Support for Solaris 11.3 had already been obsoleted in GCC 13. However,
since the only Solaris system in the cfarm was running 11.3, I've kept
it in tree until now when both Solaris 11.4/SPARC and x86 systems have
been added.
This patch actually removes the Solaris 11.3 support. Apart from
several minor simplifications, there are two more widespread changes:
* In Solaris 11.4, libsocket and libnsl were folded into libc, so
there's no longer a need to link them explictly.
* Since Solaris 11.4, Solaris includes all crts needed by gcc (like
crt1.o and gcrt1.o) with the base system. All workarounds to provide
fallbacks can thus go.
Bootstrapped without regressions on i386-pc-solaris2.11 and
sparc-sun-solaris2.11 (as/ld, gas/ld, and gas/gld) as well as Solaris
11.3/x86 to ascertain that version is actually rejected.
2024-04-30 Rainer Orth <ro@CeBiTec.Uni-Bielefeld.DE>
c++tools:
* configure.ac (ax_lib_socket_nsl.m4): Don't sinclude.
(AX_LIB_SOCKET_NSL): Don't call.
(NETLIBS): Remove.
* configure: Regenerate.
* Makefile.in (NETLIBS): Remove.
(g++-mapper-server$(exeext)): Remove $(NETLIBS).
gcc:
* config.gcc: Move *-*-solaris2.11.[0-3]* to unsupported list.
<*-*-solaris2*> (default_use_cxa_atexit): Set unconditionally.
* configure.ac (AX_LIB_SOCKET_NSL): Don't call.
(NETLIBS): Remove.
(gcc_cv_ld_aligned_shf_merge): Remove.
(hidden_linkonce) <i?86-*-solaris2* | x86_64-*-solaris2*>: Remove.
(gcc_cv_target_dl_iterate_phdr) <*-*-solaris2*>: Always set to yes.
* Makefile.in (NETLIBS): Remove.
* configure, config.in, aclocal.m4: Regenerate.
* config/sol2.h: Don't check HAVE_SOLARIS_CRTS.
(STARTFILE_SPEC): Remove !HAVE_SOLARIS_CRTS case.
[USE_GLD] (LINK_EH_SPEC): Remove TARGET_DL_ITERATE_PHDR guard.
* config/i386/i386.cc (USE_HIDDEN_LINKONCE): Remove guard.
* varasm.cc (mergeable_string_section): Remove
HAVE_LD_ALIGNED_SHF_MERGE handling.
(mergeable_constant_section): Likewise.
* doc/install.texi (Specific,i?86-*-solaris2*): Reference Solaris
11.4 only.
(Specific, *-*-solaris2*): Document Solaris 11.3 removal. Remove
11.3 references and caveats. Update for 11.4.
gcc/cp:
* Make-lang.in (cc1plus$(exeext)): Remove $(NETLIBS).
gcc/objcp:
* Make-lang.in (cc1objplus$(exeext)): Remove $(NETLIBS).
gcc/testsuite:
* lib/target-supports.exp (check_effective_target_pie): Always
enable on *-*-solaris2*.
libgcc:
* configure.ac <*-*-solaris2*> (libgcc_cv_solaris_crts): Remove.
* config.host <*-*-solaris2*>: Remove !libgcc_cv_solaris_crts
support.
* configure, config.in: Regenerate.
* config/sol2/gmon.c (internal_mcount) [!HAVE_SOLARIS_CRTS]: Remove.
* config/i386/sol2-c1.S, config/sparc/sol2-c1.S: Remove.
* config/sol2/t-sol2 (crt1.o, gcrt1.o): Remove.
libstdc++-v3:
* testsuite/lib/dg-options.exp (add_options_for_net_ts)
<*-*-solaris2*>: Don't link with -lsocket -lnsl.
As promised in the --enable-host-pie patch, this patch adds another
configure option, --enable-host-bind-now, which adds -z now when linking
the compiler executables in order to extend hardening. BIND_NOW with RELRO
allows the GOT to be marked RO; this prevents GOT modification attacks.
This option does not affect linking of target libraries; you can use
LDFLAGS_FOR_TARGET=-Wl,-z,relro,-z,now to enable RELRO/BIND_NOW.
