Codebase list gcc-snapshot / e006212
* Fix PR lto/95604, proposed patch. * Reorganize the distro defaults patches. Matthias Klose 3 years ago
8 changed file(s) with 188 addition(s) and 140 deletion(s). Raw diff Collapse all Expand all
+2
-1
debian/changelog less more
1111 PR libfortran/95390, PR libfortran/95104, PR libfortran/95104,
1212 PR libfortran/95191, PR libgomp/92854, PR libgomp/92854,
1313 PR libstdc++/95322, PR libstdc++/77691.
14 * Add the CF_PROTECTION_SPEC to the LINK_COMMAND_SPEC.
14 * Fix PR lto/95604, proposed patch.
15 * Reorganize the distro defaults patches.
1516
1617 -- Matthias Klose <doko@debian.org> Thu, 11 Jun 2020 12:19:06 +0200
1718
+0
-38
debian/patches/gcc-default-fortify-source.diff less more
0 # DP: Turn on -D_FORTIFY_SOURCE=2 by default for C, C++, ObjC, ObjC++,
1 # DP: if the optimization level is > 0
2
3 ---
4 gcc/doc/invoke.texi | 6 ++++++
5 gcc/c-family/c-cppbuiltin.c | 3 +
6 2 files changed, 9 insertions(+), 0 deletions(-)
7
8 --- a/src/gcc/doc/invoke.texi
9 +++ b/src/gcc/doc/invoke.texi
10 @@ -8322,6 +8322,12 @@ also turns on the following optimization
11 Please note the warning under @option{-fgcse} about
12 invoking @option{-O2} on programs that use computed gotos.
13
14 +NOTE: In Ubuntu 8.10 and later versions, @option{-D_FORTIFY_SOURCE=2} is
15 +set by default, and is activated when @option{-O} is set to 2 or higher.
16 +This enables additional compile-time and run-time checks for several libc
17 +functions. To disable, specify either @option{-U_FORTIFY_SOURCE} or
18 +@option{-D_FORTIFY_SOURCE=0}.
19 +
20 @item -O3
21 @opindex O3
22 Optimize yet more. @option{-O3} turns on all optimizations specified
23 --- a/src/gcc/c-family/c-cppbuiltin.c
24 +++ b/src/gcc/c-family/c-cppbuiltin.c
25 @@ -1357,6 +1357,12 @@ c_cpp_builtins (cpp_reader *pfile)
26 builtin_define_with_value ("__REGISTER_PREFIX__", REGISTER_PREFIX, 0);
27 builtin_define_with_value ("__USER_LABEL_PREFIX__", user_label_prefix, 0);
28
29 +#if !defined(ACCEL_COMPILER)
30 + /* Fortify Source enabled by default for optimization levels > 0 */
31 + if (optimize)
32 + builtin_define_with_int_value ("_FORTIFY_SOURCE", 2);
33 +#endif
34 +
35 /* Misc. */
36 if (flag_gnu89_inline)
37 cpp_define (pfile, "__GNUC_GNU_INLINE__");
+0
-42
debian/patches/gcc-default-relro.diff less more
0 # DP: Turn on -Wl,-z,relro by default.
1
2 ---
3 gcc/doc/invoke.texi | 3 +++
4 gcc/gcc.c | 1 +
5 2 files changed, 4 insertions(+), 0 deletions(-)
6
7 --- a/src/gcc/doc/invoke.texi
8 +++ b/src/gcc/doc/invoke.texi
9 @@ -13546,6 +13546,9 @@ For example, @option{-Wl,-Map,output.map
10 linker. When using the GNU linker, you can also get the same effect with
11 @option{-Wl,-Map=output.map}.
12
13 +NOTE: In Ubuntu 8.10 and later versions, for LDFLAGS, the option
14 +@option{-Wl,-z,relro} is used. To disable, use @option{-Wl,-z,norelro}.
