name = gcc
version = 12.2.0
-release = 3
+release = 4
maintainer = Michael Tremer <michael.tremer@ipfire.org>
groups = Development/Compilers
# Build libubsan
build_libubsan = 0
- # A couple of configure arguments depending on the architecture and
- # configuration.
- configure_options =
-
- #make_bootstrap = profiledbootstrap
+ DIR_BUILD = %{DIR_SRC}/gcc-build
if "%{DISTRO_ARCH}" == "x86_64"
- configure_options = --disable-multilib
-
build_libquadmath = 1
build_liblsan = 1
build_libtsan = 1
build_libubsan = 1
end
- if "%{build_graphite}" == "1"
- configure_options += \
- --with-isl
- end
-
prepare_cmds
- mkdir -v %{DIR_SRC}/gcc-build
-
# Remove unneeded features that will save some compile time
rm -rf lib{gfortran,java,objc} gcc/{fortran,java,objc,objcp}
# Branding gcc
echo "%{DISTRO_NAME} %{version}-%{release}" > gcc/DEV-PHASE
- # Libgomp uses -Werror regardless of --disable-werror, and this will cause a
- # build failure when -D_FORTIFY_SOURCE=2 causes build time warnings:
- sed -e "s/-Werror//" -i libgomp/configure
-
# The fixincludes script is known to occasionally erroneously attempt to
# "fix" the system headers installed so far. As the headers up to this point
# are known to not require fixing, issue the following command to prevent
# the fixincludes script from running:
sed -i 's@\./fixinc\.sh@-c true@' gcc/Makefile.in
-
- sed -i gcc/Makefile.in \
- -e "s/-fno-exceptions/& -fno-asynchronous-unwind-tables/"
-
- #./contrib/gcc_update --touch
end
- export CC=gcc
- export CXX=g++
-
# Disable LTO
LTO_CFLAGS =
- build
- cd %{DIR_SRC}/gcc-build
-
- # Modify CFLAGS
- CFLAGS="%{CFLAGS}"
- CFLAGS=$(echo ${CFLAGS} | sed -e 's/\(-Wp,\)\?-D_FORTIFY_SOURCE=[12]//g')
- CFLAGS=$(echo ${CFLAGS} | sed -e 's/-Werror=format-security//g')
- CFLAGS=$(echo ${CFLAGS} | sed -e 's/-m64//g;s/-m32//g;s/-m31//g')
- CFLAGS=$(echo ${CFLAGS} | sed -e 's/-mfpmath=sse/-mfpmath=sse -msse2/g')
- CFLAGS=$(echo ${CFLAGS} | sed -e 's/-march=i.86//g')
- CFLAGS=$(echo ${CFLAGS} | sed -e 's/ -pipe / /g')
- CFLAGS=$(echo "${CFLAGS}" | sed -e 's/[[:blank:]]\+/ /g')
- CXXFLAGS=$(echo ${CFLAGS} | sed -e 's/ -Wall//g')
- CXXFLAGS=$(echo ${CXXFLAGS} | sed -e 's/ -fexceptions / /g')
- #CXXFLAGS=$(echo ${CXXFLAGS} | sed -e 's/ -Werror=format-security / -Wformat -Werror=format-security /g')
-
- case "${CFLAGS}" in
- *-fasynchronous-unwind-tables*)
- sed -i -e "s/-fno-exceptions /-fno-exceptions -fno-asynchronous-unwind-tables/" \
- ../%{thisapp}/Makefile.in
- ;;
- esac
-
- CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
- XCFLAGS="${CFLAGS}" \
- TCFLAGS="${CFLAGS}" \
- ../%{thisapp}/configure \
- --build=%{DISTRO_BUILDTARGET} \
- --prefix=/usr \
- --libdir=%{libdir} \
- --libexecdir=%{libdir} \
- --mandir=%{mandir} \
- --with-boot-ldflags="%{LDFLAGS}" \
- --enable-esp \
- --enable-shared \
- --enable-threads=posix \
- --enable-__cxa_atexit \
- --enable-clocale=gnu \
- --enable-languages=c,c++,lto \
- --disable-bootstrap \
- --enable-checking=release \
- --enable-default-pie \
- --enable-default-ssp \
- --disable-werror \
- --disable-libssp \
- --with-system-zlib \
- --with-bugurl=https://bugzilla.ipfire.org/ \
- --disable-libunwind-exceptions \
- --enable-gnu-unique-object \
- --enable-linker-build-id \
- --with-linker-hash-style=gnu \
- --enable-plugin \
- --enable-initfini-array \
- --disable-libgcj \
- --enable-gnu-indirect-function \
- %{configure_options}
-
- # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58012
- # XXX disabled flags: --disable-static
-
- # GCC does not support a parallel build.