With this patch:
$ readelf -Wd cc1{,plus,obj,gm2} f951 lto1 cpp rust1 gnat1 | grep FLAGS
0x000000000000001e (FLAGS) BIND_NOW
0x000000006ffffffb (FLAGS_1) Flags: NOW PIE
0x000000000000001e (FLAGS) BIND_NOW
0x000000006ffffffb (FLAGS_1) Flags: NOW PIE
0x000000000000001e (FLAGS) BIND_NOW
0x000000006ffffffb (FLAGS_1) Flags: NOW PIE
0x000000000000001e (FLAGS) BIND_NOW
0x000000006ffffffb (FLAGS_1) Flags: NOW PIE
0x000000000000001e (FLAGS) BIND_NOW
0x000000006ffffffb (FLAGS_1) Flags: NOW PIE
0x000000000000001e (FLAGS) BIND_NOW
0x000000006ffffffb (FLAGS_1) Flags: NOW PIE
0x000000000000001e (FLAGS) BIND_NOW
0x000000006ffffffb (FLAGS_1) Flags: NOW PIE
0x000000000000001e (FLAGS) BIND_NOW
0x000000006ffffffb (FLAGS_1) Flags: NOW PIE
0x000000000000001e (FLAGS) BIND_NOW
0x000000006ffffffb (FLAGS_1) Flags: NOW PIE
c++tools/ChangeLog:
* configure.ac (--enable-host-bind-now): New check.
* configure: Regenerate.
gcc/ChangeLog:
* configure.ac (--enable-host-bind-now): New check. Add
-Wl,-z,now to LD_PICFLAG if --enable-host-bind-now.
* configure: Regenerate.
* doc/install.texi: Document --enable-host-bind-now.
lto-plugin/ChangeLog:
* configure.ac (--enable-host-bind-now): New check. Link with
-z,now.
* configure: Regenerate.
[ This is my third attempt to add this configure option. The first
version was approved but it came too late in the development cycle.
The second version was also approved, but I had to revert it:
<https://gcc.gnu.org/pipermail/gcc-patches/2022-November/607082.html>.
I've fixed the problem (by moving $(PICFLAG) from INTERNAL_CFLAGS to
ALL_COMPILERFLAGS). Another change is that since r13-4536 I no longer
need to touch Makefile.def, so this patch is simplified. ]
This patch implements the --enable-host-pie configure option which
makes the compiler executables PIE. This can be used to enhance
protection against ROP attacks, and can be viewed as part of a wider
trend to harden binaries.
It is similar to the option --enable-host-shared, except that --e-h-s
won't add -shared to the linker flags whereas --e-h-p will add -pie.
It is different from --enable-default-pie because that option just
adds an implicit -fPIE/-pie when the compiler is invoked, but the
compiler itself isn't PIE.
Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH
regressions.
When building the compiler, the build process may use various in-tree
libraries; these need to be built with -fPIE so that it's possible to
use them when building a PIE. For instance, when --with-included-gettext
is in effect, intl object files must be compiled with -fPIE. Similarly,
when building in-tree gmp, isl, mpfr and mpc, they must be compiled with
-fPIE.
With this patch and --enable-host-pie used to configure gcc:
$ file gcc/cc1{,plus,obj,gm2} gcc/f951 gcc/lto1 gcc/cpp gcc/go1 gcc/rust1 gcc/gnat1
gcc/cc1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=98e22cde129d304aa6f33e61b1c39e144aeb135e, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/cc1plus: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=859d1ea37e43dfe50c18fd4e3dd9a34bb1db8f77, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/cc1obj: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=1964f8ecee6163182bc26134e2ac1f324816e434, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/cc1gm2: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=a396672c7ff913d21855829202e7b02ecf42ff4c, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/f951: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=59c523db893186547ac75c7a71f48be0a461c06b, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/lto1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=084a7b77df7be2d63c2d4c655b5bbc3fcdb6038d, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/cpp: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=3503bf8390d219a10d6653b8560aa21158132168, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/go1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=988cc673af4fba5dcb482f4b34957b99050a68c5, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/rust1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=b6a5d3d514446c4dcdee0707f086ab9b274a8a3c, for GNU/Linux 3.2.0, with debug_info, not stripped
gcc/gnat1: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=bb11ccdc2c366fe3fe0980476bcd8ca19b67f9dc, for GNU/Linux 3.2.0, with debug_info, not stripped
I plan to add an option to link with -Wl,-z,now.
