From 771bae04e8ebcef3f11a0be55c28a571181aa231 Mon Sep 17 00:00:00 2001 From: Bojan Nikolic Date: Fri, 29 Dec 2017 14:29:05 +0000 Subject: gcc: Enable SSP and shared libs in the final stage for MinGW Hardening on by default now that we don't use the cross wrapper. In turn, hardening requires libssp in particular. --- pkgs/development/compilers/gcc/4.5/default.nix | 2 +- pkgs/development/compilers/gcc/4.8/default.nix | 6 +----- pkgs/development/compilers/gcc/4.9/default.nix | 6 +----- pkgs/development/compilers/gcc/5/default.nix | 6 +----- pkgs/development/compilers/gcc/6/default.nix | 6 +----- pkgs/development/compilers/gcc/7/default.nix | 6 +----- pkgs/development/compilers/gcc/snapshot/default.nix | 6 +----- 7 files changed, 7 insertions(+), 31 deletions(-) diff --git a/pkgs/development/compilers/gcc/4.5/default.nix b/pkgs/development/compilers/gcc/4.5/default.nix index c4dae5c8b66f..e7cf6b1f1f1d 100644 --- a/pkgs/development/compilers/gcc/4.5/default.nix +++ b/pkgs/development/compilers/gcc/4.5/default.nix @@ -120,7 +120,7 @@ let version = "4.5.4"; " --enable-sjlj-exceptions" + " --enable-hash-synchronization" + " --enable-version-specific-runtime-libs" + - " --disable-libssp" + + " --enable-libssp" + " --disable-nls" + " --with-dwarf2" else diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix index 15529bd554a4..f7674bb11845 100644 --- a/pkgs/development/compilers/gcc/4.8/default.nix +++ b/pkgs/development/compilers/gcc/4.8/default.nix @@ -159,13 +159,9 @@ let version = "4.8.5"; " --enable-threads=win32" + " --enable-sjlj-exceptions" + " --enable-hash-synchronization" + - " --disable-libssp" + + " --enable-libssp" + " --disable-nls" + " --with-dwarf2" + - # I think noone uses shared gcc libs in mingw, so we better do the same. - # In any case, mingw32 g++ linking is broken by default with shared libs, - # unless adding "-lsupc++" to any linking command. I don't know why. - " --disable-shared" + # To keep ABI compatibility with upstream mingw-w64 " --enable-fully-dynamic-string" else (if targetPlatform.libc == "uclibc" then diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix index 6ece3abd9356..05b5ea3a725c 100644 --- a/pkgs/development/compilers/gcc/4.9/default.nix +++ b/pkgs/development/compilers/gcc/4.9/default.nix @@ -159,13 +159,9 @@ let version = "4.9.4"; " --enable-threads=win32" + " --enable-sjlj-exceptions" + " --enable-hash-synchronization" + - " --disable-libssp" + + " --enable-libssp" + " --disable-nls" + " --with-dwarf2" + - # I think noone uses shared gcc libs in mingw, so we better do the same. - # In any case, mingw32 g++ linking is broken by default with shared libs, - # unless adding "-lsupc++" to any linking command. I don't know why. - " --disable-shared" + # To keep ABI compatibility with upstream mingw-w64 " --enable-fully-dynamic-string" else (if targetPlatform.libc == "uclibc" then diff --git a/pkgs/development/compilers/gcc/5/default.nix b/pkgs/development/compilers/gcc/5/default.nix index f6242573e67f..10701f687dec 100644 --- a/pkgs/development/compilers/gcc/5/default.nix +++ b/pkgs/development/compilers/gcc/5/default.nix @@ -163,13 +163,9 @@ let version = "5.4.0"; " --enable-threads=win32" + " --enable-sjlj-exceptions" + " --enable-hash-synchronization" + - " --disable-libssp" + + " --enable-libssp" + " --disable-nls" + " --with-dwarf2" + - # I think noone uses shared gcc libs in mingw, so we better do the same. - # In any case, mingw32 g++ linking is broken by default with shared libs, - # unless adding "-lsupc++" to any linking command. I