- make %{make_bootstrap} BOOT_CFLAGS="${CFLAGS}" %{PARALLELISMFLAGS}
-
- # Generate man pages.
- perl -pi -e 's/head3/head2/' ../contrib/texi2pod.pl
- for i in %{DIR_APP}/gcc/doc/*.texi; do
- cp -a $i $i.orig; sed 's/ftable/table/' $i.orig > $i
- done
- make -C gcc generated-manpages
- for i in %{DIR_APP}/gcc/doc/*.texi; do mv -f $i.orig $i; done
+ # Disable any string format security checks
+ STRING_FORMAT_SECURITY_CFLAGS =
+
+ configure_options = \
+ CFLAGS="%{CFLAGS}" \
+ CXXFLAGS="%{CXXFLAGS}" \
+ XCFLAGS="%{CFLAGS}" \
+ TCFLAGS="%{CFLAGS}" \
+ --build=%{DISTRO_BUILDTARGET} \
+ --prefix=%{prefix} \
+ --libdir=%{libdir} \
+ --libexecdir=%{libdir} \
+ --mandir=%{mandir} \
+ --disable-static \
+ --enable-shared \
+ --enable-threads=posix \
+ --enable-__cxa_atexit \
+ --enable-languages=c,c++,lto \
+ --enable-bootstrap \
+ --with-build-config=bootstrap-lto \
+ --enable-link-serialization=1 \
+ --enable-checking=release \
+ --enable-default-pie \
+ --enable-default-ssp \
+ --disable-werror \
+ --disable-libssp \
+ --with-system-zlib \
+ --with-bugurl=https://bugzilla.ipfire.org/ \
+ --enable-libstdcxx-backtrace \
+ --disable-libstdcxx-pch \
+ --with-libstdcxx-zoneinfo=%{datadir}/zoneinfo \
+ --disable-libunwind-exceptions \
+ --enable-gnu-unique-object \
+ --enable-linker-build-id \
+ --with-linker-hash-style=gnu \
+ --enable-decimal-float \
+ --enable-plugin \
+ --enable-initfini-array \
+ --disable-libgcj \
+ --enable-gnu-indirect-function
+
+ if "%{build_graphite}" == "1"
+ configure_options += \
+ --with-isl
end
+ if "%{DISTRO_ARCH}" == "x86_64"
+ configure_options += \
+ --with-arch_64=x86-64-v2 \
+ --with-arch_32=x86-64 \
+ --enable-cet \
+ --with-tune=generic
+ end
+
+ make_build_targets += \
+ profiledbootstrap \
+ BOOT_CFLAGS="%{CFLAGS}" \
+ BOOT_LDFLAGS="%{LDFLAGS}" \
+ LDFLAGS_FOR_TARGET="%{LDFLAGS}"
