commit 50e6d095bd8d8eaef460d0bddda9455ff222c685 Author: Georg Koppen gk@torproject.org Date: Mon Jun 15 14:24:54 2015 +0000
Bug 16351: Update our toolchain (Binutils/GCC) --- gitian/descriptors/windows/gitian-utils.yml | 3 -- gitian/patches/enable-reloc-section-ld.patch | 53 ++++++++----------- gitian/patches/gcc-dev-random.patch | 72 -------------------------- gitian/patches/peXXigen.patch | 27 +++++----- gitian/versions.alpha | 6 +-- gitian/versions.nightly | 6 +-- 6 files changed, 42 insertions(+), 125 deletions(-)
diff --git a/gitian/descriptors/windows/gitian-utils.yml b/gitian/descriptors/windows/gitian-utils.yml index bef262d..78da8a7 100644 --- a/gitian/descriptors/windows/gitian-utils.yml +++ b/gitian/descriptors/windows/gitian-utils.yml @@ -28,7 +28,6 @@ files: - "gmp.tar.bz2" - "enable-reloc-section-ld.patch" - "peXXigen.patch" -- "gcc-dev-random.patch" - "versions" - "dzip.sh" script: | @@ -66,8 +65,6 @@ script: | cd gcc tar -xjvf ../gcc.tar.bz2 cd gcc-* - # Don't use /dev/random on Windows. See bug 13169 for details. - patch -p1 < ../../gcc-dev-random.patch cd .. # We don't want to link against msvcrt.dll due to bug 9084. i686-w64-mingw32-g++ -dumpspecs > ~/build/msvcr100.spec diff --git a/gitian/patches/enable-reloc-section-ld.patch b/gitian/patches/enable-reloc-section-ld.patch index f393f51..5845d75 100644 --- a/gitian/patches/enable-reloc-section-ld.patch +++ b/gitian/patches/enable-reloc-section-ld.patch @@ -1,30 +1,23 @@ -From 093b08a9e7af23a258306b710ebc4556d12f94f7 Mon Sep 17 00:00:00 2001 +From 99ffc3f28b964519892cb1fb8bdc64d42b80d777 Mon Sep 17 00:00:00 2001 From: Erinn Clark erinn@torproject.org Date: Fri, 8 Aug 2014 14:23:44 -0400 Subject: [PATCH] add relocation section so Windows bundles can have ASLR
Patch by skruffy.
---- - ld/emultempl/pe.em | 6 +++++ - ld/emultempl/pep.em | 8 ++++++- - ld/pe-dll.c | 63 ++++++++++++++++++++++++++++++----------------------- - ld/pe-dll.h | 1 + - 4 files changed, 50 insertions(+), 28 deletions(-) - diff --git a/ld/emultempl/pe.em b/ld/emultempl/pe.em -index 5d6da9e..14c07f7 100644 +index 979cc8b..4a63863 100644 --- a/ld/emultempl/pe.em +++ b/ld/emultempl/pe.em -@@ -268,6 +268,7 @@ fragment <<EOF - #define OPTION_TERMINAL_SERVER_AWARE (OPTION_WDM_DRIVER + 1) - /* Determinism. */ +@@ -274,6 +274,7 @@ fragment <<EOF #define OPTION_INSERT_TIMESTAMP (OPTION_TERMINAL_SERVER_AWARE + 1) -+#define OPTION_ENABLE_RELOC_SECTION (OPTION_INSERT_TIMESTAMP + 1) + #define OPTION_NO_INSERT_TIMESTAMP (OPTION_INSERT_TIMESTAMP + 1) + #define OPTION_BUILD_ID (OPTION_NO_INSERT_TIMESTAMP + 1) ++#define OPTION_ENABLE_RELOC_SECTION (OPTION_BUILD_ID + 1)