don't know why. - " --disable-shared" + # To keep ABI compatibility with upstream mingw-w64 " --enable-fully-dynamic-string" else (if targetPlatform.libc == "uclibc" then diff --git a/pkgs/development/compilers/gcc/6/default.nix b/pkgs/development/compilers/gcc/6/default.nix index 324fb3e0c1ac..bcee4026c395 100644 --- a/pkgs/development/compilers/gcc/6/default.nix +++ b/pkgs/development/compilers/gcc/6/default.nix @@ -159,13 +159,9 @@ let version = "6.3.0"; " --enable-threads=win32" + " --enable-sjlj-exceptions" + " --enable-hash-synchronization" + - " --disable-libssp" + + " --enable-libssp" + " --disable-nls" + " --with-dwarf2" + - # I think noone uses shared gcc libs in mingw, so we better do the same. - # In any case, mingw32 g++ linking is broken by default with shared libs, - # unless adding "-lsupc++" to any linking command. I don't know why. - " --disable-shared" + # To keep ABI compatibility with upstream mingw-w64 " --enable-fully-dynamic-string" else (if targetPlatform.libc == "uclibc" then diff --git a/pkgs/development/compilers/gcc/7/default.nix b/pkgs/development/compilers/gcc/7/default.nix index c8d54308c955..ab56adf1a524 100644 --- a/pkgs/development/compilers/gcc/7/default.nix +++ b/pkgs/development/compilers/gcc/7/default.nix @@ -160,13 +160,9 @@ let version = "7.1.0"; " --enable-threads=win32" + " --enable-sjlj-exceptions" + " --enable-hash-synchronization" + - " --disable-libssp" + + " --enable-libssp" + " --disable-nls" + " --with-dwarf2" + - # I think noone uses shared gcc libs in mingw, so we better do the same. - # In any case, mingw32 g++ linking is broken by default with shared libs, - # unless adding "-lsupc++" to any linking command. I don't know why. - " --disable-shared" + # To keep ABI compatibility with upstream mingw-w64 " --enable-fully-dynamic-string" else (if targetPlatform.libc == "uclibc" then diff --git a/pkgs/development/compilers/gcc/snapshot/default.nix b/pkgs/development/compilers/gcc/snapshot/default.nix index fd34f414f961..09d4f8af869b 100644 --- a/pkgs/development/compilers/gcc/snapshot/default.nix +++ b/pkgs/development/compilers/gcc/snapshot/default.nix @@ -160,13 +160,9 @@ let version = "7-20170409"; " --enable-threads=win32" + " --enable-sjlj-exceptions" + " --enable-hash-synchronization" + - " --disable-libssp" + + " --enable-libssp" + " --disable-nls" + " --with-dwarf2" + - # I think noone uses shared gcc libs in mingw, so we better do the same. - # In any case, mingw32 g++ linking is broken by default with shared libs, - # unless adding "-lsupc++" to any linking command. I don't know why. - " --disable-shared" + # To keep ABI compatibility with upstream mingw-w64 " --enable-fully-dynamic-string" else (if targetPlatform.libc == "uclibc" then -- cgit 1.4.1 From 2e0ebc0532f89e4073cbea3f0ef1074a7a21dd8a Mon Sep 17 00:00:00 2001 From: Bojan Nikolic Date: Fri, 29 Dec 2017 14:29:05 +0000 Subject: mingw-w64: Disable stack hardening of the runtime Do this because it is built with the static stage --- pkgs/os-specific/windows/mingw-w64/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/os-specific/windows/mingw-w64/default.nix b/pkgs/os-specific/windows/mingw-w64/default.nix index 6e21826381b6..53050435256f 100644 --- a/pkgs/os-specific/windows/mingw-w64/default.nix +++ b/pkgs/os-specific/windows/mingw-w64/default.nix @@ -4,4 +4,5 @@ stdenv.mkDerivation { inherit (callPackage ./common.nix {}) name src; buildInputs = [ windows.mingw_w64_headers ]; dontStrip = true; + hardeningDisable = [ "stackprotector" "fortify" ]; } -- cgit 1.4.1