+
#test
# cd %{DIR_SRC}/gcc-build && make -k check || true
# cd %{DIR_APP} && ./contrib/test_summary
#end
install
- cd %{DIR_SRC}/gcc-build
make install DESTDIR=%{BUILDROOT}
# Check if the installation path exists.
OUTPUT_FORMAT('`gcc -Wl,--print-output-format -nostdlib -r -o /dev/null`')
GROUP ( /%{libdir}/libgcc_s.so.1 libgcc.a )' > ${FULLPATH}/libgcc_s.so
- chmod 755 %{BUILDROOT}%{libdir}/libgcc_s.so.1
+ chmod -v 755 ${FULLPATH}/libgcc_s.so
+ chmod -v 755 %{BUILDROOT}%{libdir}/libgcc_s.so.1
# Remove some GNU debugger stuff.
rm -vf %{BUILDROOT}%{libdir}/lib*.py
# libgomp
mv -vf %{BUILDROOT}%{libdir}/libgomp.spec ${FULLPATH}/
ln -svf ../../../libgomp.so.1.0.0 ${FULLPATH}/libgomp.so
- chmod 755 %{BUILDROOT}%{libdir}/libgomp.so.1.*
+ chmod -v 755 %{BUILDROOT}%{libdir}/libgomp.so.1.*
# libstdc++
ln -svf ../../../libstdc++.so.6.0.30 ${FULLPATH}/libstdc++.so
- mv -vf %{BUILDROOT}%{libdir}/lib{std,sup}c++.a ${FULLPATH}
# libquadmath
if [ "%{build_libquadmath}" = "1" ]; then
ln -svf ../../../libquadmath.so.0.0.0 ${FULLPATH}/libquadmath.so
- chmod 755 %{BUILDROOT}%{libdir}/libquadmath.so.0.*
+ chmod -v 755 %{BUILDROOT}%{libdir}/libquadmath.so.0.*
fi
# libitm
mv -vf %{BUILDROOT}%{libdir}/libitm.spec ${FULLPATH}/
ln -svf ../../../libitm.so.1.0.0 ${FULLPATH}/libitm.so
- chmod 755 %{BUILDROOT}%{libdir}/libitm.so.1.*
+ chmod -v 755 %{BUILDROOT}%{libdir}/libitm.so.1.*
# liblsan
if [ "%{build_liblsan}" = "1" ]; then
ln -svf ../../../liblsan.so.0.0.0 ${FULLPATH}/liblsan.so
- chmod 755 %{BUILDROOT}%{libdir}/liblsan.so.*
+ chmod -v 755 %{BUILDROOT}%{libdir}/liblsan.so.*
fi
# libtsan
if [ "%{build_libtsan}" = "1" ]; then
ln -svf ../../../libtsan.so.2.0.0 ${FULLPATH}/libtsan.so
- chmod 755 %{BUILDROOT}%{libdir}/libtsan.so.*
+ chmod -v 755 %{BUILDROOT}%{libdir}/libtsan.so.*
fi
# libubsan
if [ "%{build_libubsan}" = "1" ]; then
ln -svf ../../../libubsan.so.1.0.0 ${FULLPATH}/libubsan.so
- chmod 755 %{BUILDROOT}%{libdir}/libubsan.so.*
+ chmod -v 755 %{BUILDROOT}%{libdir}/libubsan.so.*
fi
end
-
- keep_libraries
- %{libdir}/gcc/%{DISTRO_BUILDTARGET}/%{version}/libgcc.a
- %{libdir}/gcc/%{DISTRO_BUILDTARGET}/%{version}/libgcc_eh.a
- %{libdir}/gcc/%{DISTRO_BUILDTARGET}/%{version}/libstdc++.a
- %{libdir}/gcc/%{DISTRO_BUILDTARGET}/%{version}/libsupc++.a
- end
end
packages
--- /dev/null
+From 8690dbe058f3ca8af0499a545c4b4cc6a5dc089a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Tue, 21 Mar 2023 16:58:02 +0000
+Subject: [PATCH 1/2] gcc: Build with PIE
+
+This patch removes that GCC will be compiled with -fno-PIE/-no-pie.
