document the gcc stack protector flag

6 files changed, 88 insertions, 5 deletions

diff --git a/sys-devel/gcc/ChangeLog b/sys-devel/gcc/ChangeLog
index 4582ef11bf8f..fb8c6cc48b4f 100644
--- a/sys-devel/gcc/ChangeLog
+++ b/sys-devel/gcc/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for sys-devel/gcc
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/ChangeLog,v 1.298 2004/08/03 18:18:57 lv Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/ChangeLog,v 1.299 2004/08/06 19:16:25 vapier Exp $
+
+  06 Aug 2004; Mike Frysinger <vapier@gentoo.org>
+  +files/pro-police-docs.patch, gcc-3.3.4-r1.ebuild, gcc-3.4.0-r6.ebuild,
+  gcc-3.4.1-r2.ebuild, gcc-3.4.1.ebuild:
+  Add the pro-police doc patch.
 
 *gcc-3.4.1-r2 (03 Aug 2004)
 
diff --git a/sys-devel/gcc/files/pro-police-docs.patch b/sys-devel/gcc/files/pro-police-docs.patch
new file mode 100644
index 000000000000..091ea44ef0d7
--- /dev/null
+++ b/sys-devel/gcc/files/pro-police-docs.patch
@@ -0,0 +1,74 @@
+Index: gcc/doc/invoke.texi
+===================================================================
+RCS file: /cvsroot/gcc/gcc/gcc/doc/invoke.texi,v
+retrieving revision 1.364
+diff -c -3 -p -r1.364 invoke.texi
+*** gcc/doc/invoke.texi	21 Nov 2003 11:42:58 -0000	1.364
+--- gcc/doc/invoke.texi	22 Nov 2003 08:12:35 -0000
+*************** in the following sections.
+*** 228,234 ****
+  -Wno-multichar  -Wnonnull  -Wpacked  -Wpadded @gol
+  -Wparentheses  -Wpointer-arith  -Wredundant-decls @gol
+  -Wreturn-type  -Wsequence-point  -Wshadow @gol
+! -Wsign-compare  -Wstrict-aliasing @gol
+  -Wswitch  -Wswitch-default  -Wswitch-enum @gol
+  -Wsystem-headers  -Wtrigraphs  -Wundef  -Wuninitialized @gol
+  -Wunknown-pragmas  -Wunreachable-code @gol
+--- 228,234 ----
+  -Wno-multichar  -Wnonnull  -Wpacked  -Wpadded @gol
+  -Wparentheses  -Wpointer-arith  -Wredundant-decls @gol
+  -Wreturn-type  -Wsequence-point  -Wshadow @gol
+! -Wsign-compare  -Wstack-protector  -Wstrict-aliasing @gol
+  -Wswitch  -Wswitch-default  -Wswitch-enum @gol
+  -Wsystem-headers  -Wtrigraphs  -Wundef  -Wuninitialized @gol
+  -Wunknown-pragmas  -Wunreachable-code @gol
+*************** in the following sections.
+*** 681,686 ****
+--- 681,687 ----
+  -fshort-double  -fshort-wchar @gol
+  -fverbose-asm  -fpack-struct  -fstack-check @gol
+  -fstack-limit-register=@var{reg}  -fstack-limit-symbol=@var{sym} @gol
++ -fstack-protector  -fstack-protector-all @gol
+  -fargument-alias  -fargument-noalias @gol
+  -fargument-noalias-global  -fleading-underscore @gol
+  -ftls-model=@var{model} @gol
+*************** effectively.  Often, the problem is that
+*** 3014,3019 ****
+--- 3015,3024 ----
+  complex; GCC will refuse to optimize programs when the optimization
+  itself is likely to take inordinate amounts of time.
+  
++ @item -Wstack-protector
++ @opindex Wstack-protector
++ Warn when not issuing stack smashing protection for some reason
++ 
+  @item -Werror
+  @opindex Werror
+  Make all warnings into errors.
+*************** and grows downwards, you can use the fla
+*** 11474,11479 ****
+--- 11479,11502 ----
+  @option{-fstack-limit-symbol=__stack_limit} and
+  @option{-Wl,--defsym,__stack_limit=0x7ffe0000} to enforce a stack limit
+  of 128KB@.  Note that this may only work with the GNU linker.
++ 
++ @item -fstack-protector
++ @item -fstack-protector-all
++ @opindex fstack-protector
++ @opindex fstack-protector-all
++ @opindex fno-stack-protector
++ Generate code to protect an application from a stack smashing
++ attack. The features are (1) the insertion of random value next to the
++ frame pointer to detect the integrity of the stack, (2) the reordering
++ of local variables to place buffers after pointers to avoid the
++ corruption of pointers that could be used to further corrupt arbitrary
++ memory locations, (3) the copying of pointers in function arguments to
++ an area preceding local variable buffers to prevent the corruption of
++ pointers that could be used to further corrupt arbitrary memory
++ locations, and the (4) omission of instrumentation code from some
++ functions to decrease the performance overhead.  If the integrity
++ would be broken, the program is aborted.  If no-stack-protector is
++ specified, instrumentation codes are generated at every functions.
+  
+  @cindex aliasing of parameters
+  @cindex parameters, aliased
diff --git a/sys-devel/gcc/gcc-3.3.4-r1.ebuild b/sys-devel/gcc/gcc-3.3.4-r1.ebuild
index fd5412fe1393..e561792db19e 100644
--- a/sys-devel/gcc/gcc-3.3.4-r1.ebuild
+++ b/sys-devel/gcc/gcc-3.3.4-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/gcc-3.3.4-r1.ebuild,v 1.6 2004/07/29 08:55:35 pappy Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/gcc-3.3.4-r1.ebuild,v 1.7 2004/08/06 19:16:25 vapier Exp $
 
