--- /dev/null
+From a9652a60af6254d07066f08377415f05e3a9462e Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Fri, 25 Dec 2015 11:45:38 +0100
+Subject: [PATCH] poison-system-directories
+
+Patch adapted to binutils 2.23.2 and extended to use
+BR_COMPILER_PARANOID_UNSAFE_PATH by Thomas Petazzoni.
+
+[Romain: rebase on top of 2.33.1]
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+[Gustavo: adapt to binutils 2.25]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+Upstream-Status: Inappropriate [distribution: codesourcery]
+
+Patch originally created by Mark Hatle, forward-ported to
+binutils 2.21 by Scott Garman.
+
+purpose: warn for uses of system directories when cross linking
+
+Code Merged from Sourcery G++ binutils 2.19 - 4.4-277
+
+2008-07-02 Joseph Myers <joseph@codesourcery.com>
+
+ ld/
+ * ld.h (args_type): Add error_poison_system_directories.
+ * ld.texinfo (--error-poison-system-directories): Document.
+ * ldfile.c (ldfile_add_library_path): Check
+ command_line.error_poison_system_directories.
+ * ldmain.c (main): Initialize
+ command_line.error_poison_system_directories.
+ * lexsup.c (enum option_values): Add
+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES.
+ (ld_options): Add --error-poison-system-directories.
+ (parse_args): Handle new option.
+
+2007-06-13 Joseph Myers <joseph@codesourcery.com>
+
+ ld/
+ * config.in: Regenerate.
+ * ld.h (args_type): Add poison_system_directories.
+ * ld.texinfo (--no-poison-system-directories): Document.
+ * ldfile.c (ldfile_add_library_path): Check
+ command_line.poison_system_directories.
+ * ldmain.c (main): Initialize
+ command_line.poison_system_directories.
+ * lexsup.c (enum option_values): Add
+ OPTION_NO_POISON_SYSTEM_DIRECTORIES.
+ (ld_options): Add --no-poison-system-directories.
+ (parse_args): Handle new option.
+
+2007-04-20 Joseph Myers <joseph@codesourcery.com>
+
+ Merge from Sourcery G++ binutils 2.17:
+
+ 2007-03-20 Joseph Myers <joseph@codesourcery.com>
+ Based on patch by Mark Hatle <mark.hatle@windriver.com>.
+ ld/
+ * configure.ac (--enable-poison-system-directories): New option.
+ * configure, config.in: Regenerate.
+ * ldfile.c (ldfile_add_library_path): If
+ ENABLE_POISON_SYSTEM_DIRECTORIES defined, warn for use of /lib,
+ /usr/lib, /usr/local/lib or /usr/X11R6/lib.
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+---
+ ld/config.in | 3 +++
+ ld/configure | 14 ++++++++++++++
+ ld/configure.ac | 10 ++++++++++
+ ld/ld.h | 8 ++++++++
+ ld/ld.texi | 12 ++++++++++++
+ ld/ldfile.c | 17 +++++++++++++++++
+ ld/ldlex.h | 2 ++
+ ld/ldmain.c | 2 ++
+ ld/lexsup.c | 21 +++++++++++++++++++++
+ 9 files changed, 89 insertions(+)
+
+diff --git a/ld/config.in b/ld/config.in
+index 7b60d778587..37b8e9b6f6c 100644
+--- a/ld/config.in
++++ b/ld/config.in
+@@ -40,6 +40,9 @@
+ language is requested. */
+ #undef ENABLE_NLS
+
++/* Define to warn for use of native system library directories */
++#undef ENABLE_POISON_SYSTEM_DIRECTORIES
++
+ /* Additional extension a shared object might have. */
+ #undef EXTRA_SHLIB_EXTENSION
+
+diff --git a/ld/configure b/ld/configure
+index a8d248eab58..f52e1f3c18f 100755
+--- a/ld/configure
++++ b/ld/configure
+@@ -828,6 +828,7 @@ with_lib_path
+ enable_targets
+ enable_64_bit_bfd
+ with_sysroot
++enable_poison_system_directories
+ enable_gold
+ enable_got
+ enable_compressed_debug_sections
+@@ -1496,6 +1497,8 @@ Optional Features:
+ --disable-largefile omit support for large files
+ --enable-targets alternative target configurations
+ --enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes)
++ --enable-poison-system-directories
++ warn for use of native system library directories
+ --enable-gold[=ARG] build gold [ARG={default,yes,no}]
+ --enable-got=<type> GOT handling scheme (target, single, negative,
+ multigot)
+@@ -15841,7 +15844,18 @@ else
+ fi
+
+
++# Check whether --enable-poison-system-directories was given.
++if test "${enable_poison_system_directories+set}" = set; then :
++ enableval=$enable_poison_system_directories;
++else
++ enable_poison_system_directories=no
++fi
++
++if test "x${enable_poison_system_directories}" = "xyes"; then
+
++$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
++
++fi
+
+ # Check whether --enable-got was given.
+ if test "${enable_got+set}" = set; then :
+diff --git a/ld/configure.ac b/ld/configure.ac
+index c9c69ab9245..59dab0a6ac4 100644
+--- a/ld/configure.ac
++++ b/ld/configure.ac
+@@ -94,6 +94,16 @@ AC_SUBST(use_sysroot)
+ AC_SUBST(TARGET_SYSTEM_ROOT)
+ AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE)
+
++AC_ARG_ENABLE([poison-system-directories],
++ AS_HELP_STRING([--enable-poison-system-directories],
++ [warn for use of native system library directories]),,
++ [enable_poison_system_directories=no])
++if test "x${enable_poison_system_directories}" = "xyes"; then
++ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
++ [1],
++ [Define to warn for use of native system library directories])
++fi
++
+ dnl Use --enable-gold to decide if this linker should be the default.
