mirror of
https://github.com/gcc-mirror/gcc.git
synced 2024-11-21 13:40:47 +00:00
251c72a68a
This patch implements the --enable-host-pie configure option which makes the compiler executables PIE. This can be used to enhance protection against ROP attacks, and can be viewed as part of a wider trend to harden binaries. It is similar to the option --enable-host-shared, except that --e-h-s won't add -shared to the linker flags whereas --e-h-p will add -pie. It is different from --enable-default-pie because that option just adds an implicit -fPIE/-pie when the compiler is invoked, but the compiler itself isn't PIE. Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH regressions. When building the compiler, the build process may use various in-tree libraries; these need to be built with -fPIE so that it's possible to use them when building a PIE. For instance, when --with-included-gettext is in effect, intl object files must be compiled with -fPIE. Similarly, when building in-tree gmp, isl, mpfr and mpc, they must be compiled with -fPIE. I plan to add an option to link with -Wl,-z,now. ChangeLog: * Makefile.def: Pass $(PICFLAG) to AM_CFLAGS for gmp, mpfr, mpc, and isl. * Makefile.in: Regenerate. * Makefile.tpl: Set PICFLAG. * configure.ac (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. c++tools/ChangeLog: * Makefile.in: Rename PIEFLAG to PICFLAG. Set LD_PICFLAG. Use it. Use pic/libiberty.a if PICFLAG is set. * configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG. (--enable-host-pie): New check. * configure: Regenerate. fixincludes/ChangeLog: * Makefile.in: Set and use PICFLAG and LD_PICFLAG. Use the "pic" build of libiberty if PICFLAG is set. * configure.ac: * configure: Regenerate. gcc/ChangeLog: * Makefile.in: Set LD_PICFLAG. Use it. Set enable_host_pie. Remove NO_PIE_CFLAGS and NO_PIE_FLAG. Pass LD_PICFLAG to ALL_LINKERFLAGS. Use the "pic" build of libiberty if --enable-host-pie. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this check. * configure: Regenerate. * doc/install.texi: Document --enable-host-pie. gcc/d/ChangeLog: * Make-lang.in: Remove NO_PIE_CFLAGS. intl/ChangeLog: * Makefile.in: Use @PICFLAG@ in COMPILE as well. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libcody/ChangeLog: * Makefile.in: Pass LD_PICFLAG to LDFLAGS. * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this check. * configure: Regenerate. libcpp/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libdecnumber/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. libiberty/ChangeLog: * configure.ac: Also set shared when enable_host_pie. * configure: Regenerate. zlib/ChangeLog: * configure.ac (--enable-host-shared): Don't set PICFLAG here. (--enable-host-pie): New check. Set PICFLAG after this check. * configure: Regenerate. |
||
|---|---|---|
| .. | ||
| aclocal.m4 | ||
| bindtextdom.c | ||
| ChangeLog | ||
| config.h.in | ||
| config.intl.in | ||
| configure | ||
| configure.ac | ||
| dcgettext.c | ||
| dcigettext.c | ||
| dcngettext.c | ||
| dgettext.c | ||
| dngettext.c | ||
| eval-plural.h | ||
| explodename.c | ||
| finddomain.c | ||
| gettext.c | ||
| gettextP.h | ||
| gmo.h | ||
| hash-string.h | ||
| intl-compat.c | ||
| l10nflist.c | ||
| libgnuintl.h | ||
| loadinfo.h | ||
| loadmsgcat.c | ||
| localcharset.c | ||
| localcharset.h | ||
| locale.alias | ||
| localealias.c | ||
| localename.c | ||
| log.c | ||
| Makefile.in | ||
| ngettext.c | ||
| osdep.c | ||
| plural-config.h | ||
| plural-exp.c | ||
| plural-exp.h | ||
| plural.c | ||
| plural.y | ||
| README | ||
| relocatable.c | ||
| relocatable.h | ||
| textdomain.c | ||
| VERSION | ||
GNU toolchain edition of GNU libintl 0.12.1 Most of the content of this directory is taken from gettext 0.12.1 and is owned by that project. Patches should be directed to the gettext developers first. However, note the following: * libintl.h comes from gettext, but is named libgnuintl.h.in in that project's source tree. * The files COPYING.LIB-2.0 and COPYING.LIB-2.1 are redundant with the top-level COPYING.LIB and have therefore been removed. * The files config.charset, ref-add.sin, ref-del.sin, os2compat.c, and os2compat.h are not used in this setup and have therefore been removed. * aclocal.m4 was constructed using automake's "aclocal -I ../config". * configure.ac, config.intl.in, and Makefile.in were written for this directory layout, by Zack Weinberg <zack@codesourcery.com>. Please direct patches for these files to gcc-patches@gcc.gnu.org.