summaryrefslogtreecommitdiffstats
path: root/debian/patches/gcc-distro-specs.diff
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/gcc-distro-specs.diff')
-rw-r--r--debian/patches/gcc-distro-specs.diff326
1 files changed, 326 insertions, 0 deletions
diff --git a/debian/patches/gcc-distro-specs.diff b/debian/patches/gcc-distro-specs.diff
new file mode 100644
index 0000000..098d181
--- /dev/null
+++ b/debian/patches/gcc-distro-specs.diff
@@ -0,0 +1,326 @@
+# DP: Add empty distro and hardening specs
+
+--- a/src/gcc/gcc.cc
++++ b/src/gcc/gcc.cc
+@@ -27,6 +27,11 @@ CC recognizes how to compile each input
+ Once it knows which kind of compilation to perform, the procedure for
+ compilation is specified by a string called a "spec". */
+
++/* Inject some default compilation flags which are used as the default.
++ Done by the packaging build system. Should that be done in the headers
++ gcc/config/<arch>/*.h instead? */
++#include "distro-defaults.h"
++
+ #define INCLUDE_STRING
+ #include "config.h"
+ #include "system.h"
+@@ -984,6 +989,90 @@ proper position among the other output f
+ #define LINK_GCC_C_SEQUENCE_SPEC "%G %{!nolibc:%L %G}"
+ #endif
+
++/* Generate full unwind information covering all program points.
++ Only needed for some architectures. */
++#ifndef ASYNC_UNWIND_SPEC
++# ifdef DIST_DEFAULT_ASYNC_UNWIND
++# define ASYNC_UNWIND_SPEC "%{!fno-asynchronous-unwind-tables:-fasynchronous-unwind-tables}"
++# else
++# define ASYNC_UNWIND_SPEC ""
++# endif
++#endif
++
++/* Turn on stack protector.
++ */
++#ifndef SSP_DEFAULT_SPEC
++# ifdef DIST_DEFAULT_SSP
++# ifdef DIST_DEFAULT_SSP_STRONG
++# define SSP_DEFAULT_SPEC " %{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:%{!fstack-protector:-fstack-protector-strong}}}}}"
++# else
++# define SSP_DEFAULT_SPEC " %{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:-fstack-protector}}}}"
++# endif
++# else
++# define SSP_DEFAULT_SPEC ""
++# endif
++#endif
++
++/* Turn on -Wformat -Wformat-security by default for C, C++,
++ ObjC, ObjC++. */
++#ifndef FORMAT_SECURITY_SPEC
++# ifdef DIST_DEFAULT_FORMAT_SECURITY
++# define FORMAT_SECURITY_SPEC " %{!Wformat:%{!Wformat=2:%{!Wformat=0:%{!Wall:-Wformat} %{!Wno-format-security:-Wformat-security}}}}"
++# else
++# define FORMAT_SECURITY_SPEC ""
++# endif
++#endif
++
++/* Enable -fstack-clash-protection by default. Only available
++ on some targets. */
++#ifndef STACK_CLASH_SPEC
++# ifdef DIST_DEFAULT_STACK_CLASH
++# define STACK_CLASH_SPEC " %{!fno-stack-clash-protection:-fstack-clash-protection}"
++# else
++# define STACK_CLASH_SPEC ""
++# endif
++#endif
++
++/* Enable code instrumentation of control-flow transfers.
