]> git.ipfire.org Git - people/stevee/ipfire-3.x.git/blobdiff - gcc/patches/0001-gcc-Build-with-PIE.patch
projects / people / stevee / ipfire-3.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
gcc: Harden this package
[people/stevee/ipfire-3.x.git] / gcc / patches / 0001-gcc-Build-with-PIE.patch
diff --git a/gcc/patches/0001-gcc-Build-with-PIE.patch b/gcc/patches/0001-gcc-Build-with-PIE.patch
new file mode 100644 (file)
index 0000000..d708395
--- /dev/null
+++ b/gcc/patches/0001-gcc-Build-with-PIE.patch
@@ -0,0 +1,77 @@
+From 8690dbe058f3ca8af0499a545c4b4cc6a5dc089a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Tue, 21 Mar 2023 16:58:02 +0000
+Subject: [PATCH 1/2] gcc: Build with PIE
+
+This patch removes that GCC will be compiled with -fno-PIE/-no-pie.
+
+This will break PCH.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ gcc/Makefile.in  |  9 ---------
+ gcc/configure.ac | 28 ----------------------------
+ 2 files changed, 37 deletions(-)
+
+diff --git a/gcc/Makefile.in b/gcc/Makefile.in
+index 31ff95500c9..530928a3cde 100644
+--- a/gcc/Makefile.in
++++ b/gcc/Makefile.in
+@@ -267,15 +267,6 @@ endif
+ CET_HOST_FLAGS = @CET_HOST_FLAGS@
+ COMPILER += $(CET_HOST_FLAGS)
+-NO_PIE_CFLAGS = @NO_PIE_CFLAGS@
+-NO_PIE_FLAG = @NO_PIE_FLAG@
+-
+-# We don't want to compile the compilers with -fPIE, it make PCH fail.
+-COMPILER += $(NO_PIE_CFLAGS)
+-
+-# Link with -no-pie since we compile the compiler with -fno-PIE.
+-LINKER += $(NO_PIE_FLAG)
+-
+ # Like LINKER, but use a mutex for serializing front end links.
+ ifeq (@DO_LINK_MUTEX@,true)
+ LLINKER = $(SHELL) $(srcdir)/lock-and-run.sh linkfe.lck $(LINKER)
+diff --git a/gcc/configure.ac b/gcc/configure.ac
+index 992a50e7b20..62cd94bffb8 100644
+--- a/gcc/configure.ac
++++ b/gcc/configure.ac
+@@ -7641,34 +7641,6 @@ if test x$enable_default_pie = xyes ; then
+ fi
+ AC_SUBST([enable_default_pie])
+-# Check if -fno-PIE works.
+-AC_CACHE_CHECK([for -fno-PIE option],
+-  [gcc_cv_c_no_fpie],
+-  [saved_CXXFLAGS="$CXXFLAGS"
+-   CXXFLAGS="$CXXFLAGS -fno-PIE"
+-   AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) {return 0;}])],
+-     [gcc_cv_c_no_fpie=yes],
+-     [gcc_cv_c_no_fpie=no])
+-   CXXFLAGS="$saved_CXXFLAGS"])
+-if test "$gcc_cv_c_no_fpie" = "yes"; then
+-  NO_PIE_CFLAGS="-fno-PIE"
+-fi
+-AC_SUBST([NO_PIE_CFLAGS])
+-
+-# Check if -no-pie works.
+-AC_CACHE_CHECK([for -no-pie option],
+-  [gcc_cv_no_pie],
+-  [saved_LDFLAGS="$LDFLAGS"
+-   LDFLAGS="$LDFLAGS -no-pie"
+-   AC_LINK_IFELSE([AC_LANG_SOURCE([int main(void) {return 0;}])],
+-     [gcc_cv_no_pie=yes],
+-     [gcc_cv_no_pie=no])
+-   LDFLAGS="$saved_LDFLAGS"])
+-if test "$gcc_cv_no_pie" = "yes"; then
+-  NO_PIE_FLAG="-no-pie"
+-fi
+-AC_SUBST([NO_PIE_FLAG])
+-
+ # Enable Intel CET on Intel CET enabled host if jit is enabled.
+ GCC_CET_HOST_FLAGS(CET_HOST_FLAGS)
+ case x$enable_languages in
+-- 
+2.30.2
+
Stefan's tree of IPFire 3.x.