# DP: Add empty distro and hardening specs

--- a/src/gcc/gcc.cc
+++ b/src/gcc/gcc.cc
@@ -27,6 +27,11 @@ CC recognizes how to compile each input
 Once it knows which kind of compilation to perform, the procedure for
 compilation is specified by a string called a "spec".  */
 
+/* Inject some default compilation flags which are used as the default.
+   Done by the packaging build system.  Should that be done in the headers
+   gcc/config/<arch>/*.h instead?  */
+#include "distro-defaults.h"
+
 #define INCLUDE_STRING
 #include "config.h"
 #include "system.h"
@@ -971,6 +976,90 @@ proper position among the other output f
 #define LINK_GCC_C_SEQUENCE_SPEC "%G %{!nolibc:%L %G}"
 #endif
 
+/* Generate full unwind information covering all program points.
+   Only needed for some architectures.  */
+#ifndef ASYNC_UNWIND_SPEC
+# ifdef DIST_DEFAULT_ASYNC_UNWIND
+#  define ASYNC_UNWIND_SPEC "%{!fno-asynchronous-unwind-tables:-fasynchronous-unwind-tables}"
+# else
+#  define ASYNC_UNWIND_SPEC ""
+# endif
+#endif
+
+/* Turn on stack protector.
+ */
+#ifndef SSP_DEFAULT_SPEC
+# ifdef DIST_DEFAULT_SSP
+#   ifdef DIST_DEFAULT_SSP_STRONG
+#    define SSP_DEFAULT_SPEC " %{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:%{!fstack-protector:-fstack-protector-strong}}}}}"
+#   else
+#    define SSP_DEFAULT_SPEC " %{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:-fstack-protector}}}}"
+#   endif
+# else
+#  define SSP_DEFAULT_SPEC ""
+# endif
+#endif
+
+/* Turn on -Wformat -Wformat-security by  default for C, C++,
+   ObjC, ObjC++.  */
+#ifndef FORMAT_SECURITY_SPEC
+# ifdef DIST_DEFAULT_FORMAT_SECURITY
+#  define FORMAT_SECURITY_SPEC " %{!Wformat:%{!Wformat=2:%{!Wformat=0:%{!Wall:-Wformat} %{!Wno-format-security:-Wformat-security}}}}"
+# else
+#  define FORMAT_SECURITY_SPEC ""
+# endif
+#endif
+
+/* Enable -fstack-clash-protection by default. Only available
+   on some targets.  */
+#ifndef STACK_CLASH_SPEC
+# ifdef DIST_DEFAULT_STACK_CLASH
+#  define STACK_CLASH_SPEC " %{!fno-stack-clash-protection:-fstack-clash-protection}"
+# else
+#  define STACK_CLASH_SPEC ""
+# endif
+#endif
+
+/* Enable code instrumentation of control-flow transfers.
+   Available on x86 and x86_64.  */
+#ifndef CF_PROTECTION_SPEC
+# ifdef DIST_DEFAULT_CF_PROTECTION
+#  define CF_PROTECTION_SPEC " %{!m16:%{!m32:%{!fcf-protection*:%{!fno-cf-protection:-fcf-protection}}}}"
+# else