++ Available on x86 and x86_64. */
++#ifndef CF_PROTECTION_SPEC
++# ifdef DIST_DEFAULT_CF_PROTECTION
++# define CF_PROTECTION_SPEC " %{!m16:%{!m32:%{!fcf-protection*:%{!fno-cf-protection:-fcf-protection}}}}"
++# else
++# define CF_PROTECTION_SPEC ""
++# endif
++#endif
++
++#ifndef BIND_NOW_SPEC
++# if defined(DIST_DEFAULT_BIND_NOW) && !defined(ACCEL_COMPILER)
++# define BIND_NOW_SPEC " -z now"
++# else
++# define BIND_NOW_SPEC ""
++# endif
++#endif
++
++#ifndef RELRO_SPEC
++# ifdef DIST_DEFAULT_RELRO
++# define RELRO_SPEC " -z relro "
++# else
++# define RELRO_SPEC ""
++# endif
++#endif
++
++/* Don't enable any of those for the offload compilers,
++ unsupported. */
++#if !defined(DISTRO_DEFAULT_SPEC) && !defined(ACCEL_COMPILER)
++# define DISTRO_DEFAULT_SPEC ASYNC_UNWIND_SPEC SSP_DEFAULT_SPEC \
++ FORMAT_SECURITY_SPEC STACK_CLASH_SPEC CF_PROTECTION_SPEC
++#else
++# define DISTRO_DEFAULT_SPEC ""
++#endif
++#if !defined(DISTRO_DEFAULT_LINK_SPEC) && !defined(ACCEL_COMPILER)
++# define DISTRO_DEFAULT_LINK_SPEC RELRO_SPEC
++#else
++# define DISTRO_DEFAULT_LINK_SPEC ""
++#endif
++
+ #ifndef LINK_SSP_SPEC
+ #ifdef TARGET_LIBC_PROVIDES_SSP
+ #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
+@@ -1040,7 +1129,7 @@ proper position among the other output f
+ #ifndef LINK_PIE_SPEC
+ #ifdef HAVE_LD_PIE
+ #ifndef LD_PIE_SPEC
+-#define LD_PIE_SPEC "-pie"
++#define LD_PIE_SPEC "-pie" BIND_NOW_SPEC
+ #endif
+ #else
+ #define LD_PIE_SPEC ""
+@@ -1157,6 +1246,7 @@ proper position among the other output f
+ "%{flto|flto=*:%<fcompare-debug*} \
+ %{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC \
+ "%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \
++ DISTRO_DEFAULT_LINK_SPEC \
+ "%X %{o*} %{e*} %{N} %{n} %{r}\
+ %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!r:%{!nostartfiles:%S}}} \
+ %{static|no-pie|static-pie:} %@{L*} %(link_libgcc) " \
+@@ -1201,6 +1291,7 @@ static const char *cpp_spec = CPP_SPEC;
+ static const char *cc1_spec = CC1_SPEC OS_CC1_SPEC;
+ static const char *cc1plus_spec = CC1PLUS_SPEC;
+ static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
++static const char *distro_default_spec = DISTRO_DEFAULT_SPEC;
+ static const char *link_ssp_spec = LINK_SSP_SPEC;
+ static const char *asm_spec = ASM_SPEC;
+ static const char *asm_final_spec = ASM_FINAL_SPEC;
+@@ -1261,7 +1352,7 @@ static const char *cpp_options =
+ "%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\
+ %{f*} %{g*:%{%:debug-level-gt(0):%{g*}\
+ %{!fno-working-directory:-fworking-directory}}} %{O*}\
+- %{undef} %{save-temps*:-fpch-preprocess}";
++ %{undef} %{save-temps*:-fpch-preprocess} %(distro_defaults)";
+
+ /* Pass -d* flags, possibly modifying -dumpdir, -dumpbase et al.
+
+@@ -1455,9 +1546,9 @@ static const struct compiler default_com
+ %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \
+ %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\
+ cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \
+- %(cc1_options)}\
++ %(cc1_options)%(distro_defaults)}\
+ %{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\
+- cc1 %(cpp_unique_options) %(cc1_options)}}}\
++ cc1 %(cpp_unique_options) %(cc1_options) %(distro_defaults)}}}\
+ %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1},
+ {"-",
+ "%{!E:%e-E or -x required when input is from standard input}\
+@@ -1471,18 +1562,18 @@ static const struct compiler default_com
+ %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \
+ %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\
+ cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \
+- %(cc1_options)\
++ %(cc1_options) %(distro_defaults)\
+ %{!fsyntax-only:%{!S:-o %g.s} \
+ %{!fdump-ada-spec*:%{!o*:--output-pch %w%i.gch}\
+ %W{o*:--output-pch %w%*}}%{!S:%V}}}\
+ %{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\
+- cc1 %(cpp_unique_options) %(cc1_options)\
++ cc1 %(cpp_unique_options) %(cc1_options) %(distro_defaults)\
+ %{!fsyntax-only:%{!S:-o %g.s} \
+ %{!fdump-ada-spec*:%{!o*:--output-pch %w%i.gch}\
+ %W{o*:--output-pch %w%*}}%{!S:%V}}}}}}}}", 0, 0, 0},
+ {".i", "@cpp-output", 0, 0, 0},
+ {"@cpp-output",
+- "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
++ "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %(distro_defaults) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+ {".s", "@assembler", 0, 0, 0},
+ {"@assembler",
+ "%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0},
+@@ -1714,6 +1805,7 @@ static struct spec_list static_specs[] =
+ INIT_STATIC_SPEC ("cc1_options", &cc1_options),
+ INIT_STATIC_SPEC ("cc1plus", &cc1plus_spec),
+ INIT_STATIC_SPEC ("link_gcc_c_sequence", &link_gcc_c_sequence_spec),
++ INIT_STATIC_SPEC ("distro_defaults", &distro_default_spec),
+ INIT_STATIC_SPEC ("link_ssp", &link_ssp_spec),
+ INIT_STATIC_SPEC ("endfile", &endfile_spec),
+ INIT_STATIC_SPEC ("link", &link_spec),
+--- a/src/gcc/cp/lang-specs.h
++++ b/src/gcc/cp/lang-specs.h
+@@ -51,7 +51,7 @@ along with GCC; see the file COPYING3.