+
+This will break PCH.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ gcc/Makefile.in | 9 ---------
+ gcc/configure.ac | 28 ----------------------------
+ 2 files changed, 37 deletions(-)
+
+diff --git a/gcc/Makefile.in b/gcc/Makefile.in
+index 31ff95500c9..530928a3cde 100644
+--- a/gcc/Makefile.in
++++ b/gcc/Makefile.in
+@@ -267,15 +267,6 @@ endif
+ CET_HOST_FLAGS = @CET_HOST_FLAGS@
+ COMPILER += $(CET_HOST_FLAGS)
+
+-NO_PIE_CFLAGS = @NO_PIE_CFLAGS@
+-NO_PIE_FLAG = @NO_PIE_FLAG@
+-
+-# We don't want to compile the compilers with -fPIE, it make PCH fail.
+-COMPILER += $(NO_PIE_CFLAGS)
+-
+-# Link with -no-pie since we compile the compiler with -fno-PIE.
+-LINKER += $(NO_PIE_FLAG)
+-
+ # Like LINKER, but use a mutex for serializing front end links.
+ ifeq (@DO_LINK_MUTEX@,true)
+ LLINKER = $(SHELL) $(srcdir)/lock-and-run.sh linkfe.lck $(LINKER)
+diff --git a/gcc/configure.ac b/gcc/configure.ac
+index 992a50e7b20..62cd94bffb8 100644
+--- a/gcc/configure.ac
++++ b/gcc/configure.ac
+@@ -7641,34 +7641,6 @@ if test x$enable_default_pie = xyes ; then
+ fi
+ AC_SUBST([enable_default_pie])
+
+-# Check if -fno-PIE works.
+-AC_CACHE_CHECK([for -fno-PIE option],
+- [gcc_cv_c_no_fpie],
+- [saved_CXXFLAGS="$CXXFLAGS"
+- CXXFLAGS="$CXXFLAGS -fno-PIE"
+- AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) {return 0;}])],
+- [gcc_cv_c_no_fpie=yes],
+- [gcc_cv_c_no_fpie=no])
+- CXXFLAGS="$saved_CXXFLAGS"])
+-if test "$gcc_cv_c_no_fpie" = "yes"; then
+- NO_PIE_CFLAGS="-fno-PIE"
+-fi
+-AC_SUBST([NO_PIE_CFLAGS])
+-
+-# Check if -no-pie works.
+-AC_CACHE_CHECK([for -no-pie option],
+- [gcc_cv_no_pie],
+- [saved_LDFLAGS="$LDFLAGS"
+- LDFLAGS="$LDFLAGS -no-pie"
+- AC_LINK_IFELSE([AC_LANG_SOURCE([int main(void) {return 0;}])],
+- [gcc_cv_no_pie=yes],
+- [gcc_cv_no_pie=no])
+- LDFLAGS="$saved_LDFLAGS"])
+-if test "$gcc_cv_no_pie" = "yes"; then
+- NO_PIE_FLAG="-no-pie"
+-fi
+-AC_SUBST([NO_PIE_FLAG])
+-
+ # Enable Intel CET on Intel CET enabled host if jit is enabled.
