commit: d67ec824d290c0e678b1d7d71ba47e24e2d892ca Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Mon May 30 06:41:16 2022 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu Jun 2 07:15:27 2022 +0000 URL: https://gitweb.gentoo.org/proj/gcc-patches.git/commit/?id=d67ec824
12.1.0: update CET patch Bug: https://bugs.gentoo.org/822036 Signed-off-by: Sam James <sam <AT> gentoo.org> 12.1.0/gentoo/26_all_enable-cet.patch | 225 ++++++++++++++++++++++++++++------ 12.1.0/gentoo/README.history | 4 + 2 files changed, 191 insertions(+), 38 deletions(-) diff --git a/12.1.0/gentoo/26_all_enable-cet.patch b/12.1.0/gentoo/26_all_enable-cet.patch index 5df5bb1..1d0c04f 100644 --- a/12.1.0/gentoo/26_all_enable-cet.patch +++ b/12.1.0/gentoo/26_all_enable-cet.patch @@ -1,6 +1,7 @@ -From 83efc6ce009021f27b602c1dfcf65338f761b095 Mon Sep 17 00:00:00 2001 +https://bugs.gentoo.org/822036 +https://salsa.debian.org/toolchain-team/gcc/-/blob/master/debian/patches/gcc-distro-specs.diff + From: Sam James <s...@gentoo.org> -Date: Tue, 28 Dec 2021 03:42:53 +0000 Subject: [PATCH] Enable CET (-fcf-protection=full) by default Needs: @@ -8,32 +9,57 @@ Needs: - -DEXTRA_OPTIONS_CF to be passed during build (via toolchain.eclass). Only supported on amd64. - ---- - gcc/config/i386/i386-options.cc | 3 +++ - gcc/defaults.h | 13 +++++++++++++ - 2 files changed, 16 insertions(+) - -diff --git a/gcc/config/i386/i386-options.cc b/gcc/config/i386/i386-options.cc -index 19632b5..fac61af 100644 ---- a/gcc/config/i386/i386-options.cc -+++ b/gcc/config/i386/i386-options.cc -@@ -3049,6 +3049,9 @@ ix86_option_override_internal (bool main_args_p, - = build_target_option_node (opts, opts_set); - } - -+ if (TARGET_64BIT && TARGET_CMOV) -+ SET_OPTION_IF_UNSET (opts, opts_set, flag_cf_protection, DEFAULT_FLAG_CF); -+ - if (opts->x_flag_cf_protection != CF_NONE) - { - if ((opts->x_flag_cf_protection & CF_BRANCH) == CF_BRANCH -diff --git a/gcc/defaults.h b/gcc/defaults.h -index 0f6cd78..5694412 100644 ---- a/gcc/defaults.h -+++ b/gcc/defaults.h -@@ -1463,6 +1463,19 @@ see the files COPYING3 and COPYING.RUNTIME respectively. If not, see - #define DEFAULT_FLAG_SCP 0 +--- a/gcc/cp/lang-specs.h ++++ b/gcc/cp/lang-specs.h +@@ -51,7 +51,7 @@ along with GCC; see the file COPYING3. If not see + " %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}" + " %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}" + " %{fmodules-ts:-fmodule-header %{fpreprocessed:-fdirectives-only}}" +- " %(cc1_options) %2" ++ " %(cc1_options) %(default_flag_cf_spec) %2" + " %{!fsyntax-only:" + " %{!S:-o %g.s%V}" + " %{!fmodule-*:%{!fmodules-*:%{!fdump-ada-spec*:" +@@ -72,7 +72,7 @@ along with GCC; see the file COPYING3. If not see + " %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}" + " %{fmodules-ts:-fmodule-header=system" + " %{fpreprocessed:-fdirectives-only}}" +- " %(cc1_options) %2" ++ " %(cc1_options) %(default_flag_cf_spec) %2" + " %{!fsyntax-only:" + " %{!S:-o %g.s%V}" + " %{!fmodule-*:%{!fmodules-*:%{!fdump-ada-spec*:" +@@ -92,7 +92,7 @@ along with GCC; see the file COPYING3. If not see + " %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}" + " %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}" + " %{fmodules-ts:-fmodule-header=user %{fpreprocessed:-fdirectives-only}}" +- " %(cc1_options) %2" ++ " %(cc1_options) %(default_flag_cf_spec) %2" + " %{!fsyntax-only:" + " %{!S:-o %g.s%V}" + " %{!fmodule-*:%{!fmodules-*:%{!fdump-ada-spec*:" +@@ -107,7 +107,7 @@ along with GCC; see the file COPYING3. If not see + " cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed" + " %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}" + " %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}" +- " %(cc1_options) %2" ++ " %(cc1_options) %(default_flag_cf_spec) %2" + " %{!fsyntax-only:" + " %{fmodule-only:%{!S:-o %g.s%V}}" + " %{!fmodule-only:%(invoke_as)}}" +@@ -116,7 +116,7 @@ along with GCC; see the file COPYING3. If not see + {".ii", "@c++-cpp-output", 0, 0, 0}, + {"@c++-cpp-output", + "%{!E:%{!M:%{!MM:" +- " cc1plus -fpreprocessed %i %(cc1_options) %2" ++ " cc1plus -fpreprocessed %i %(cc1_options) %(default_flag_cf_spec) %2" + " %{!fsyntax-only:" + " %{fmodule-only:%{!S:-o %g.s%V}}" + " %{!fmodule-only:%{!fmodule-header*:%(invoke_as)}}}" +--- a/gcc/gcc.cc ++++ b/gcc/gcc.cc +@@ -1007,6 +1007,18 @@ proper position among the other output files. */ + #define LINK_NOW_SPEC "" #endif +/* Default value for flag_cf_protection when flag_cf_protection is @@ -42,16 +68,139 @@ index 0f6cd78..5694412 100644 + We use a new option (EXTRA_OPTIONS_CF) here to avoid turning + this on accidentally for other arches. */ +#ifdef EXTRA_OPTIONS_CF -+#define DEFAULT_FLAG_CF CF_FULL ++#define DEFAULT_FLAG_CF_SPEC " %{!m16:%{!m32:%{!fcf-protection*:%{!fno-cf-protection:-fcf-protection}}}}" +#endif -+#ifndef DEFAULT_FLAG_CF -+#define DEFAULT_FLAG_CF CF_NONE ++#ifndef DEFAULT_FLAG_CF_SPEC ++#define DEFAULT_FLAG_CF_SPEC "" +#endif + -+ - /* By default, the C++ compiler will use function addresses in the - vtable entries. Setting this nonzero tells the compiler to use - function descriptors instead. The value of this macro says how --- -2.34.1 - + #ifdef ENABLE_DEFAULT_PIE + #define PIE_SPEC "!no-pie" + #define NO_FPIE1_SPEC "fno-pie" +@@ -1209,6 +1221,7 @@ static const char *cpp_spec = CPP_SPEC; + static const char *cc1_spec = CC1_SPEC; + static const char *cc1plus_spec = CC1PLUS_SPEC; + static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC; ++static const char *default_flag_cf_spec = DEFAULT_FLAG_CF_SPEC; + static const char *link_ssp_spec = LINK_SSP_SPEC; + static const char *asm_spec = ASM_SPEC; + static const char *asm_final_spec = ASM_FINAL_SPEC; +@@ -1267,7 +1280,7 @@ static const char *cpp_options = + "%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\ + %{f*} %{g*:%{%:debug-level-gt(0):%{g*}\ + %{!fno-working-directory:-fworking-directory}}} %{O*}\ +- %{undef} %{save-temps*:-fpch-preprocess}"; ++ %{undef} %{save-temps*:-fpch-preprocess} %(default_flag_cf_spec)"; + + /* Pass -d* flags, possibly modifying -dumpdir, -dumpbase et al. + +@@ -1456,9 +1469,9 @@ static const struct compiler default_compilers[] = + %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \ + %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\ + cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \ +- %(cc1_options)}\ ++ %(cc1_options)%(default_flag_cf_spec)}\ + %{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\ +- cc1 %(cpp_unique_options) %(cc1_options)}}}\ ++ cc1 %(cpp_unique_options) %(cc1_options) %(default_flag_cf_spec)}}}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1}, + {"-", + "%{!E:%e-E or -x required when input is from standard input}\ +@@ -1472,18 +1485,18 @@ static const struct compiler default_compilers[] = + %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \ + %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\ + cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \ +- %(cc1_options)\ ++ %(cc1_options) %(default_flag_cf_spec)\ + %{!fsyntax-only:%{!S:-o %g.s} \ + %{!fdump-ada-spec*:%{!o*:--output-pch=%i.gch}\ + %W{o*:--output-pch=%*}}%V}}\ + %{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\ +- cc1 %(cpp_unique_options) %(cc1_options)\ ++ cc1 %(cpp_unique_options) %(cc1_options) %(default_flag_cf_spec)\ + %{!fsyntax-only:%{!S:-o %g.s} \ + %{!fdump-ada-spec*:%{!o*:--output-pch=%i.gch}\ + %W{o*:--output-pch=%*}}%V}}}}}}}", 0, 0, 0}, + {".i", "@cpp-output", 0, 0, 0}, + {"@cpp-output", +- "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, ++ "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %(default_flag_cf_spec) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {".s", "@assembler", 0, 0, 0}, + {"@assembler", + "%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0}, +@@ -1715,6 +1728,7 @@ static struct spec_list static_specs[] = + INIT_STATIC_SPEC ("cc1_options", &cc1_options), + INIT_STATIC_SPEC ("cc1plus", &cc1plus_spec), + INIT_STATIC_SPEC ("link_gcc_c_sequence", &link_gcc_c_sequence_spec), ++ INIT_STATIC_SPEC ("default_flag_cf_spec", &default_flag_cf_spec), + INIT_STATIC_SPEC ("link_ssp", &link_ssp_spec), + INIT_STATIC_SPEC ("endfile", &endfile_spec), + INIT_STATIC_SPEC ("link", &link_spec), +--- a/gcc/objc/lang-specs.h ++++ b/gcc/objc/lang-specs.h +@@ -29,9 +29,9 @@ along with GCC; see the file COPYING3. If not see + %{traditional|traditional-cpp:\ + %eGNU Objective C no longer supports traditional compilation}\ + %{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\ +- cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}\ ++ cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %(default_flag_cf_spec) %{print-objc-runtime-info} %{gen-decls}}\ + %{!save-temps*:%{!no-integrated-cpp:\ +- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}}\ ++ cc1obj %(cpp_unique_options) %(cc1_options) %(default_flag_cf_spec) %{print-objc-runtime-info} %{gen-decls}}}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {"@objective-c-header", + "%{E|M|MM:cc1obj -E %{traditional|traditional-cpp:-traditional-cpp}\ +@@ -40,18 +40,18 @@ along with GCC; see the file COPYING3. If not see + %{traditional|traditional-cpp:\ + %eGNU Objective C no longer supports traditional compilation}\ + %{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\ +- cc1obj -fpreprocessed %b.mi %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ cc1obj -fpreprocessed %b.mi %(cc1_options) %(default_flag_cf_spec) %{print-objc-runtime-info} %{gen-decls}\ + -o %g.s %{!o*:--output-pch=%i.gch}\ + %W{o*:--output-pch=%*}%V}\ + %{!save-temps*:%{!no-integrated-cpp:\ +- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ cc1obj %(cpp_unique_options) %(cc1_options) %(default_flag_cf_spec) %{print-objc-runtime-info} %{gen-decls}\ + -o %g.s %{!o*:--output-pch=%i.gch}\ + %W{o*:--output-pch=%*}%V}}}}}", 0, 0, 0}, + {".mi", "@objective-c-cpp-output", 0, 0, 0}, + {"@objective-c-cpp-output", +- "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(default_flag_cf_spec) %{print-objc-runtime-info} %{gen-decls}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {"@objc-cpp-output", + "%nobjc-cpp-output is deprecated; please use objective-c-cpp-output instead\n\ +- %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\ ++ %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(default_flag_cf_spec) %{print-objc-runtime-info} %{gen-decls}\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, +--- a/gcc/objcp/lang-specs.h ++++ b/gcc/objcp/lang-specs.h +@@ -36,7 +36,7 @@ along with GCC; see the file COPYING3. If not see + %(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\ + cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\ + %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\ +- %(cc1_options) %2\ ++ %(cc1_options) %(default_flag_cf_spec) %2\ + -o %g.s %{!o*:--output-pch=%i.gch} %W{o*:--output-pch=%*}%V}}}", + CPLUSPLUS_CPP_SPEC, 0, 0}, + {"@objective-c++", +@@ -46,16 +46,16 @@ along with GCC; see the file COPYING3. If not see + %(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\ + cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\ + %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\ +- %(cc1_options) %2\ ++ %(cc1_options) %(default_flag_cf_spec) %2\ + %{!fsyntax-only:%(invoke_as)}}}}", + CPLUSPLUS_CPP_SPEC, 0, 0}, + {".mii", "@objective-c++-cpp-output", 0, 0, 0}, + {"@objective-c++-cpp-output", + "%{!M:%{!MM:%{!E:\ +- cc1objplus -fpreprocessed %i %(cc1_options) %2\ ++ cc1objplus -fpreprocessed %i %(cc1_options) %(default_flag_cf_spec) %2\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, + {"@objc++-cpp-output", + "%nobjc++-cpp-output is deprecated; please use objective-c++-cpp-output instead\n\ + %{!M:%{!MM:%{!E:\ +- cc1objplus -fpreprocessed %i %(cc1_options) %2\ ++ cc1objplus -fpreprocessed %i %(cc1_options) %(default_flag_cf_spec) %2\ + %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0}, diff --git a/12.1.0/gentoo/README.history b/12.1.0/gentoo/README.history index d3793cb..9b64fee 100644 --- a/12.1.0/gentoo/README.history +++ b/12.1.0/gentoo/README.history @@ -1,3 +1,7 @@ +7 30 May 2022 + + U 26_all_enable-cet.patch + 6 29 May 2022 + 26_all_enable-cet.patch
