elcount)*sizeof(type)))) type
-Index: b/src/gcc/testsuite/gcc.dg/tree-ssa/isolate-4.c
-===================================================================
---- a/src/gcc/testsuite/gcc.dg/tree-ssa/isolate-4.c
-+++ b/src/gcc/testsuite/gcc.dg/tree-ssa/isolate-4.c
-@@ -1,5 +1,5 @@
- /* { dg-do compile } */
--/* { dg-options "-O2 -fisolate-erroneous-paths-attribute -fdump-tree-isolate-paths -fdump-tree-phicprop1" } */
-+/* { dg-options "-O2 -fisolate-erroneous-paths-attribute -fdump-tree-isolate-paths -fdump-tree-phicprop1 -Wno-nonnull" } */
- /* { dg-skip-if "" keeps_null_pointer_checks } */
-
-
Index: b/src/gcc/testsuite/gcc.dg/tree-ssa/builtin-vprintf-chk-1.c
===================================================================
--- a/src/gcc/testsuite/gcc.dg/tree-ssa/builtin-vprintf-chk-1.c
diff --git a/debian/patches/testsuite-hardening-printf-types.diff b/debian/patches/testsuite-hardening-printf-types.diff
index fb16fb9..248cb5e 100644
--- a/debian/patches/testsuite-hardening-printf-types.diff
+++ b/debian/patches/testsuite-hardening-printf-types.diff
@@ -42,7 +42,7 @@ Index: b/src/gcc/testsuite/gcc.dg/torture/matrix-2.c
/*if (i!=1 || j!=1)*/
/*if (i==1 && j==1)
continue;
-@@ -83,14 +83,14 @@ mem_init (void)
+@@ -82,14 +82,14 @@ mem_init (void)
for (j = 0; j < 3; j++)
{
vel[i][j] = (int *) malloc (ARCHnodes1 * sizeof (int));
@@ -59,7 +59,7 @@ Index: b/src/gcc/testsuite/gcc.dg/torture/matrix-2.c
}
}
-@@ -99,7 +99,7 @@ mem_init (void)
+@@ -98,7 +98,7 @@ mem_init (void)
{
for (j = 0; j < 3; j++)
{
diff --git a/debian/patches/testsuite-hardening-updates.diff b/debian/patches/testsuite-hardening-updates.diff
index 44a8969..0f3f7e7 100644
--- a/debian/patches/testsuite-hardening-updates.diff
+++ b/debian/patches/testsuite-hardening-updates.diff
@@ -80,9 +80,9 @@ Index: b/src/gcc/testsuite/gcc.dg/stack-usage-1.c
/* { dg-do compile } */
-/* { dg-options "-fstack-usage" } */
+/* { dg-options "-fstack-usage -fno-stack-protector" } */
+ /* nvptx doesn't have a reg allocator, and hence no stack usage data. */
+ /* { dg-skip-if "" { nvptx-*-* } { "*" } { "" } } */
- /* This is aimed at testing basic support for -fstack-usage in the back-ends.
- See the SPARC back-end for example (grep flag_stack_usage_info in sparc.c).
Index: b/src/gcc/testsuite/gcc.target/i386/sw-1.c
===================================================================
--- a/src/gcc/testsuite/gcc.target/i386/sw-1.c
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/gcc-6.git
More information about the Reproducible-commits
mailing list