+ GCC_CET_HOST_FLAGS(CET_HOST_FLAGS)
+ case x$enable_languages in
+--
+2.30.2
+
--- /dev/null
+From 439c8e21de5245d3f345bd796f3131be319f54d2 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Tue, 21 Mar 2023 17:52:04 +0000
+Subject: [PATCH 2/2] libcc1: Export all symbols
+
+This patches removes the -export-symbols option when linking libcc1 and
+its plugins as it is breaking our hardening check where we are looking
+for a reference to __stack_chk_fail in the symbol table.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ libcc1/Makefile.am | 6 +++---
+ libcc1/Makefile.in | 6 +++---
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/libcc1/Makefile.am b/libcc1/Makefile.am
+index 6e3a34ff7e2..7eb8ec9178c 100644
+--- a/libcc1/Makefile.am
++++ b/libcc1/Makefile.am
+@@ -54,7 +54,7 @@ shared_source = callbacks.cc callbacks.hh connection.cc connection.hh \
+ marshall_c_source = marshall-c.hh
+ marshall_cxx_source = marshall-cp.hh
+
+-libcc1plugin_la_LDFLAGS = -module -export-symbols $(srcdir)/libcc1plugin.sym
++libcc1plugin_la_LDFLAGS = -module
+ libcc1plugin_la_SOURCES = libcc1plugin.cc context.cc context.hh \
+ $(shared_source) $(marshall_c_source)
+ libcc1plugin.lo_CPPFLAGS = $(CPPFLAGS_FOR_C)
+@@ -64,7 +64,7 @@ libcc1plugin_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \
+ $(CXXFLAGS) $(libcc1plugin_la_LDFLAGS) $(LTLDFLAGS) -o $@
+
+-libcp1plugin_la_LDFLAGS = -module -export-symbols $(srcdir)/libcp1plugin.sym
++libcp1plugin_la_LDFLAGS = -module
+ libcp1plugin_la_SOURCES = libcp1plugin.cc context.cc context.hh \
+ $(shared_source) $(marshall_cxx_source)
+ libcp1plugin.lo_CPPFLAGS = $(CPPFLAGS_FOR_CXX)
+@@ -75,7 +75,7 @@ libcp1plugin_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \
+ $(CXXFLAGS) $(libcp1plugin_la_LDFLAGS) $(LTLDFLAGS) -o $@
+
+ LTLDFLAGS = $(shell $(SHELL) $(top_srcdir)/../libtool-ldflags $(LDFLAGS))
+-libcc1_la_LDFLAGS = -module -export-symbols $(srcdir)/libcc1.sym
++libcc1_la_LDFLAGS = -module
+ libcc1_la_SOURCES = findcomp.cc libcc1.cc libcp1.cc \
+ compiler.cc compiler.hh names.cc names.hh $(shared_source) \
+ $(marshall_c_source) $(marshall_cxx_source)
+diff --git a/libcc1/Makefile.in b/libcc1/Makefile.in
+index f8f590d71e9..aa3d45bcef4 100644
+--- a/libcc1/Makefile.in
++++ b/libcc1/Makefile.in
+@@ -405,7 +405,7 @@ shared_source = callbacks.cc callbacks.hh connection.cc connection.hh \
+
+ marshall_c_source = marshall-c.hh
+ marshall_cxx_source = marshall-cp.hh
+-libcc1plugin_la_LDFLAGS = -module -export-symbols $(srcdir)/libcc1plugin.sym
++libcc1plugin_la_LDFLAGS = -module
+ libcc1plugin_la_SOURCES = libcc1plugin.cc context.cc context.hh \
+ $(shared_source) $(marshall_c_source)
+
+@@ -416,7 +416,7 @@ libcc1plugin_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \
+ $(CXXFLAGS) $(libcc1plugin_la_LDFLAGS) $(LTLDFLAGS) -o $@
+
+-libcp1plugin_la_LDFLAGS = -module -export-symbols $(srcdir)/libcp1plugin.sym
++libcp1plugin_la_LDFLAGS = -module
+ libcp1plugin_la_SOURCES = libcp1plugin.cc context.cc context.hh \
+ $(shared_source) $(marshall_cxx_source)
+
+@@ -428,7 +428,7 @@ libcp1plugin_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \
+ $(CXXFLAGS) $(libcp1plugin_la_LDFLAGS) $(LTLDFLAGS) -o $@
+
+ LTLDFLAGS = $(shell $(SHELL) $(top_srcdir)/../libtool-ldflags $(LDFLAGS))
+-libcc1_la_LDFLAGS = -module -export-symbols $(srcdir)/libcc1.sym
++libcc1_la_LDFLAGS = -module
+ libcc1_la_SOURCES = findcomp.cc libcc1.cc libcp1.cc \
+ compiler.cc compiler.hh names.cc names.hh $(shared_source) \
+ $(marshall_c_source) $(marshall_cxx_source)
+--
+2.30.2
+
--- /dev/null
+From a25982ada523689c8745d7fb4b1b93c8f5dab2e7 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Thu, 14 Jul 2022 08:23:38 -0700
+Subject: [PATCH] stack-protector: Check stack canary before throwing exception
+
+Check stack canary before throwing exception to avoid stack corruption.