static void gld${EMULATION_NAME}_add_options -@@ -310,6 +311,7 @@ gld${EMULATION_NAME}_add_options +@@ -317,6 +318,7 @@ gld${EMULATION_NAME}_add_options {"export-all-symbols", no_argument, NULL, OPTION_EXPORT_ALL}, {"exclude-symbols", required_argument, NULL, OPTION_EXCLUDE_SYMBOLS}, {"exclude-all-symbols", no_argument, NULL, OPTION_EXCLUDE_ALL_SYMBOLS}, @@ -32,7 +25,7 @@ index 5d6da9e..14c07f7 100644 {"exclude-libs", required_argument, NULL, OPTION_EXCLUDE_LIBS}, {"exclude-modules-for-implib", required_argument, NULL, OPTION_EXCLUDE_MODULES_FOR_IMPLIB}, {"kill-at", no_argument, NULL, OPTION_KILL_ATS}, -@@ -773,6 +775,9 @@ gld${EMULATION_NAME}_handle_option (int optc) +@@ -787,6 +789,9 @@ gld${EMULATION_NAME}_handle_option (int optc) case OPTION_EXCLUDE_ALL_SYMBOLS: pe_dll_exclude_all_symbols = 1; break; @@ -42,7 +35,7 @@ index 5d6da9e..14c07f7 100644 case OPTION_EXCLUDE_LIBS: pe_dll_add_excludes (optarg, EXCLUDELIBS); break; -@@ -1839,6 +1844,7 @@ gld_${EMULATION_NAME}_finish (void) +@@ -2059,6 +2064,7 @@ gld_${EMULATION_NAME}_finish (void) if (link_info.shared #if !defined(TARGET_IS_shpe) || (!link_info.relocatable && pe_def_file->num_exports != 0) @@ -51,20 +44,20 @@ index 5d6da9e..14c07f7 100644 ) { diff --git a/ld/emultempl/pep.em b/ld/emultempl/pep.em -index b738800..b566903 100644 +index b24a608..caf2946 100644 --- a/ld/emultempl/pep.em +++ b/ld/emultempl/pep.em -@@ -242,7 +242,8 @@ enum options - OPTION_NO_BIND, - OPTION_WDM_DRIVER, +@@ -248,7 +248,8 @@ enum options OPTION_INSERT_TIMESTAMP, -- OPTION_TERMINAL_SERVER_AWARE -+ OPTION_TERMINAL_SERVER_AWARE, + OPTION_NO_INSERT_TIMESTAMP, + OPTION_TERMINAL_SERVER_AWARE, +- OPTION_BUILD_ID ++ OPTION_BUILD_ID, + OPTION_ENABLE_RELOC_SECTION };
static void -@@ -284,6 +285,7 @@ gld${EMULATION_NAME}_add_options +@@ -290,6 +291,7 @@ gld${EMULATION_NAME}_add_options {"export-all-symbols", no_argument, NULL, OPTION_EXPORT_ALL}, {"exclude-symbols", required_argument, NULL, OPTION_EXCLUDE_SYMBOLS}, {"exclude-all-symbols", no_argument, NULL, OPTION_EXCLUDE_ALL_SYMBOLS}, @@ -72,7 +65,7 @@ index b738800..b566903 100644 {"exclude-libs", required_argument, NULL, OPTION_EXCLUDE_LIBS}, {"exclude-modules-for-implib", required_argument, NULL, OPTION_EXCLUDE_MODULES_FOR_IMPLIB}, {"kill-at", no_argument, NULL, OPTION_KILL_ATS}, -@@ -727,6 +729,9 @@ gld${EMULATION_NAME}_handle_option (int optc) +@@ -743,6 +745,9 @@ gld${EMULATION_NAME}_handle_option (int optc) case OPTION_EXCLUDE_ALL_SYMBOLS: pep_dll_exclude_all_symbols = 1; break; @@ -82,7 +75,7 @@ index b738800..b566903 100644 case OPTION_EXCLUDE_LIBS: pep_dll_add_excludes (optarg, EXCLUDELIBS); break; -@@ -1618,6 +1623,7 @@ gld_${EMULATION_NAME}_finish (void) +@@ -1838,6 +1843,7 @@ gld_${EMULATION_NAME}_finish (void)
#ifdef DLL_SUPPORT if (link_info.shared @@ -91,10 +84,10 @@ index b738800..b566903 100644 { pep_dll_fill_sections (link_info.output_bfd, &link_info); diff --git a/ld/pe-dll.c b/ld/pe-dll.c -index e9e133b..4230dc3 100644 +index 61d8fa5..24c0c72 100644 --- a/ld/pe-dll.c +++ b/ld/pe-dll.c -@@ -152,6 +152,7 @@ def_file * pe_def_file = 0; +@@ -151,6 +151,7 @@ def_file * pe_def_file = 0; int pe_dll_export_everything = 0; int pe_dll_exclude_all_symbols = 0; int pe_dll_do_default_excludes = 1; @@ -200,10 +193,10 @@ index e9e133b..4230dc3 100644