Bootstrapped on x86_64-pc-linux-gnu with --with-included-gettext
--enable-host-pie as well as without --enable-host-pie. Also tested
on a Debian system where the system gcc was configured with
--enable-default-pie.
Co-Authored by: Iain Sandoe <iain@sandoe.co.uk>
ChangeLog:
* configure.ac (--enable-host-pie): New check. Set PICFLAG after this
check.
* configure: Regenerate.
c++tools/ChangeLog:
* Makefile.in: Rename PIEFLAG to PICFLAG. Set LD_PICFLAG. Use it.
Use pic/libiberty.a if PICFLAG is set.
* configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG.
(--enable-host-pie): New check.
* configure: Regenerate.
fixincludes/ChangeLog:
* Makefile.in: Set and use PICFLAG and LD_PICFLAG. Use the "pic"
build of libiberty if PICFLAG is set.
* configure.ac:
* configure: Regenerate.
gcc/ChangeLog:
* Makefile.in: Set LD_PICFLAG. Use it. Set enable_host_pie.
Remove NO_PIE_CFLAGS and NO_PIE_FLAG. Pass LD_PICFLAG to
ALL_LINKERFLAGS. Use the "pic" build of libiberty if --enable-host-pie.
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this
check.
* configure: Regenerate.
* doc/install.texi: Document --enable-host-pie.
gcc/ada/ChangeLog:
* gcc-interface/Make-lang.in (ALL_ADAFLAGS): Remove NO_PIE_CFLAGS. Add
PICFLAG. Use PICFLAG when building ada/b_gnat1.o and ada/b_gnatb.o.
* gcc-interface/Makefile.in: Use pic/libiberty.a if PICFLAG is set.
Remove NO_PIE_FLAG.
gcc/m2/ChangeLog:
* Make-lang.in: New var, GM2_PICFLAGS. Use it.
gcc/d/ChangeLog:
* Make-lang.in: Remove NO_PIE_CFLAGS.
intl/ChangeLog:
* Makefile.in: Use @PICFLAG@ in COMPILE as well.
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
libcody/ChangeLog:
* Makefile.in: Pass LD_PICFLAG to LDFLAGS.
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this
check.
* configure: Regenerate.
libcpp/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
libdecnumber/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
libiberty/ChangeLog:
* configure.ac: Also set shared when enable_host_pie.
* configure: Regenerate.
zlib/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
As promised in the --enable-host-pie patch, this patch adds another
configure option, --enable-host-bind-now, which adds -z now when linking
the compiler executables in order to extend hardening. BIND_NOW with RELRO
allows the GOT to be marked RO; this prevents GOT modification attacks.
This option does not affect linking of target libraries; you can use
LDFLAGS_FOR_TARGET=-Wl,-z,relro,-z,now to enable RELRO/BIND_NOW.
c++tools/ChangeLog:
* configure.ac (--enable-host-bind-now): New check.
* configure: Regenerate.
gcc/ChangeLog:
* configure.ac (--enable-host-bind-now): New check. Add
-Wl,-z,now to LD_PICFLAG if --enable-host-bind-now.
* configure: Regenerate.
* doc/install.texi: Document --enable-host-bind-now.
lto-plugin/ChangeLog:
* configure.ac (--enable-host-bind-now): New check. Link with
-z,now.
* configure: Regenerate.
This patch implements the --enable-host-pie configure option which
makes the compiler executables PIE. This can be used to enhance
protection against ROP attacks, and can be viewed as part of a wider
trend to harden binaries.
It is similar to the option --enable-host-shared, except that --e-h-s
won't add -shared to the linker flags whereas --e-h-p will add -pie.
It is different from --enable-default-pie because that option just
adds an implicit -fPIE/-pie when the compiler is invoked, but the
compiler itself isn't PIE.