+#  define CF_PROTECTION_SPEC ""
+# endif
+#endif
+
+#ifndef BIND_NOW_SPEC
+# if defined(DIST_DEFAULT_BIND_NOW) && !defined(ACCEL_COMPILER)
+#  define BIND_NOW_SPEC " -z now"
+# else
+#  define BIND_NOW_SPEC ""
+# endif
+#endif
+
+#ifndef RELRO_SPEC
+# ifdef DIST_DEFAULT_RELRO
+#  define RELRO_SPEC " -z relro "
+# else
+#  define RELRO_SPEC ""
+# endif
+#endif
+
+/* Don't enable any of those for the offload compilers,
+   unsupported.  */
+#if !defined(DISTRO_DEFAULT_SPEC) && !defined(ACCEL_COMPILER)
+# define DISTRO_DEFAULT_SPEC ASYNC_UNWIND_SPEC SSP_DEFAULT_SPEC \
+		FORMAT_SECURITY_SPEC STACK_CLASH_SPEC CF_PROTECTION_SPEC
+#else
+# define DISTRO_DEFAULT_SPEC ""
+#endif
+#if !defined(DISTRO_DEFAULT_LINK_SPEC) && !defined(ACCEL_COMPILER)
+# define DISTRO_DEFAULT_LINK_SPEC RELRO_SPEC
+#else
+# define DISTRO_DEFAULT_LINK_SPEC ""
+#endif
+
 #ifndef LINK_SSP_SPEC
 #ifdef TARGET_LIBC_PROVIDES_SSP
 #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
@@ -1027,7 +1116,7 @@ proper position among the other output f
 #ifndef LINK_PIE_SPEC
 #ifdef HAVE_LD_PIE
 #ifndef LD_PIE_SPEC
-#define LD_PIE_SPEC "-pie"
+#define LD_PIE_SPEC "-pie" BIND_NOW_SPEC
 #endif
 #else
 #define LD_PIE_SPEC ""
@@ -1144,6 +1233,7 @@ proper position among the other output f
    "%{flto|flto=*:%<fcompare-debug*} \
     %{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC \
    "%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \
+    DISTRO_DEFAULT_LINK_SPEC \
    "%X %{o*} %{e*} %{N} %{n} %{r}\
     %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!r:%{!nostartfiles:%S}}} \
     %{static|no-pie|static-pie:} %@{L*} %(mfwrap) %(link_libgcc) " \
@@ -1184,6 +1274,7 @@ static const char *cpp_spec = CPP_SPEC;
 static const char *cc1_spec = CC1_SPEC OS_CC1_SPEC;
 static const char *cc1plus_spec = CC1PLUS_SPEC;
 static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
+static const char *distro_default_spec = DISTRO_DEFAULT_SPEC;
 static const char *link_ssp_spec = LINK_SSP_SPEC;
 static const char *asm_spec = ASM_SPEC;
 static const char *asm_final_spec = ASM_FINAL_SPEC;
@@ -1242,7 +1333,7 @@ static const char *cpp_options =
 "%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\
  %{f*} %{g*:%{%:debug-level-gt(0):%{g*}\
  %{!fno-working-directory:-fworking-directory}}} %{O*}\
- %{undef} %{save-temps*:-fpch-preprocess}";
+ %{undef} %{save-temps*:-fpch-preprocess} %(distro_defaults)";
 