15 +
16 @item -u @var{symbol}
17 @opindex u
18 Pretend the symbol @var{symbol} is undefined, to force linking of
19 --- a/src/gcc/gcc.c
20 +++ b/src/gcc/gcc.c
21 @@ -1122,6 +1122,12 @@ proper position among the other output f
22 to understand them. In practice, this means it had better be collect2. */
23 /* %{e*} includes -export-dynamic; see comment in common.opt. */
24
25 +#if defined(ACCEL_COMPILER)
26 +# define RELRO_SPEC ""
27 +#else
28 +# define RELRO_SPEC "-z relro "
29 +#endif
30 +
31 #ifndef LINK_COMMAND_SPEC
32 #define LINK_COMMAND_SPEC "\
33 %{!fsyntax-only:%{!c:%{!M:%{!MM:%{!E:%{!S:\
34 @@ -1131,6 +1137,7 @@ proper position among the other output f
35 %{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC \
36 "%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \
37 CF_PROTECTION_SPEC \
38 + RELRO_SPEC \
39 "%X %{o*} %{e*} %{N} %{n} %{r}\
40 %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!r:%{!nostartfiles:%S}}} \
41 %{static|no-pie|static-pie:} %@{L*} %(mfwrap) %(link_libgcc) " \
+0
-48
debian/patches/gcc-distro-specs-doc.diff less more
0 # DP: Document distro specific compiler flags turned on by default
1
2 --- a/src/gcc/doc/invoke.texi
3 +++ b/src/gcc/doc/invoke.texi
4 @@ -10993,6 +10993,11 @@ branch target registers within any basic
5 Optimize the prologue of variadic argument functions with respect to usage of
6 those arguments.
7
8 +NOTE: In Ubuntu 14.10 and later versions,
9 +@option{-fstack-protector-strong} is enabled by default for C,
10 +C++, ObjC, ObjC++, if none of @option{-fno-stack-protector},
11 +@option{-nostdlib}, nor @option{-ffreestanding} are found.
12 +
13 @item -fsection-anchors
14 @opindex fsection-anchors
15 Try to reduce the number of symbolic address calculations by using
16 @@ -11617,6 +11622,9 @@ value of a shared integer constant.
17 The minimum size of buffers (i.e.@: arrays) that receive stack smashing
18 protection when @option{-fstack-protection} is used.
19
20 +This default before Ubuntu 10.10 was "8". Currently it is "4", to increase
21 +the number of functions protected by the stack protector.
22 +
23 @item min-size-for-stack-sharing
24 The minimum size of variables taking part in stack slot sharing when not
25 optimizing.
26 @@ -12765,6 +12773,10 @@ which functions and calls should be skip
27 Currently the x86 GNU/Linux target provides an implementation based
28 on Intel Control-flow Enforcement Technology (CET).
29
30 +NOTE: In Ubuntu 19.10 and later versions, @option{-fcf-protection}
31 +is enabled by default for C, C++, ObjC, ObjC++, if none of
32 +@option{-fno-cf-protection} nor @option{-fcf-protection=*} are found.
33 +
34 @item -fstack-protector
35 @opindex fstack-protector
36 Emit extra code to check for buffer overflows, such as stack smashing
37 @@ -12847,6 +12859,10 @@ allocations. @option{-fstack-clash-prot
38 protection for static stack allocations if the target supports
39 @option{-fstack-check=specific}.
40
41 +NOTE: In Ubuntu 19.10 and later versions,
42 +@option{-fstack-clash-protection} is enabled by default for C,
43 +C++, ObjC, ObjC++, unless @option{-fno-stack-clash-protection} is found.
44 +
45 @item -fstack-limit-register=@var{reg}
46 @itemx -fstack-limit-symbol=@var{sym}
47 @itemx -fno-stack-limit
+71
-0
debian/patches/gcc-distro-specs-ubuntu-doc.diff less more
0 # DP: Document distro specific compiler flags turned on by default
1
2 --- a/src/gcc/doc/invoke.texi
3 +++ b/src/gcc/doc/invoke.texi
4 @@ -8322,6 +8322,12 @@ also turns on the following optimization
5 Please note the warning under @option{-fgcse} about
6 invoking @option{-O2} on programs that use computed gotos.
7
8 +NOTE: In Ubuntu 8.10 and later versions, @option{-D_FORTIFY_SOURCE=2} is
9 +set by default, and is activated when @option{-O} is set to 2 or higher.
10 +This enables additional compile-time and run-time checks for several libc
11 +functions. To disable, specify either @option{-U_FORTIFY_SOURCE} or
12 +@option{-D_FORTIFY_SOURCE=0}.