+
+gcc/
+
+ PR middle-end/58245
+ * calls.cc: Include "tree-eh.h".
+ (expand_call): Check stack canary before throwing exception.
+
+gcc/testsuite/
+
+ PR middle-end/58245
+ * g++.dg/fstack-protector-strong.C: Adjusted.
+ * g++.dg/pr58245-1.C: New test.
+---
+ gcc/calls.cc | 6 +++++-
+ gcc/testsuite/g++.dg/fstack-protector-strong.C | 2 +-
+ gcc/testsuite/g++.dg/pr58245-1.C | 10 ++++++++++
+ 3 files changed, 16 insertions(+), 2 deletions(-)
+ create mode 100644 gcc/testsuite/g++.dg/pr58245-1.C
+
+diff --git a/gcc/calls.cc b/gcc/calls.cc
+index bc96aff38f0..6dd6f73e978 100644
+--- a/gcc/calls.cc
++++ b/gcc/calls.cc
+@@ -60,6 +60,7 @@ along with GCC; see the file COPYING3. If not see
+ #include "attr-fnspec.h"
+ #include "value-query.h"
+ #include "tree-pretty-print.h"
++#include "tree-eh.h"
+
+ /* Like PREFERRED_STACK_BOUNDARY but in units of bytes, not bits. */
+ #define STACK_BYTES (PREFERRED_STACK_BOUNDARY / BITS_PER_UNIT)
+@@ -3154,7 +3155,10 @@ expand_call (tree exp, rtx target, int ignore)
+ if (pass && (flags & ECF_MALLOC))
+ start_sequence ();
+
+- if (pass == 0
++ /* Check the canary value for sibcall or function which doesn't
++ return and could throw. */
++ if ((pass == 0
++ || ((flags & ECF_NORETURN) != 0 && tree_could_throw_p (exp)))
+ && crtl->stack_protect_guard
+ && targetm.stack_protect_runtime_enabled_p ())
+ stack_protect_epilogue ();
+diff --git a/gcc/testsuite/g++.dg/fstack-protector-strong.C b/gcc/testsuite/g++.dg/fstack-protector-strong.C
+index ae6d2fdb8df..034af2ce9ab 100644
+--- a/gcc/testsuite/g++.dg/fstack-protector-strong.C
++++ b/gcc/testsuite/g++.dg/fstack-protector-strong.C
+@@ -85,4 +85,4 @@ int foo7 (B *p)
+ return p->return_slot ().a1;
+ }
+
+-/* { dg-final { scan-assembler-times "stack_chk_fail" 7 } } */
++/* { dg-final { scan-assembler-times "stack_chk_fail" 8 } } */
+diff --git a/gcc/testsuite/g++.dg/pr58245-1.C b/gcc/testsuite/g++.dg/pr58245-1.C
+new file mode 100644
+index 00000000000..1439bc62e71
+--- /dev/null
++++ b/gcc/testsuite/g++.dg/pr58245-1.C
+@@ -0,0 +1,10 @@
++/* { dg-do compile { target i?86-*-* x86_64-*-* rs6000-*-* s390x-*-* } } */
++/* { dg-options "-O2 -fstack-protector-all" } */
++
++void
++bar (void)
++{
++ throw 1;
++}
++
++/* { dg-final { scan-assembler-times "stack_chk_fail" 1 } } */
+--
+2.31.1
+