 /* Pass -d* flags, possibly modifying -dumpdir, -dumpbase et al.
 
@@ -1436,9 +1527,9 @@ static const struct compiler default_com
       %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \
 	  %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\
 	    cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \
-	  %(cc1_options)}\
+	  %(cc1_options)%(distro_defaults)}\
       %{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\
-	  cc1 %(cpp_unique_options) %(cc1_options)}}}\
+	  cc1 %(cpp_unique_options) %(cc1_options) %(distro_defaults)}}}\
       %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1},
   {"-",
    "%{!E:%e-E or -x required when input is from standard input}\
@@ -1452,18 +1543,18 @@ static const struct compiler default_com
 	  %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \
 		%(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\
 		    cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \
-			%(cc1_options)\
+			%(cc1_options) %(distro_defaults)\
 			%{!fsyntax-only:%{!S:-o %g.s} \
 			    %{!fdump-ada-spec*:%{!o*:--output-pch %i.gch}\
 					       %W{o*:--output-pch %*}}%V}}\
 	  %{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\
-		cc1 %(cpp_unique_options) %(cc1_options)\
+		cc1 %(cpp_unique_options) %(cc1_options) %(distro_defaults)\
 		    %{!fsyntax-only:%{!S:-o %g.s} \
 		        %{!fdump-ada-spec*:%{!o*:--output-pch %i.gch}\
 					   %W{o*:--output-pch %*}}%V}}}}}}}", 0, 0, 0},
   {".i", "@cpp-output", 0, 0, 0},
   {"@cpp-output",
-   "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+   "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %(distro_defaults) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
   {".s", "@assembler", 0, 0, 0},
   {"@assembler",
    "%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0},
@@ -1695,6 +1786,7 @@ static struct spec_list static_specs[] =
   INIT_STATIC_SPEC ("cc1_options",		&cc1_options),
   INIT_STATIC_SPEC ("cc1plus",			&cc1plus_spec),
   INIT_STATIC_SPEC ("link_gcc_c_sequence",	&link_gcc_c_sequence_spec),
+  INIT_STATIC_SPEC ("distro_defaults",		&distro_default_spec),
   INIT_STATIC_SPEC ("link_ssp",			&link_ssp_spec),
   INIT_STATIC_SPEC ("endfile",			&endfile_spec),
   INIT_STATIC_SPEC ("link",			&link_spec),
--- a/src/gcc/cp/lang-specs.h
+++ b/src/gcc/cp/lang-specs.h
@@ -51,7 +51,7 @@ along with GCC; see the file COPYING3.
       " 	   %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}"
       "  %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}"
       "  %{fmodules-ts:-fmodule-header %{fpreprocessed:-fdirectives-only}}"
-      "  %(cc1_options) %2"
+      "  %(cc1_options) %(distro_defaults) %2"
       "  %{!fsyntax-only:"
       "    %{!S:-o %g.s%V}"
       "    %{!fmodule-*:%{!fmodules-*:%{!fdump-ada-spec*:"
@@ -72,7 +72,7 @@ along with GCC; see the file COPYING3.
       "  %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}"
       "  %{fmodules-ts:-fmodule-header=system"
       "    %{fpreprocessed:-fdirectives-only}}"
-      "  %(cc1_options) %2"
+      "	 %(cc1_options) %(distro_defaults) %2"
       "  %{!fsyntax-only:"
       "    %{!S:-o %g.s%V}"
       "    %{!fmodule-*:%{!fmodules-*:%{!fdump-ada-spec*:"
@@ -92,7 +92,7 @@ along with GCC; see the file COPYING3.
       " 	   %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}"
       "  %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}"
       "  %{fmodules-ts:-fmodule-header=user %{fpreprocessed:-fdirectives-only}}"
-      "  %(cc1_options) %2"
+      "  %(cc1_options) %(distro_defaults) %2"
       "  %{!fsyntax-only:"
       "    %{!S:-o %g.s%V}"
       "    %{!fmodule-*:%{!fmodules-*:%{!fdump-ada-spec*:"
@@ -107,7 +107,7 @@ along with GCC; see the file COPYING3.
       "  cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed"
       " 	   %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}"
       "  %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}"
-      "  %(cc1_options) %2"
+      "  %(cc1_options) %(distro_defaults) %2"
       "  %{!fsyntax-only:"
       "    %{fmodule-only:%{!S:-o %g.s%V}}"
       "    %{!fmodule-only:%(invoke_as)}}"
@@ -116,7 +116,7 @@ along with GCC; see the file COPYING3.
   {".ii", "@c++-cpp-output", 0, 0, 0},
   {"@c++-cpp-output",
       "%{!E:%{!M:%{!MM:"
-      "  cc1plus -fpreprocessed %i %(cc1_options) %2"
+      "  cc1plus -fpreprocessed %i %(cc1_options) %(distro_defaults) %2"
       "  %{!fsyntax-only:"
       "    %{fmodule-only:%{!S:-o %g.s%V}}"
       "    %{!fmodule-only:%{!fmodule-header*:%(invoke_as)}}}"
--- a/src/gcc/objc/lang-specs.h
+++ b/src/gcc/objc/lang-specs.h