13 +
14 @item -O3
15 @opindex O3
16 Optimize yet more. @option{-O3} turns on all optimizations specified
17 @@ -10993,6 +10993,11 @@ branch target registers within any basic
18 Optimize the prologue of variadic argument functions with respect to usage of
19 those arguments.
20
21 +NOTE: In Ubuntu 14.10 and later versions,
22 +@option{-fstack-protector-strong} is enabled by default for C,
23 +C++, ObjC, ObjC++, if none of @option{-fno-stack-protector},
24 +@option{-nostdlib}, nor @option{-ffreestanding} are found.
25 +
26 @item -fsection-anchors
27 @opindex fsection-anchors
28 Try to reduce the number of symbolic address calculations by using
29 @@ -11617,6 +11622,9 @@ value of a shared integer constant.
30 The minimum size of buffers (i.e.@: arrays) that receive stack smashing
31 protection when @option{-fstack-protection} is used.
32
33 +This default before Ubuntu 10.10 was "8". Currently it is "4", to increase
34 +the number of functions protected by the stack protector.
35 +
36 @item min-size-for-stack-sharing
37 The minimum size of variables taking part in stack slot sharing when not
38 optimizing.
39 @@ -12765,6 +12773,10 @@ which functions and calls should be skip
40 Currently the x86 GNU/Linux target provides an implementation based
41 on Intel Control-flow Enforcement Technology (CET).
42
43 +NOTE: In Ubuntu 19.10 and later versions, @option{-fcf-protection}
44 +is enabled by default for C, C++, ObjC, ObjC++, if none of
45 +@option{-fno-cf-protection} nor @option{-fcf-protection=*} are found.
46 +
47 @item -fstack-protector
48 @opindex fstack-protector
49 Emit extra code to check for buffer overflows, such as stack smashing
50 @@ -12847,6 +12859,10 @@ allocations. @option{-fstack-clash-prot
51 protection for static stack allocations if the target supports
52 @option{-fstack-check=specific}.
53
54 +NOTE: In Ubuntu 19.10 and later versions,
55 +@option{-fstack-clash-protection} is enabled by default for C,
56 +C++, ObjC, ObjC++, unless @option{-fno-stack-clash-protection} is found.
57 +
58 @item -fstack-limit-register=@var{reg}
59 @itemx -fstack-limit-symbol=@var{sym}
60 @itemx -fno-stack-limit
61 @@ -13546,6 +13546,9 @@ For example, @option{-Wl,-Map,output.map
62 linker. When using the GNU linker, you can also get the same effect with
63 @option{-Wl,-Map=output.map}.
64
65 +NOTE: In Ubuntu 8.10 and later versions, for LDFLAGS, the option
66 +@option{-Wl,-z,relro} is used. To disable, use @option{-Wl,-z,norelro}.
67 +
68 @item -u @var{symbol}
69 @opindex u
70 Pretend the symbol @var{symbol} is undefined, to force linking of
+48
-8
debian/patches/gcc-distro-specs.diff less more
1313 #include "config.h"
1414 #include "system.h"
1515 #include "coretypes.h"
16 @@ -874,6 +879,69 @@ proper position among the other output f
16 @@ -874,6 +879,82 @@ proper position among the other output f
1717 #define LINK_GCC_C_SEQUENCE_SPEC "%G %{!nolibc:%L %G}"
1818 #endif
1919
7171 +# endif
7272 +#endif
7373 +
74 +#ifndef RELRO_SPEC
75 +# ifdef DIST_DEFAULT_RELRO
76 +# define RELRO_SPEC " -z relro "
77 +# else
78 +# define RELRO_SPEC ""
79 +# endif
80 +#endif
81 +
7482 +/* Don't enable any of those for the offload compilers,
7583 + unsupported. */
7684 +#if !defined(DISTRO_DEFAULT_SPEC) && !defined(ACCEL_COMPILER)
7987 +#else
8088 +# define DISTRO_DEFAULT_SPEC ""
8189 +#endif
90 +#if !defined(DISTRO_DEFAULT_LINK_SPEC) && !defined(ACCEL_COMPILER)
91 +# define DISTRO_DEFAULT_LINK_SPEC RELRO_SPEC
92 +#else
93 +# define DISTRO_DEFAULT_LINK_SPEC ""
94 +#endif
8295 +
8396 #ifndef LINK_SSP_SPEC
8497 #ifdef TARGET_LIBC_PROVIDES_SSP
8598 #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
86 @@ -1039,6 +1107,7 @@ proper position among the other output f
99 @@ -1039,6 +1120,7 @@ proper position among the other output f
87100 "%{flto|flto=*:%<fcompare-debug*} \
88101 %{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC \
89102 "%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \
90 + CF_PROTECTION_SPEC \
103 + DISTRO_DEFAULT_LINK_SPEC \
91104 "%X %{o*} %{e*} %{N} %{n} %{r}\
92105 %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!r:%{!nostartfiles:%S}}} \
93106 %{static|no-pie|static-pie:} %@{L*} %(mfwrap) %(link_libgcc) " \
94 @@ -1078,6 +1147,7 @@ static const char *cpp_spec = CPP_SPEC;
107 @@ -1078,6 +1160,7 @@ static const char *cpp_spec = CPP_SPEC;
95108 static const char *cc1_spec = CC1_SPEC;
96109 static const char *cc1plus_spec = CC1PLUS_SPEC;
97110 static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
99112 static const char *link_ssp_spec = LINK_SSP_SPEC;
100113 static const char *asm_spec = ASM_SPEC;
101114 static const char *asm_final_spec = ASM_FINAL_SPEC;
102 @@ -1135,7 +1205,7 @@ static const char *cpp_options =
115 @@ -1135,7 +1218,7 @@ static const char *cpp_options =
103116 "%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\
104117 %{f*} %{g*:%{%:debug-level-gt(0):%{g*}\
105118 %{!fno-working-directory:-fworking-directory}}} %{O*}\
108121
109122 /* This contains cpp options which are not passed when the preprocessor
110123 output will be used by another program. */
111 @@ -1318,9 +1388,9 @@ static const struct compiler default_com
124 @@ -1318,9 +1401,9 @@ static const struct compiler default_com
112125 %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \
113126 %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\
114127 cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \
120133 %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1},
121134 {"-",
122135 "%{!E:%e-E or -x required when input is from standard input}\
123 @@ -1334,18 +1404,18 @@ static const struct compiler default_com
136 @@ -1334,18 +1417,18 @@ static const struct compiler default_com
124137 %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \
125138 %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\
126139 cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \
142155 {".s", "@assembler", 0, 0, 0},
143156 {"@assembler",
144157 "%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0},
145 @@ -1576,6 +1646,7 @@ static struct spec_list static_specs[] =
158 @@ -1576,6 +1659,7 @@ static struct spec_list static_specs[] =
146159 INIT_STATIC_SPEC ("cc1_options", &cc1_options),
147160 INIT_STATIC_SPEC ("cc1plus", &cc1plus_spec),
148161 INIT_STATIC_SPEC ("link_gcc_c_sequence", &link_gcc_c_sequence_spec),
241254 - cc1objplus -fpreprocessed %i %(cc1_options) %2\
242255 + cc1objplus -fpreprocessed %i %(cc1_options) %(distro_defaults) %2\
243256 %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
257 --- a/src/gcc/c-family/c-cppbuiltin.c
258 +++ b/src/gcc/c-family/c-cppbuiltin.c
259 @@ -17,6 +17,11 @@ You should have received a copy of the G
260 along with GCC; see the file COPYING3. If not see
261 <http://www.gnu.org/licenses/>. */
262
263 +/* Inject some default compilation flags which are used as the default.
264 + Done by the packaging build system. Should that be done in the headers
265 + gcc/config/<arch>/*.h instead? */
266 +#include "distro-defaults.h"
267 +
268 #include "config.h"
269 #include "system.h"
270 #include "coretypes.h"
271 @@ -1385,6 +1390,12 @@ c_cpp_builtins (cpp_reader *pfile)
272 builtin_define_with_value ("__REGISTER_PREFIX__", REGISTER_PREFIX, 0);
273 builtin_define_with_value ("__USER_LABEL_PREFIX__", user_label_prefix, 0);
274
275 +#ifdef DIST_DEFAULT_FORTIFY_SOURCE
276 + /* Fortify Source enabled by default for optimization levels > 0 */
277 + if (optimize)
278 + builtin_define_with_int_value ("_FORTIFY_SOURCE", 2);
279 +#endif
280 +
281 /* Misc. */
282 if (flag_gnu89_inline)
283 cpp_define (pfile, "__GNUC_GNU_INLINE__");
+61
-0
debian/patches/pr95604.diff less more
0 # DP: Fix PR lto/95604, proposed patch
1
2 PR lto/95604
3 * lto-wrapper.c (merge_and_complain): Warn about different
4 values for -fcf-protection.