Since r12-5768-gfe7c3ecf, PCH works well with PIE, so there are no PCH
regressions.
When building the compiler, the build process may use various in-tree
libraries; these need to be built with -fPIE so that it's possible to
use them when building a PIE. For instance, when --with-included-gettext
is in effect, intl object files must be compiled with -fPIE. Similarly,
when building in-tree gmp, isl, mpfr and mpc, they must be compiled with
-fPIE.
I plan to add an option to link with -Wl,-z,now.
ChangeLog:
* Makefile.def: Pass $(PICFLAG) to AM_CFLAGS for gmp, mpfr, mpc, and
isl.
* Makefile.in: Regenerate.
* Makefile.tpl: Set PICFLAG.
* configure.ac (--enable-host-pie): New check. Set PICFLAG after this
check.
* configure: Regenerate.
c++tools/ChangeLog:
* Makefile.in: Rename PIEFLAG to PICFLAG. Set LD_PICFLAG. Use it.
Use pic/libiberty.a if PICFLAG is set.
* configure.ac (--enable-default-pie): Set PICFLAG instead of PIEFLAG.
(--enable-host-pie): New check.
* configure: Regenerate.
fixincludes/ChangeLog:
* Makefile.in: Set and use PICFLAG and LD_PICFLAG. Use the "pic"
build of libiberty if PICFLAG is set.
* configure.ac:
* configure: Regenerate.
gcc/ChangeLog:
* Makefile.in: Set LD_PICFLAG. Use it. Set enable_host_pie.
Remove NO_PIE_CFLAGS and NO_PIE_FLAG. Pass LD_PICFLAG to
ALL_LINKERFLAGS. Use the "pic" build of libiberty if --enable-host-pie.
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this
check.
* configure: Regenerate.
* doc/install.texi: Document --enable-host-pie.
gcc/d/ChangeLog:
* Make-lang.in: Remove NO_PIE_CFLAGS.
intl/ChangeLog:
* Makefile.in: Use @PICFLAG@ in COMPILE as well.
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
libcody/ChangeLog:
* Makefile.in: Pass LD_PICFLAG to LDFLAGS.
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG and LD_PICFLAG after this
check.
* configure: Regenerate.
libcpp/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
libdecnumber/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
libiberty/ChangeLog:
* configure.ac: Also set shared when enable_host_pie.
* configure: Regenerate.
zlib/ChangeLog:
* configure.ac (--enable-host-shared): Don't set PICFLAG here.
(--enable-host-pie): New check. Set PICFLAG after this check.
* configure: Regenerate.
The c++tools configure fragments need to be built with a C++ compiler.
In addition, the stand-alone server uses diagnostic mechanisms in common
with GCC, but needs to define implementations for gcc_assert and
supporting output functions.
Signed-off-by: Iain Sandoe <iain@sandoe.co.uk>
PR c++/98821 - modules : c++tools configures with CC but code fragments assume CXX.
PR c++/98821
c++tools/ChangeLog:
* config.h.in: Regenerate.
* configure: Regenerate.
* configure.ac: Configure using C++. Pull logic to
detect enabled checking modes; default to release
checking.
* server.cc (AI_NUMERICSERV): Define a fallback value.
(gcc_assert): New.
(gcc_unreachable): New.
(fancy_abort): Only build when checking is enabled.
Co-authored-by: Jakub Jelinek <jakub@redhat.com>
While looking at PR100731, I have noticed the copyright years are 2020-ish
only. This patch adds it to update-copyright.py and updates those.
2021-05-25 Jakub Jelinek <jakub@redhat.com>
contrib/
* update-copyright.py: Add c++tools.
c++tools/
* Makefile.in: Update copyright year.
* configure.ac: Likewise.
* resolver.cc: Likewise.
* resolver.h: Likewise.
* server.cc: Likewise.
(print_version): Update copyright notice date.
With the introduction of C++20 modules and libcody, cc1plus and
cc1objplus gained a dependency on the socket functions. Before those
were merged into libc in Solaris 11.4, one needed to link with -lsocket -lnsl
on Solaris, so that merge broke the Solaris 11.3 build.