@@ -29,9 +29,9 @@ along with GCC; see the file COPYING3.
 	%{traditional|traditional-cpp:\
 %eGNU Objective C no longer supports traditional compilation}\
 	%{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
-	    cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}\
+	    cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %(distro_defaults) %{print-objc-runtime-info} %{gen-decls}}\
 	%{!save-temps*:%{!no-integrated-cpp:\
-	    cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}}\
+	    cc1obj %(cpp_unique_options) %(cc1_options) %(distro_defaults) %{print-objc-runtime-info} %{gen-decls}}}\
         %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
   {"@objective-c-header",
      "%{E|M|MM:cc1obj -E %{traditional|traditional-cpp:-traditional-cpp}\
@@ -40,7 +40,7 @@ along with GCC; see the file COPYING3.
 	%{traditional|traditional-cpp:\
 %eGNU Objective C no longer supports traditional compilation}\
 	%{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
-	    cc1obj -fpreprocessed %b.mi %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
+	    cc1obj -fpreprocessed %b.mi %(cc1_options) %(distro_defaults) %{print-objc-runtime-info} %{gen-decls}\
                         -o %g.s %{!o*:--output-pch %i.gch}\
                         %W{o*:--output-pch %*}%V}\
 	%{!save-temps*:%{!no-integrated-cpp:\
@@ -49,9 +49,9 @@ along with GCC; see the file COPYING3.
                         %W{o*:--output-pch %*}%V}}}}}", 0, 0, 0},
   {".mi", "@objective-c-cpp-output", 0, 0, 0},
   {"@objective-c-cpp-output",
-     "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
+     "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(distro_defaults) %{print-objc-runtime-info} %{gen-decls}\
 			     %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
   {"@objc-cpp-output",
       "%nobjc-cpp-output is deprecated; please use objective-c-cpp-output instead\n\
-       %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
+       %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(distro_defaults) %{print-objc-runtime-info} %{gen-decls}\
 			     %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
--- a/src/gcc/objcp/lang-specs.h
+++ b/src/gcc/objcp/lang-specs.h
@@ -36,7 +36,7 @@ along with GCC; see the file COPYING3.
 		%(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
       cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
 	      %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
-	%(cc1_options) %2\
+	%(cc1_options) %(distro_defaults) %2\
         -o %g.s %{!o*:--output-pch %i.gch} %W{o*:--output-pch %*}%V}}}",
      CPLUSPLUS_CPP_SPEC, 0, 0},
   {"@objective-c++",
@@ -46,16 +46,16 @@ along with GCC; see the file COPYING3.
 		%(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
       cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
 	      %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
-	%(cc1_options) %2\
+	%(cc1_options) %(distro_defaults) %2\
        %{!fsyntax-only:%(invoke_as)}}}}",
      CPLUSPLUS_CPP_SPEC, 0, 0},
   {".mii", "@objective-c++-cpp-output", 0, 0, 0},
   {"@objective-c++-cpp-output",
    "%{!M:%{!MM:%{!E:\
-    cc1objplus -fpreprocessed %i %(cc1_options) %2\
+    cc1objplus -fpreprocessed %i %(cc1_options) %(distro_defaults) %2\
     %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
   {"@objc++-cpp-output",
    "%nobjc++-cpp-output is deprecated; please use objective-c++-cpp-output instead\n\
     %{!M:%{!MM:%{!E:\
-    cc1objplus -fpreprocessed %i %(cc1_options) %2\
+    cc1objplus -fpreprocessed %i %(cc1_options) %(distro_defaults) %2\
     %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
--- a/src/gcc/c-family/c-cppbuiltin.cc
+++ b/src/gcc/c-family/c-cppbuiltin.cc
@@ -34,6 +34,11 @@ along with GCC; see the file COPYING3.
 #include "cppbuiltin.h"
 #include "configargs.h"
 
+/* Inject some default compilation flags which are used as the default.
+   Done by the packaging build system.  Should that be done in the headers
+   in gcc/config/<arch>/ instead?  */
+#include "distro-defaults.h"
+
 #ifndef TARGET_OS_CPP_BUILTINS
 # define TARGET_OS_CPP_BUILTINS()
 #endif
@@ -1546,6 +1551,12 @@ c_cpp_builtins (cpp_reader *pfile)
   builtin_define_with_value ("__REGISTER_PREFIX__", REGISTER_PREFIX, 0);
   builtin_define_with_value ("__USER_LABEL_PREFIX__", user_label_prefix, 0);
 
+#ifdef DIST_DEFAULT_FORTIFY_SOURCE
+  /* Fortify Source enabled by default for optimization levels > 0 */
+  if (optimize)
+    builtin_define_with_int_value ("_FORTIFY_SOURCE", DIST_DEFAULT_FORTIFY_SOURCE);
+#endif
+
   /* Misc.  */
   if (flag_gnu89_inline)
     cpp_define (pfile, "__GNUC_GNU_INLINE__");