bfd_boolean diff --git a/ld/pe-dll.h b/ld/pe-dll.h -index 4697390..2bf71d9 100644 +index 24ea302..6a0d633 100644 --- a/ld/pe-dll.h +++ b/ld/pe-dll.h -@@ -31,6 +31,7 @@ extern def_file *pe_def_file; +@@ -30,6 +30,7 @@ extern def_file *pe_def_file; extern int pe_dll_export_everything; extern int pe_dll_exclude_all_symbols; extern int pe_dll_do_default_excludes; @@ -212,5 +205,5 @@ index 4697390..2bf71d9 100644 extern int pe_dll_stdcall_aliases; extern int pe_dll_warn_dup_exports; -- -2.0.1 +1.7.9.5
diff --git a/gitian/patches/gcc-dev-random.patch b/gitian/patches/gcc-dev-random.patch deleted file mode 100644 index 9757f92..0000000 --- a/gitian/patches/gcc-dev-random.patch +++ /dev/null @@ -1,72 +0,0 @@ -From b0ce14899060267b5b5e4d7e3d91edcdf5c09514 Mon Sep 17 00:00:00 2001 -From: law law@138bc75d-0d04-0410-961f-82ee72b054a4 -Date: Tue, 10 Feb 2015 01:44:08 +0000 -Subject: [PATCH] * ssp.c (__guard_setup): For Windows, use approved methods - to get a suitable random number for the stack check guard - rather than reading /dev/random. - -git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@220559 138bc75d-0d04-0410-961f-82ee72b054a4 ---- - libssp/ChangeLog | 7 +++++++ - libssp/ssp.c | 16 ++++++++++++++++ - 2 files changed, 23 insertions(+) - -diff --git a/libssp/ChangeLog b/libssp/ChangeLog -index a445537..676d2a7 100644 ---- a/libssp/ChangeLog -+++ b/libssp/ChangeLog -@@ -1,3 +1,10 @@ -+2015-02-09 Georg Koppen gk@torproject.org -+ -+ * ssp.c: Conditionally include <windows.h> -+ (__guard_setup): For Windows, use approved methods to get -+ a suitable random number for the stack check guard rather -+ than reading /dev/random. -+ - 2014-07-16 Release Manager - - * GCC 4.9.1 released. -diff --git a/libssp/ssp.c b/libssp/ssp.c -index 96adf17..38e3ec8 100644 ---- a/libssp/ssp.c -+++ b/libssp/ssp.c -@@ -55,6 +55,7 @@ see the files COPYING3 and COPYING.RUNTIME respectively. If not, see - /* Native win32 apps don't know about /dev/tty but can print directly - to the console using "CONOUT$" */ - #if defined (_WIN32) && !defined (__CYGWIN__) -+#include <windows.h> - # define _PATH_TTY "CONOUT$" - #else - # define _PATH_TTY "/dev/tty" -@@ -75,6 +76,20 @@ __guard_setup (void) - if (__stack_chk_guard != 0) - return; - -+#if defined (_WIN32) && !defined (__CYGWIN__) -+ HCRYPTPROV hprovider = 0; -+ if (CryptAcquireContext(&hprovider, NULL, NULL, PROV_RSA_FULL, -+ CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) -+ { -+ if (CryptGenRandom(hprovider, sizeof (__stack_chk_guard), -+ (BYTE *)&__stack_chk_guard) && __stack_chk_guard != 0) -+ { -+ CryptReleaseContext(hprovider, 0); -+ return; -+ } -+ CryptReleaseContext(hprovider, 0); -+ } -+#else - fd = open ("/dev/urandom", O_RDONLY); - if (fd != -1) - { -@@ -85,6 +100,7 @@ __guard_setup (void) - return; - } - -+#endif - /* If a random generator can't be used, the protector switches the guard - to the "terminator canary". */ - p = (unsigned char *) &__stack_chk_guard; --- -1.7.10.4 - diff --git a/gitian/patches/peXXigen.patch b/gitian/patches/peXXigen.patch index 785aa02..0ae0979 100644 --- a/gitian/patches/peXXigen.patch +++ b/gitian/patches/peXXigen.patch @@ -1,14 +1,13 @@ -diff -crB binutils-2.24/bfd/peXXigen.c binutils-2.24/bfd/peXXigen.c -*** binutils-2.24/bfd/peXXigen.c Tue Nov 26 11:37:33 2013 ---- binutils-2.24/bfd/peXXigen.c Mon Aug 4 07:10:15 2014 -*************** -*** 795,800 **** ---- 795,802 ---- - /* Only use a real timestamp if the option was chosen. */ - if ((pe_data (abfd)->insert_timestamp)) - H_PUT_32 (abfd, time(0), filehdr_out->f_timdat); -+ else -+ H_PUT_32 (abfd, 0, filehdr_out->f_timdat); - - PUT_FILEHDR_SYMPTR (abfd, filehdr_in->f_symptr, - filehdr_out->f_symptr); +diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c +index 13e39e4..deef7b3 100644 +--- a/bfd/peXXigen.c ++++ b/bfd/peXXigen.c +@@ -873,6 +873,8 @@ _bfd_XXi_only_swap_filehdr_out (bfd * abfd, void * in, void * out) + /* Only use a real timestamp if the option was chosen. */ + if ((pe_data (abfd)->insert_timestamp)) + H_PUT_32 (abfd, time (0), filehdr_out->f_timdat); ++ else ++ H_PUT_32 (abfd, 0, filehdr_out->f_timdat); + + PUT_FILEHDR_SYMPTR (abfd, filehdr_in->f_symptr, + filehdr_out->f_symptr); diff --git a/gitian/versions.alpha b/gitian/versions.alpha index d34f0af..d883b0e 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -39,8 +39,8 @@ OPENSSL_VER=1.0.1n GMP_VER=5.1.3 FIREFOX_LANG_VER=$FIREFOX_VERSION FIREFOX_LANG_BUILD=build2 -BINUTILS_VER=2.24 -GCC_VER=4.9.1 +BINUTILS_VER=2.25 +GCC_VER=5.1.0 PYTHON_VER=2.7.5 PYCRYPTO_VER=2.6.1 ARGPARSE_VER=1.2.1 @@ -96,7 +96,7 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b -GCC_HASH=d334781a124ada6f38e63b545e2a3b8c2183049515a1abab6d513f109f1d717e +GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad
## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/$%7BOPENSSL_PACKAGE%7D diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 5a8eb91..73f8f73 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -42,8 +42,8 @@ OPENSSL_VER=1.0.1m GMP_VER=5.1.3 FIREFOX_LANG_VER=$FIREFOX_VERSION FIREFOX_LANG_BUILD=build2 -BINUTILS_VER=2.24 -GCC_VER=4.9.1 +BINUTILS_VER=2.25 +GCC_VER=5.1.0 PYTHON_VER=2.7.5 PYCRYPTO_VER=2.6.1 ARGPARSE_VER=1.2.1 @@ -99,7 +99,7 @@ PY2EXE_HASH=610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 PARSLEY_HASH=50d30cee70770fd44db7cea421cb2fb75af247c3a1cd54885c06b30a7c85dd23 GO_HASH=299a6fd8f8adfdce15bc06bde926e7b252ae8e24dd5b16b7d8791ed79e7b5e9b -GCC_HASH=d334781a124ada6f38e63b545e2a3b8c2183049515a1abab6d513f109f1d717e +GCC_HASH=b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad
## Non-git package URLs OPENSSL_URL=https://www.openssl.org/source/$%7BOPENSSL_PACKAGE%7D