+ " %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}"
+ " %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}"
+ " %{fmodules-ts:-fmodule-header %{fpreprocessed:-fdirectives-only}}"
+- " %(cc1_options) %2"
++ " %(cc1_options) %(distro_defaults) %2"
+ " %{!fsyntax-only:"
+ " %{!S:-o %g.s}"
+ " %{!fmodule-*:%{!fmodules-*:%{!fdump-ada-spec*:"
+@@ -72,7 +72,7 @@ along with GCC; see the file COPYING3.
+ " %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}"
+ " %{fmodules-ts:-fmodule-header=system"
+ " %{fpreprocessed:-fdirectives-only}}"
+- " %(cc1_options) %2"
++ " %(cc1_options) %(distro_defaults) %2"
+ " %{!fsyntax-only:"
+ " %{!S:-o %g.s}"
+ " %{!fmodule-*:%{!fmodules-*:%{!fdump-ada-spec*:"
+@@ -92,7 +92,7 @@ along with GCC; see the file COPYING3.
+ " %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}"
+ " %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}"
+ " %{fmodules-ts:-fmodule-header=user %{fpreprocessed:-fdirectives-only}}"
+- " %(cc1_options) %2"
++ " %(cc1_options) %(distro_defaults) %2"
+ " %{!fsyntax-only:"
+ " %{!S:-o %g.s}"
+ " %{!fmodule-*:%{!fmodules-*:%{!fdump-ada-spec*:"
+@@ -107,7 +107,7 @@ along with GCC; see the file COPYING3.
+ " cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed"
+ " %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}"
+ " %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}"
+- " %(cc1_options) %2"
++ " %(cc1_options) %(distro_defaults) %2"
+ " %{!fsyntax-only:"
+ " %{fmodule-only:%{!S:-o %g.s%V}}"
+ " %{!fmodule-only:%(invoke_as)}}"
+@@ -116,7 +116,7 @@ along with GCC; see the file COPYING3.
+ {".ii", "@c++-cpp-output", 0, 0, 0},
+ {"@c++-cpp-output",
+ "%{!E:%{!M:%{!MM:"
+- " cc1plus -fpreprocessed %i %(cc1_options) %2"
++ " cc1plus -fpreprocessed %i %(cc1_options) %(distro_defaults) %2"
+ " %{!fsyntax-only:"
+ " %{fmodule-only:%{!S:-o %g.s%V}}"
+ " %{!fmodule-only:%{!fmodule-header*:%(invoke_as)}}}"
+--- a/src/gcc/objc/lang-specs.h
++++ b/src/gcc/objc/lang-specs.h
+@@ -29,9 +29,9 @@ along with GCC; see the file COPYING3.
+ %{traditional|traditional-cpp:\
+ %eGNU Objective C no longer supports traditional compilation}\
+ %{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
+- cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}\
++ cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %(distro_defaults) %{print-objc-runtime-info} %{gen-decls}}\
+ %{!save-temps*:%{!no-integrated-cpp:\
+- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}}\
++ cc1obj %(cpp_unique_options) %(cc1_options) %(distro_defaults) %{print-objc-runtime-info} %{gen-decls}}}\
+ %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+ {"@objective-c-header",
+ "%{E|M|MM:cc1obj -E %{traditional|traditional-cpp:-traditional-cpp}\
+@@ -40,7 +40,7 @@ along with GCC; see the file COPYING3.