 inherit eutils flag-o-matic libtool gnuconfig
 
@@ -363,6 +363,7 @@ src_unpack() {
 		epatch ${FILESDIR}/3.3.3/gcc333-ssp-3.3.2_1-fixup.patch
 
 		epatch ${WORKDIR}/protector.dif
+		epatch ${FILESDIR}/pro-police-docs.patch
 
 		cp ${WORKDIR}/protector.c ${WORKDIR}/${P}/gcc/ || die "protector.c not found"
 		cp ${WORKDIR}/protector.h ${WORKDIR}/${P}/gcc/ || die "protector.h not found"
diff --git a/sys-devel/gcc/gcc-3.4.0-r6.ebuild b/sys-devel/gcc/gcc-3.4.0-r6.ebuild
index 9ee7d05f7c64..ed10c95db3f3 100644
--- a/sys-devel/gcc/gcc-3.4.0-r6.ebuild
+++ b/sys-devel/gcc/gcc-3.4.0-r6.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/gcc-3.4.0-r6.ebuild,v 1.21 2004/07/29 16:00:27 lv Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/gcc-3.4.0-r6.ebuild,v 1.22 2004/08/06 19:16:25 vapier Exp $
 
 IUSE="static nls bootstrap build multilib gcj gtk f77 objc hardened uclibc n32 n64"
 
@@ -437,6 +437,7 @@ src_unpack() {
 	then
 		# ProPolice Stack Smashing protection
 		epatch ${WORKDIR}/protector.dif
+		epatch ${FILESDIR}/pro-police-docs.patch
 
 		cp ${WORKDIR}/gcc/protector.c ${WORKDIR}/${P}/gcc/ || die "protector.c not found"
 		cp ${WORKDIR}/gcc/protector.h ${WORKDIR}/${P}/gcc/ || die "protector.h not found"
diff --git a/sys-devel/gcc/gcc-3.4.1-r2.ebuild b/sys-devel/gcc/gcc-3.4.1-r2.ebuild
index 2fbf67503bf6..8694f8e24d40 100644
--- a/sys-devel/gcc/gcc-3.4.1-r2.ebuild
+++ b/sys-devel/gcc/gcc-3.4.1-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/gcc-3.4.1-r2.ebuild,v 1.1 2004/08/03 18:18:57 lv Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/gcc-3.4.1-r2.ebuild,v 1.2 2004/08/06 19:16:25 vapier Exp $
 
 IUSE="static nls bootstrap build multilib gcj gtk f77 objc hardened uclibc n32 n64"
 
@@ -406,6 +406,7 @@ do_piessp_patches() {
 	then
 		# ProPolice Stack Smashing protection
 		epatch ${WORKDIR}/protector.dif
+		epatch ${FILESDIR}/pro-police-docs.patch
 
 		cp ${WORKDIR}/gcc/protector.c ${S}/gcc/ || die "protector.c not found"
 		cp ${WORKDIR}/gcc/protector.h ${S}/gcc/ || die "protector.h not found"
diff --git a/sys-devel/gcc/gcc-3.4.1.ebuild b/sys-devel/gcc/gcc-3.4.1.ebuild
index dc5d7347f87a..46dd221ad860 100644
--- a/sys-devel/gcc/gcc-3.4.1.ebuild
+++ b/sys-devel/gcc/gcc-3.4.1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/gcc-3.4.1.ebuild,v 1.15 2004/08/03 18:18:57 lv Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/gcc-3.4.1.ebuild,v 1.16 2004/08/06 19:16:25 vapier Exp $
 
 IUSE="static nls bootstrap build multilib gcj gtk f77 objc hardened uclibc n32 n64"
 
@@ -441,6 +441,7 @@ src_unpack() {
 	then
 		# ProPolice Stack Smashing protection
 		epatch ${WORKDIR}/protector.dif
+		epatch ${FILESDIR}/pro-police-docs.patch
 
 		cp ${WORKDIR}/gcc/protector.c ${S}/gcc/ || die "protector.c not found"
 		cp ${WORKDIR}/gcc/protector.h ${S}/gcc/ || die "protector.h not found"