diff -Naur gcc-4.2-20081001.orig/gcc/Makefile.in gcc-4.2-20081001/gcc/Makefile.in --- gcc-4.2-20081001.orig/gcc/Makefile.in 2008-04-01 21:26:19.000000000 +0000 +++ gcc-4.2-20081001/gcc/Makefile.in 2008-10-06 02:06:33.000000000 +0000 @@ -558,7 +558,7 @@ # LIBGCC2_DEBUG_CFLAGS = -g LIBGCC2_CFLAGS = -O2 $(LIBGCC2_INCLUDES) $(GCC_CFLAGS) $(TARGET_LIBGCC2_CFLAGS) \ - $(LIBGCC2_DEBUG_CFLAGS) $(GTHREAD_FLAGS) \ + $(LIBGCC2_DEBUG_CFLAGS) $(GTHREAD_FLAGS) -fno-stack-protector \ -DIN_LIBGCC2 -D__GCC_FLOAT_NOT_NEEDED \ $(INHIBIT_LIBC_CFLAGS) @@ -571,7 +571,7 @@ # Options to use when compiling crtbegin/end. CRTSTUFF_CFLAGS = -O2 $(GCC_CFLAGS) $(INCLUDES) $(MULTILIB_CFLAGS) -g0 \ - -finhibit-size-directive -fno-inline-functions -fno-exceptions \ + -finhibit-size-directive -fno-inline-functions -fno-exceptions -fno-stack-protector \ -fno-zero-initialized-in-bss -fno-toplevel-reorder \ $(INHIBIT_LIBC_CFLAGS) diff -Naur gcc-4.2-20081001.orig/gcc/common.opt gcc-4.2-20081001/gcc/common.opt --- gcc-4.2-20081001.orig/gcc/common.opt 2008-01-27 18:36:59.000000000 +0000 +++ gcc-4.2-20081001/gcc/common.opt 2008-10-06 02:06:09.000000000 +0000 @@ -121,7 +121,7 @@ Warn when one local variable shadows another Wstack-protector -Common Var(warn_stack_protect) +Common Var(warn_stack_protect) Init(1) Warn when not issuing stack smashing protection for some reason Wstrict-aliasing @@ -858,7 +858,7 @@ Use propolice as a stack protection method fstack-protector-all -Common Report RejectNegative Var(flag_stack_protect, 2) VarExists +Common Report RejectNegative Var(flag_stack_protect, 2) Init(2) Use a stack protection method for every function fstrength-reduce diff -Naur gcc-4.2-20081001.orig/gcc/configure gcc-4.2-20081001/gcc/configure --- gcc-4.2-20081001.orig/gcc/configure 2008-03-12 00:56:34.000000000 +0000 +++ gcc-4.2-20081001/gcc/configure 2008-10-06 02:06:09.000000000 +0000 @@ -16020,46 +16020,34 @@ fi +if test x$host != x$target || test "x$TARGET_SYSTEM_ROOT" != x; then + if test "x$with_sysroot" = x; then + glibc_header_dir="${exec_prefix}/${target_noncanonical}/sys-include" + elif test "x$with_sysroot" = xyes; then + glibc_header_dir="${exec_prefix}/${target_noncanonical}/sys-root/usr/include" + else + glibc_header_dir="${with_sysroot}/usr/include" + fi +else + glibc_header_dir=/usr/include +fi + # Test for stack protector support in target C library. -case "$target" in - *-*-linux*) - echo "$as_me:$LINENO: checking __stack_chk_fail in target GNU C library" >&5 +echo "$as_me:$LINENO: checking __stack_chk_fail in target GNU C library" >&5 echo $ECHO_N "checking __stack_chk_fail in target GNU C library... $ECHO_C" >&6 if test "${gcc_cv_libc_provides_ssp+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else gcc_cv_libc_provides_ssp=no - if test x$host != x$target || test "x$TARGET_SYSTEM_ROOT" != x; then - if test "x$with_sysroot" = x; then - glibc_header_dir="${exec_prefix}/${target_noncanonical}/sys-include" - elif test "x$with_sysroot" = xyes; then - glibc_header_dir="${exec_prefix}/${target_noncanonical}/sys-root/usr/include" - else - glibc_header_dir="${with_sysroot}/usr/include" - fi - else - glibc_header_dir=/usr/include - fi - # glibc 2.4 and later provides __stack_chk_fail and - # either __stack_chk_guard, or TLS access to stack guard canary. - if test -f $glibc_header_dir/features.h \ - && $EGREP '^[ ]*#[ ]*define[ ]+__GNU_LIBRARY__[ ]+([1-9][0-9]|[6-9])' \ - $glibc_header_dir/features.h > /dev/null; then - if $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+([1-9][0-9]|[3-9])' \ - $glibc_header_dir/features.h > /dev/null; then - gcc_cv_libc_provides_ssp=yes - elif $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC__[ ]+2' \ - $glibc_header_dir/features.h > /dev/null \ - && $EGREP '^[ ]*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]|[4-9])' \ - $glibc_header_dir/features.h > /dev/null; then - gcc_cv_libc_provides_ssp=yes - fi - fi + if $gcc_cv_nm $($CC -print-file-name=libc.a) 2>&1 | \ + grep '__stack_chk_fail' > /dev/null; then + gcc_cv_libc_provides_ssp=yes + else + gcc_cv_libc_provides_ssp=no + fi fi echo "$as_me:$LINENO: result: $gcc_cv_libc_provides_ssp" >&5 -echo "${ECHO_T}$gcc_cv_libc_provides_ssp" >&6 ;; - *) gcc_cv_libc_provides_ssp=no ;; -esac +echo "${ECHO_T}$gcc_cv_libc_provides_ssp" >&6 if test x$gcc_cv_libc_provides_ssp = xyes; then cat >>confdefs.h <<\_ACEOF diff -Naur gcc-4.2-20081001.orig/gcc/configure.ac gcc-4.2-20081001/gcc/configure.ac --- gcc-4.2-20081001.orig/gcc/configure.ac 2008-03-12 00:56:34.000000000 +0000 +++ gcc-4.2-20081001/gcc/configure.ac 2008-10-06 02:06:09.000000000 +0000 @@ -3217,40 +3217,28 @@ [Define to PREFIX/include if cpp should also search that directory.]) fi +if test x$host != x$target || test "x$TARGET_SYSTEM_ROOT" != x; then + if test "x$with_sysroot" = x; then + glibc_header_dir="${exec_prefix}/${target_noncanonical}/sys-include" + elif test "x$with_sysroot" = xyes; then + glibc_header_dir="${exec_prefix}/${target_noncanonical}/sys-root/usr/include" + else + glibc_header_dir="${with_sysroot}/usr/include" + fi +else + glibc_header_dir=/usr/include +fi + # Test for stack protector support in target C library. -case "$target" in - *-*-linux*) - AC_CACHE_CHECK(__stack_chk_fail in target GNU C library, - gcc_cv_libc_provides_ssp, - [gcc_cv_libc_provides_ssp=no - if test x$host != x$target || test "x$TARGET_SYSTEM_ROOT" != x; then - if test "x$with_sysroot" = x; then - glibc_header_dir="${exec_prefix}/${target_noncanonical}/sys-include" - elif test "x$with_sysroot" = xyes; then - glibc_header_dir="${exec_prefix}/${target_noncanonical}/sys-root/usr/include" - else - glibc_header_dir="${with_sysroot}/usr/include" - fi - else - glibc_header_dir=/usr/include - fi - # glibc 2.4 and later provides __stack_chk_fail and - # either __stack_chk_guard, or TLS access to stack guard canary. - if test -f $glibc_header_dir/features.h \ - && $EGREP '^@<:@ @:>@*#[ ]*define[ ]+__GNU_LIBRARY__[ ]+([1-9][0-9]|[6-9])' \ - $glibc_header_dir/features.h > /dev/null; then - if $EGREP '^@<:@ @:>@*#[ ]*define[ ]+__GLIBC__[ ]+([1-9][0-9]|[3-9])' \ - $glibc_header_dir/features.h > /dev/null; then - gcc_cv_libc_provides_ssp=yes - elif $EGREP '^@<:@ @:>@*#[ ]*define[ ]+__GLIBC__[ ]+2' \ - $glibc_header_dir/features.h > /dev/null \ - && $EGREP '^@<:@ @:>@*#[ ]*define[ ]+__GLIBC_MINOR__[ ]+([1-9][0-9]|[4-9])' \ - $glibc_header_dir/features.h > /dev/null; then - gcc_cv_libc_provides_ssp=yes - fi - fi]) ;; - *) gcc_cv_libc_provides_ssp=no ;; -esac +AC_CACHE_CHECK(__stack_chk_fail in target GNU C library, + gcc_cv_libc_provides_ssp, + [gcc_cv_libc_provides_ssp=no + if $gcc_cv_nm $($CC -print-file-name=libc.a) 2>&1 | \ + grep '__stack_chk_fail' > /dev/null; then + gcc_cv_libc_provides_ssp=yes + else + gcc_cv_libc_provides_ssp=no + fi]) if test x$gcc_cv_libc_provides_ssp = xyes; then AC_DEFINE(TARGET_LIBC_PROVIDES_SSP, 1, [Define if your target C library provides stack protector support]) diff -Naur gcc-4.2-20081001.orig/gcc/doc/invoke.texi gcc-4.2-20081001/gcc/doc/invoke.texi --- gcc-4.2-20081001.orig/gcc/doc/invoke.texi 2008-05-12 18:04:51.000000000 +0000 +++ gcc-4.2-20081001/gcc/doc/invoke.texi 2008-10-06 02:07:47.000000000 +0000 @@ -5974,13 +5974,14 @@ Emit extra code to check for buffer overflows, such as stack smashing attacks. This is done by adding a guard variable to functions with vulnerable objects. This includes functions that call alloca, and -functions with buffers larger than 8 bytes. The guards are initialized +functions with buffers larger than 4 bytes. The guards are initialized when a function is entered and then checked when the function exits. If a guard check fails, an error message is printed and the program exits. @item -fstack-protector-all @opindex fstack-protector-all Like @option{-fstack-protector} except that all functions are protected. +This is the default. Disable this option with @option{-fno-stack-protector}. @item -fsection-anchors @opindex fsection-anchors diff -Naur gcc-4.2-20081001.orig/gcc/gcc.c gcc-4.2-20081001/gcc/gcc.c --- gcc-4.2-20081001.orig/gcc/gcc.c 2007-09-01 15:28:30.000000000 +0000 +++ gcc-4.2-20081001/gcc/gcc.c 2008-10-06 02:06:09.000000000 +0000 @@ -677,7 +677,7 @@ #ifdef TARGET_LIBC_PROVIDES_SSP #define LINK_SSP_SPEC "%{fstack-protector:}" #else -#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all:-lssp_nonshared -lssp}" +#define LINK_SSP_SPEC "%{!fno-stack-protector:-lssp_nonshared -lssp}" #endif #endif diff -Naur gcc-4.2-20081001.orig/gcc/params.def gcc-4.2-20081001/gcc/params.def --- gcc-4.2-20081001.orig/gcc/params.def 2007-09-01 15:28:30.000000000 +0000 +++ gcc-4.2-20081001/gcc/params.def 2008-10-06 02:06:09.000000000 +0000 @@ -557,7 +557,7 @@ DEFPARAM (PARAM_SSP_BUFFER_SIZE, "ssp-buffer-size", "The lower bound for a buffer to be considered for stack smashing protection", - 8, 1, 0) + 4, 1, 0) /* When we thread through a block we have to make copies of the statements within the block. Clearly for large blocks the code diff -Naur gcc-4.2-20081001.orig/libssp/Makefile.am gcc-4.2-20081001/libssp/Makefile.am --- gcc-4.2-20081001.orig/libssp/Makefile.am 2006-05-24 01:47:02.000000000 +0000 +++ gcc-4.2-20081001/libssp/Makefile.am 2008-10-06 02:06:09.000000000 +0000 @@ -19,7 +19,7 @@ version_dep = endif -AM_CFLAGS = -Wall +AM_CFLAGS = -Wall -fno-stack-protector toolexeclib_LTLIBRARIES = libssp.la libssp_nonshared.la diff -Naur gcc-4.2-20081001.orig/libssp/Makefile.in gcc-4.2-20081001/libssp/Makefile.in --- gcc-4.2-20081001.orig/libssp/Makefile.in 2006-09-29 21:18:51.000000000 +0000 +++ gcc-4.2-20081001/libssp/Makefile.in 2008-10-06 02:06:09.000000000 +0000 @@ -221,7 +221,7 @@ @LIBSSP_USE_SYMVER_TRUE@version_arg = -Wl,--version-script=$(srcdir)/ssp.map @LIBSSP_USE_SYMVER_FALSE@version_dep = @LIBSSP_USE_SYMVER_TRUE@version_dep = $(srcdir)/ssp.map -AM_CFLAGS = -Wall +AM_CFLAGS = -Wall -fno-stack-protector toolexeclib_LTLIBRARIES = libssp.la libssp_nonshared.la libsubincludedir = $(libdir)/gcc/$(target_noncanonical)/$(gcc_version)/include nobase_libsubinclude_HEADERS = ssp/ssp.h ssp/string.h ssp/stdio.h ssp/unistd.h