5 (append_compiler_options): Pass -fcf-protection option.
6 * lto-opts.c (lto_write_options): Pass -fcf-protection option.
7
8 --- a/src/gcc/lto-opts.c
9 +++ b/src/gcc/lto-opts.c
10 @@ -94,6 +94,21 @@ lto_write_options (void)
11 : "-fno-pie");
12 }
13
14 + if (!global_options_set.x_flag_cf_protection)
15 + {
16 + append_to_collect_gcc_options (
17 + &temporary_obstack, &first_p,
18 + global_options.x_flag_cf_protection == CF_NONE
19 + ? "-fcf-protection=none"
20 + : global_options.x_flag_cf_protection == CF_FULL
21 + ? "-fcf-protection=full"
22 + : global_options.x_flag_cf_protection == CF_BRANCH
23 + ? "-fcf-protection=branch"
24 + : global_options.x_flag_cf_protection == CF_RETURN
25 + ? "-fcf-protection=RETURN"
26 + : "");
27 + }
28 +
29 /* If debug info is enabled append -g. */
30 if (debug_info_level > DINFO_LEVEL_NONE)
31 append_to_collect_gcc_options (&temporary_obstack, &first_p, "-g");
32 --- a/src/gcc/lto-wrapper.c
33 +++ b/src/gcc/lto-wrapper.c
34 @@ -287,6 +287,18 @@
35 foption->orig_option_with_args_text);
36 break;
37
38 + case OPT_fcf_protection_:
39 + /* Append or check identical. */
40 + for (j = 0; j < *decoded_options_count; ++j)
41 + if ((*decoded_options)[j].opt_index == foption->opt_index)
42 + break;
43 + if (j == *decoded_options_count)
44 + append_option (decoded_options, decoded_options_count, foption);
45 + else if (strcmp ((*decoded_options)[j].arg, foption->arg))
46 + warning (input_location, "option %s with different values",
47 + foption->orig_option_with_args_text);
48 + break;
49 +
50 case OPT_O:
51 case OPT_Ofast:
52 case OPT_Og:
53 @@ -645,6 +677,7 @@
54 case OPT_fopenacc:
55 case OPT_fopenacc_dim_:
56 case OPT_foffload_abi_:
57 + case OPT_fcf_protection_:
58 case OPT_g:
59 case OPT_O:
60 case OPT_Ofast:
+6
-3
debian/rules.patch less more
7575 libgomp-no-werror \
7676 gdc-cross-build \
7777 pr94253 \
78 pr95604 \
7879
7980 ifneq (,$(filter $(distrelease),wheezy jessie stretch buster lucid precise trusty xenial bionic cosmic disco eoan))
8081 debian_patches += pr85678-revert
9697 ifneq (,$(filter $(derivative),Ubuntu))
9798 ifneq (,$(findstring gcc-10, $(PKGSOURCE)))
9899 hardening_patches += \
99 gcc-distro-specs-doc \
100 gcc-default-fortify-source \
101 gcc-default-relro \
100 gcc-distro-specs-ubuntu-doc \
102101 testsuite-hardening-format \
103102 testsuite-hardening-printf-types \
104103 testsuite-hardening-updates \
343342 >> $(srcdir)/gcc/distro-defaults.h
344343 endif
345344 ifneq (,$(filter $(derivative),Ubuntu))
345 echo '#define DIST_DEFAULT_FORTIFY_SOURCE 1' \
346 >> $(srcdir)/gcc/distro-defaults.h
347 echo '#define DIST_DEFAULT_RELRO 1' \
348 >> $(srcdir)/gcc/distro-defaults.h
346349 ifneq (,$(findstring gcc-10, $(PKGSOURCE)))
347350 # FIXME: this is directly patched
348351 # echo '#define DIST_DEFAULT_FORTIFY_SOURCE 1' \