+ %{traditional|traditional-cpp:\
+ %eGNU Objective C no longer supports traditional compilation}\
+ %{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
+- cc1obj -fpreprocessed %b.mi %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
++ cc1obj -fpreprocessed %b.mi %(cc1_options) %(distro_defaults) %{print-objc-runtime-info} %{gen-decls}\
+ -o %g.s %{!o*:--output-pch %i.gch}\
+ %W{o*:--output-pch %*}%V}\
+ %{!save-temps*:%{!no-integrated-cpp:\
+@@ -49,9 +49,9 @@ along with GCC; see the file COPYING3.
+ %W{o*:--output-pch %*}%V}}}}}", 0, 0, 0},
+ {".mi", "@objective-c-cpp-output", 0, 0, 0},
+ {"@objective-c-cpp-output",
+- "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
++ "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(distro_defaults) %{print-objc-runtime-info} %{gen-decls}\
+ %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+ {"@objc-cpp-output",
+ "%nobjc-cpp-output is deprecated; please use objective-c-cpp-output instead\n\
+- %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
++ %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(distro_defaults) %{print-objc-runtime-info} %{gen-decls}\
+ %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+--- a/src/gcc/objcp/lang-specs.h
++++ b/src/gcc/objcp/lang-specs.h
+@@ -36,7 +36,7 @@ along with GCC; see the file COPYING3.
+ %(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
+ cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
+ %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
+- %(cc1_options) %2\
++ %(cc1_options) %(distro_defaults) %2\
+ -o %g.s %{!o*:--output-pch %i.gch} %W{o*:--output-pch %*}%V}}}",
+ CPLUSPLUS_CPP_SPEC, 0, 0},
+ {"@objective-c++",
+@@ -46,16 +46,16 @@ along with GCC; see the file COPYING3.
+ %(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
+ cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
+ %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
+- %(cc1_options) %2\
++ %(cc1_options) %(distro_defaults) %2\
+ %{!fsyntax-only:%(invoke_as)}}}}",
+ CPLUSPLUS_CPP_SPEC, 0, 0},
+ {".mii", "@objective-c++-cpp-output", 0, 0, 0},
+ {"@objective-c++-cpp-output",
+ "%{!M:%{!MM:%{!E:\
+- cc1objplus -fpreprocessed %i %(cc1_options) %2\
++ cc1objplus -fpreprocessed %i %(cc1_options) %(distro_defaults) %2\
+ %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+ {"@objc++-cpp-output",
+ "%nobjc++-cpp-output is deprecated; please use objective-c++-cpp-output instead\n\
+ %{!M:%{!MM:%{!E:\
+- cc1objplus -fpreprocessed %i %(cc1_options) %2\
++ cc1objplus -fpreprocessed %i %(cc1_options) %(distro_defaults) %2\
+ %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+--- a/src/gcc/c-family/c-cppbuiltin.cc
++++ b/src/gcc/c-family/c-cppbuiltin.cc
+@@ -34,6 +34,11 @@ along with GCC; see the file COPYING3.
+ #include "cppbuiltin.h"
+ #include "configargs.h"
+
++/* Inject some default compilation flags which are used as the default.
++ Done by the packaging build system. Should that be done in the headers
++ in gcc/config/<arch>/ instead? */
++#include "distro-defaults.h"
++
+ #ifndef TARGET_OS_CPP_BUILTINS
+ # define TARGET_OS_CPP_BUILTINS()
+ #endif
+@@ -1578,6 +1583,15 @@ c_cpp_builtins (cpp_reader *pfile)
+ builtin_define_with_value ("__REGISTER_PREFIX__", REGISTER_PREFIX, 0);
+ builtin_define_with_value ("__USER_LABEL_PREFIX__", user_label_prefix, 0);
+
++#ifdef DIST_DEFAULT_FORTIFY_SOURCE
++ /* Fortify Source enabled by default for optimization levels > 0 */
++ if (optimize &&
++ !cpp_defined(parse_in,
++ (const unsigned char *) "_FORTIFY_SOURCE",
++ strlen("_FORTIFY_SOURCE")))
++ builtin_define_with_int_value ("_FORTIFY_SOURCE", DIST_DEFAULT_FORTIFY_SOURCE);
++#endif
++
+ /* Misc. */
+ if (flag_gnu89_inline)
+ cpp_define (pfile, "__GNUC_GNU_INLINE__");
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-23 03:35:54 +0000