diff options
author | Antoine Eiche <lewo@abesis.fr> | 2018-05-02 17:01:30 +0200 |
---|---|---|
committer | Antoine Eiche <lewo@abesis.fr> | 2018-05-03 11:35:49 +0200 |
commit | ada2fc088cef052eb0071e0c226a7f0bb00bd0b5 (patch) | |
tree | b043e4cbd3e26e8e9750caedf22e23c32d8b9916 /pkgs/development/compilers/gcc | |
parent | 4d6a14e915b8e2f4142eaf54c225bbce0d75dd87 (diff) | |
download | nixlib-ada2fc088cef052eb0071e0c226a7f0bb00bd0b5.tar nixlib-ada2fc088cef052eb0071e0c226a7f0bb00bd0b5.tar.gz nixlib-ada2fc088cef052eb0071e0c226a7f0bb00bd0b5.tar.bz2 nixlib-ada2fc088cef052eb0071e0c226a7f0bb00bd0b5.tar.lz nixlib-ada2fc088cef052eb0071e0c226a7f0bb00bd0b5.tar.xz nixlib-ada2fc088cef052eb0071e0c226a7f0bb00bd0b5.tar.zst nixlib-ada2fc088cef052eb0071e0c226a7f0bb00bd0b5.zip |
gcc49: backport retpoline support
To mitigate Spectre Variant 2, GCC needs to have retpoline support (-mindirect-branch and -mfunction-return arguments on amd64 and i386). Patches were pulled from H.J. Lu's backport branch to 4.9 (hjl/indirect/gcc-4_9-branch), available at https://github.com/hjl-tools/gcc/tree/hjl/indirect/gcc-4_9-branch/master. Upstream GCC does not apply patches to anything older than the gcc-6-branch. H.J. Lu is the author of the upstream retpoline commits as well. Several Linux distributions already backported these patches to GCC 4 branches and some old kernels (3.13 for instance) have been recompiled with these GCC patches. These kernels only allow to load kernel modules that are compiled with the retpoline support. References: - Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/gcc-4.8/+bug/1749261 - Ubuntu package: https://launchpad.net/ubuntu/+source/gcc-4.8/4.8.4-2ubuntu1~14.04.4 Fixes #38394
Diffstat (limited to 'pkgs/development/compilers/gcc')
-rw-r--r-- | pkgs/development/compilers/gcc/4.9/default.nix | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix index fb82eee4ab85..fc9e72812501 100644 --- a/pkgs/development/compilers/gcc/4.9/default.nix +++ b/pkgs/development/compilers/gcc/4.9/default.nix @@ -1,4 +1,4 @@ -{ stdenv, targetPackages, fetchurl, noSysDirs +{ stdenv, targetPackages, fetchurl, noSysDirs, fetchpatch , langC ? true, langCC ? true, langFortran ? false , langObjC ? targetPlatform.isDarwin , langObjCpp ? targetPlatform.isDarwin @@ -65,7 +65,21 @@ let version = "4.9.4"; ++ optional noSysDirs ../no-sys-dirs.patch ++ optional langFortran ../gfortran-driving.patch ++ [ ../struct-ucontext.patch ../struct-sigaltstack-4.9.patch ] # glibc-2.26 - ; + # Retpoline patches pulled from the branch hjl/indirect/gcc-4_9-branch (by H.J. Lu, the author of GCC upstream retpoline commits) + ++ builtins.map ({commit, sha256}: fetchpatch {url = "https://github.com/hjl-tools/gcc/commit/${commit}.patch"; inherit sha256;}) + [{ commit = "e623d21608e96ecd6b65f0d06312117d20488a38"; sha256 = "1ix8i4d2r3ygbv7npmsdj790rhxqrnfwcqzv48b090r9c3ij8ay3"; } + { commit = "2015a09e332309f12de1dadfe179afa6a29368b8"; sha256 = "0xcfs0cbb63llj2gbcdrvxim79ax4k4aswn0a3yjavxsj71s1n91"; } + { commit = "6b11591f4494f705e8746e7d58b7f423191f4e92"; sha256 = "0aydyhsm2ig0khgbp27am7vq7liyqrq6kfhfi2ki0ij0ab1hfbga"; } + { commit = "203c7d9c3e9cb0f88816b481ef8e7e87b3ecc373"; sha256 = "0wqn16y7wy5kg8ngfcni5qdwfphl01axczibbk49bxclwnzvldqa"; } + { commit = "f039c6f284b2c9ce97c8353d6034978795c4872e"; sha256 = "13fkgdb17lpyxfksz1zanxhgpsm0jrss9w61nbl7an4im22hz7ci"; } + { commit = "ed42606bdab1c5d9e5ad828cd6fe1a0557f193b7"; sha256 = "0gdnn8v3p03imj3qga2mzdhpgbmjcklkxdl97jvz5xia2ikzknxm"; } + { commit = "5278e062ef292fd2fbf987d25389785f4c5c0f99"; sha256 = "0j81x758wf8v7j4rx5wc1cy7yhkvhlhv3wmnarwakxiwsspq0vrs"; } + { commit = "76f1ffbbb6cd9f6ecde6c82cd16e20a27242e890"; sha256 = "1py56y6gp7fjf4f8bbsfwh5bs1gnmlqda1ycsmnwlzfm0cshdp0c"; } + { commit = "4ca48b2b688b135c0390f54ea9077ef10aedd52c"; sha256 = "15r019pzr3k0lpgyvdc92c8fayw8b5lrzncna4bqmamcsdz7vsaw"; } + { commit = "98c7bf9ddc80db965d69d61521b1c7a1cec32d9a"; sha256 = "1d7pfdv1q23nf0wadw7jbp6d6r7pnzjpbyxgbdfv7j1vr9l1bp60"; } + { commit = "3dc76b53ad896494ca62550a7a752fecbca3f7a2"; sha256 = "0jvdzfpvfdmklfcjwqblwq1i22iqis7ljpvm7adra5d7zf2xk7xz"; } + { commit = "1e961ed49b18e176c7457f53df2433421387c23b"; sha256 = "04dnqqs4qsvz4g8cq6db5id41kzys7hzhcaycwmc9rpqygs2ajwz"; } + { commit = "e137c72d099f9b3b47f4cc718aa11eab14df1a9c"; sha256 = "1ms0dmz74yf6kwgjfs4d2fhj8y6mcp2n184r3jk44wx2xc24vgb2"; }]; javaEcj = fetchurl { # The `$(top_srcdir)/ecj.jar' file is automatically picked up at |