While we already have 4 different checks for those libraries in the
tree, I decided to import autoconf-archive's AX_LIB_SOCKET_NSL macro
instead. At the same time, the patch only links libcody and the
networking libs where needed (cc1plus, cc1objplus).
Bootstrapped without regressions on i386-pc-solaris2.11 (Solaris 11.3
and 11.4), sparc-sun-solaris2.11, and x86_64-pc-linux-gnu.
2020-12-16 Rainer Orth <ro@CeBiTec.Uni-Bielefeld.DE>
c++tools:
PR c++/98316
* configure.ac: Include ../config/ax_lib_socket_nsl.m4.
(NETLIBS): Determine using AX_LIB_SOCKET_NSL.
* configure: Regenerate.
* Makefile.in (NETLIBS): Define.
(g++-mapper-server$(exeext)): Add $(NETLIBS).
gcc/objcp:
PR c++/98316
* Make-lang.in (cc1objplus$(exeext)): Add $(CODYLIB), $(NETLIBS).
gcc/cp:
PR c++/98316
* Make-lang.in (cc1plus$(exeext)): Add $(CODYLIB), $(NETLIBS).
gcc:
PR c++/98316
* configure.ac (NETLIBS): Determine using AX_LIB_SOCKET_NSL.
* aclocal.m4, configure: Regenerate.
* Makefile.in (NETLIBS): Define.
(BACKEND): Remove $(CODYLIB).
config:
PR c++/98316
* ax_lib_socket_nsl.m4: Import from autoconf-archive.
This adds --enable-default-pie support to c++tools, so that the sample
server is build -fPIE if requested.
PR bootstrap/98324
c++tools/
* Makefile.in: Add FLAGPIE.
* configure.ac: Add --enable-default-pie support.
* configure: Rebuilt.
When breaking out the sample server from the gcc/cp directory, it lost
its check for mmap, and the sample resolver just assumed it was there.
Fixed thusly. The non-mapping paths in module.cc weren't (recently)
excercised, and led to a signedness warning. Finally I'd missed
c++tools's config.h.in in the gcc_update script. There I took the
opportunity of adding a 'tools' segment of the dependency lists.
PR bootstrap/98300
contrib/
* gcc_update: Add c++tools/config.h.in.
c++tools/
* configure.ac: Check for sys/mman.h.
* resolver.cc: Don't assume mmap, O_CLOEXEC are available. Use
xmalloc.
* config.h.in: Regenerated.
* configure: Regenerated.
gcc/cp/
* module.cc: Fix ::read, ::write result signedness comparisons.
Seems c++tools doesn't honor --with-gcc-major-version-only.
Our distro uses that flag and so everything is installed in
/usr/lib/gcc/<target>/11/...
/usr/libexec/gcc/<target>/11/...
except
/usr/libexec/gcc/<target>/11.0.0/g++-mapper-server
The following patch should fix that.
2020-12-17 Jakub Jelinek <jakub@redhat.com>
* configure.ac: Add GCC_BASE_VER.
* Makefile.in (version): Remove variable.
(gcc_version): New variable.
(libexecsubdir): Use $(gcc_version) instead of $(version).
* configure: Regenerated.
I'd missed an install-strip rule in c++tools. Here it is, cribbed
from gcc/ subdir.
c++tools/
* Makefile.in (INSTALL): Replace with ...
(INSTALL_PROGRAM): ... this.
(INSTALL_STRIP_PROGRAM): New.
(install-strip): New target.
(install): Use INSTALL_PROGRAM.
* configure.ac: Add INSTALL_PROGRAM.
* configure: Regenerated.
Part of our module implementation adds a sample mapper server, the
guts of which are used by the default in-process mapping of cc1plus.
Rather than add another executable to gcc/cp/, this creates a new
c++tools directory where this and any other c++ tools might live.
The toplevel changes are a subsequent commit, because ... git.
c++tools/ChangeLog:
* Makefile.in: New.
* config.h.in: New.
* configure: New.
* configure.ac: New.
* resolver.cc: New.
* resolver.h: New.
* server.cc: New.
