[gcc-6] 322/401: * Ignore dpkg's pie specs when pie is not enabled.
Ximin Luo
infinity0 at debian.org
Wed Apr 5 15:50:24 UTC 2017
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch pu/reproducible_builds
in repository gcc-6.
commit 54b808a210c501447206d343635981c870210cb6
Author: doko <doko at 6ca36cf4-e1d1-0310-8c6f-e303bb2178ca>
Date: Thu Dec 15 20:54:24 2016 +0000
* Ignore dpkg's pie specs when pie is not enabled.
git-svn-id: svn://anonscm.debian.org/gcccvs/branches/sid/gcc-6@9190 6ca36cf4-e1d1-0310-8c6f-e303bb2178ca
---
debian/changelog | 3 +-
.../patches/ignore-pie-specs-when-not-enabled.diff | 56 ++++++++++++++++++++++
debian/rules.patch | 12 ++++-
3 files changed, 69 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index a0cefbf..25fc56e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,8 +8,9 @@ gcc-6 (6.2.1-6.1) UNRELEASED; urgency=medium
* Fix PR c++/78774, proposed for the gcc-6-branch.
* Apply patches for zlib security issues CVE-2016-9840, CVE-2016-9841,
CVE-2016-9842, CVE-2016-9843.
+ * Ignore dpkg's pie specs when pie is not enabled.
- -- Matthias Klose <doko at debian.org> Tue, 13 Dec 2016 08:37:46 +0100
+ -- Matthias Klose <doko at debian.org> Thu, 15 Dec 2016 21:53:22 +0100
gcc-6 (6.2.1-6) unstable; urgency=high
diff --git a/debian/patches/ignore-pie-specs-when-not-enabled.diff b/debian/patches/ignore-pie-specs-when-not-enabled.diff
new file mode 100644
index 0000000..a00c613
--- /dev/null
+++ b/debian/patches/ignore-pie-specs-when-not-enabled.diff
@@ -0,0 +1,56 @@
+# DP: Ignore dpkg's pie specs when pie is not enabled.
+
+Index: b/src/gcc/gcc.c
+===================================================================
+--- a/src/gcc/gcc.c
++++ b/src/gcc/gcc.c
+@@ -3715,6 +3715,36 @@ handle_foffload_option (const char *arg)
+ }
+ }
+
++static bool ignore_pie_specs_when_not_enabled(const char *envvar,
++ const char *specname)
++{
++ const char *envval = secure_getenv(envvar);
++ char *hardening;
++ bool ignore;
++
++ if (strstr (specname, "/pie-compile.specs") == NULL
++ && strstr (specname, "/pie-link.specs") == NULL)
++ return false;
++ if (envval == NULL || strstr (envval, "hardening=") == NULL)
++ return true;
++ ignore = true;
++ hardening = (char *) xmalloc (strlen(envval) + 1);
++ strcpy (hardening, strstr (envval, "hardening="));
++ if (strchr (hardening, ' '))
++ *strchr (hardening, ' ') = '\0';
++ if (strstr(hardening, "+all"))
++ {
++ if (strstr(hardening, "-pie") == NULL)
++ ignore = false;
++ }
++ else if (strstr(hardening, "+pie"))
++ {
++ ignore = false;
++ }
++ free (hardening);
++ return ignore;
++}
++
+ /* Handle a driver option; arguments and return value as for
+ handle_option. */
+
+@@ -3989,6 +4019,12 @@ driver_handle_option (struct gcc_options
+ break;
+
+ case OPT_specs_:
++ if (ignore_pie_specs_when_not_enabled("DEB_BUILD_MAINT_OPTIONS", arg)
++ || ignore_pie_specs_when_not_enabled("DEB_BUILD_OPTIONS", arg))
++ {
++ inform (0, "pie specs %s ignored when pie is not enabled", arg);
++ return true;
++ }
+ {
+ struct user_specs *user = XNEW (struct user_specs);
+
diff --git a/debian/rules.patch b/debian/rules.patch
index 746bd59..2c2fc28 100644
--- a/debian/rules.patch
+++ b/debian/rules.patch
@@ -127,7 +127,7 @@ ifeq ($(with_ssp)-$(with_ssp_default),yes-yes)
hardening_patches += gcc-default-ssp-strong
endif
endif
-ifeq ($(distribution),Ubuntu)
+ifneq (,$(filter $(derivative),Ubuntu))
ifneq (,$(findstring gcc-6, $(PKGSOURCE)))
hardening_patches += \
gcc-default-fortify-source \
@@ -139,6 +139,16 @@ ifeq ($(distribution),Ubuntu)
ifeq ($(with_pie),yes)
hardening_patches += \
bind_now_when_pie
+ else
+ hardening_patches += \
+ ignore-pie-specs-when-not-enabled
+ endif
+ endif
+else ifneq (,$(filter $(derivative),Debian))
+ ifneq (,$(findstring gcc-6, $(PKGSOURCE)))
+ ifneq ($(with_pie),yes)
+ hardening_patches += \
+ ignore-pie-specs-when-not-enabled
endif
endif
endif
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/gcc-6.git
More information about the Reproducible-commits
mailing list