+ dnl "install_as_default" is set to false if gold is the default linker.
+ dnl "installed_linker" is the installed BFD linker name.
+diff --git a/ld/ld.h b/ld/ld.h
+index 93f5af92c7d..ff7f71a7b66 100644
+--- a/ld/ld.h
++++ b/ld/ld.h
+@@ -166,6 +166,14 @@ typedef struct
+ in the linker script. */
+ bfd_boolean force_group_allocation;
+
++ /* If TRUE (the default) warn for uses of system directories when
++ cross linking. */
++ bfd_boolean poison_system_directories;
++
++ /* If TRUE (default FALSE) give an error for uses of system
++ directories when cross linking instead of a warning. */
++ bfd_boolean error_poison_system_directories;
++
+ /* Big or little endian as set on command line. */
+ enum endian_enum endian;
+
+diff --git a/ld/ld.texi b/ld/ld.texi
+index 7a602b9c6ab..cccbfbab3bb 100644
+--- a/ld/ld.texi
++++ b/ld/ld.texi
+@@ -2810,6 +2810,18 @@ string identifying the original linked file does not change.
+
+ Passing @code{none} for @var{style} disables the setting from any
+ @code{--build-id} options earlier on the command line.
++
++@kindex --no-poison-system-directories
++@item --no-poison-system-directories
++Do not warn for @option{-L} options using system directories such as
++@file{/usr/lib} when cross linking. This option is intended for use
++in chroot environments when such directories contain the correct
++libraries for the target system rather than the host.
++
++@kindex --error-poison-system-directories
++@item --error-poison-system-directories
++Give an error instead of a warning for @option{-L} options using
++system directories when cross linking.
+ @end table
+
+ @c man end
+diff --git a/ld/ldfile.c b/ld/ldfile.c
+index 81cb86d51e2..cd5c2752679 100644
+--- a/ld/ldfile.c
++++ b/ld/ldfile.c
+@@ -117,6 +117,23 @@ ldfile_add_library_path (const char *name, bfd_boolean cmdline)
+ new_dirs->name = concat (ld_sysroot, name + strlen ("$SYSROOT"), (const char *) NULL);
+ else
+ new_dirs->name = xstrdup (name);
++
++#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
++ if (command_line.poison_system_directories
++ && ((!strncmp (name, "/lib", 4))
++ || (!strncmp (name, "/usr/lib", 8))
++ || (!strncmp (name, "/usr/local/lib", 14))
++ || (!strncmp (name, "/usr/X11R6/lib", 14))))
++ {
++ if (command_line.error_poison_system_directories)
++ einfo (_("%X%P: error: library search path \"%s\" is unsafe for "
++ "cross-compilation\n"), name);
++ else
++ einfo (_("%P: warning: library search path \"%s\" is unsafe for "
++ "cross-compilation\n"), name);
++ }
++#endif
++
+ }
+
+ /* Try to open a BFD for a lang_input_statement. */
+diff --git a/ld/ldlex.h b/ld/ldlex.h
+index b0101028321..77f5accb5d9 100644
+--- a/ld/ldlex.h
++++ b/ld/ldlex.h
+@@ -161,6 +161,8 @@ enum option_values
+ OPTION_CTF_VARIABLES,
+ OPTION_NO_CTF_VARIABLES,
+ OPTION_CTF_SHARE_TYPES,
++ OPTION_NO_POISON_SYSTEM_DIRECTORIES,
++ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES,
+ };
+
+ /* The initial parser states. */
+diff --git a/ld/ldmain.c b/ld/ldmain.c
+index 863df0293ea..f06f2546ef5 100644
+--- a/ld/ldmain.c
++++ b/ld/ldmain.c
+@@ -323,6 +323,8 @@ main (int argc, char **argv)
+ command_line.warn_mismatch = TRUE;
+ command_line.warn_search_mismatch = TRUE;
+ command_line.check_section_addresses = -1;
++ command_line.poison_system_directories = TRUE;
++ command_line.error_poison_system_directories = FALSE;
+
+ /* We initialize DEMANGLING based on the environment variable
+ COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the
+diff --git a/ld/lexsup.c b/ld/lexsup.c
+index f005a58a045..eb383d3755b 100644
+--- a/ld/lexsup.c
++++ b/ld/lexsup.c
+@@ -591,6 +591,14 @@ static const struct ld_option ld_options[] =
+ " <method> is: share-unconflicted (default),\n"
+ " share-duplicated"),
+ TWO_DASHES },
++ { {"no-poison-system-directories", no_argument, NULL,
++ OPTION_NO_POISON_SYSTEM_DIRECTORIES},
++ '\0', NULL, N_("Do not warn for -L options using system directories"),
++ TWO_DASHES },
++ { {"error-poison-system-directories", no_argument, NULL,
++ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES},
++ '\0', NULL, N_("Give an error for -L options using system directories"),
++ TWO_DASHES },
+ };
+
+ #define OPTION_COUNT ARRAY_SIZE (ld_options)
+@@ -603,6 +611,7 @@ parse_args (unsigned argc, char **argv)
+ int ingroup = 0;
+ char *default_dirlist = NULL;
+ char *shortopts;
++ char *BR_paranoid_env;
+ struct option *longopts;
+ struct option *really_longopts;
+ int last_optind;
+@@ -1633,6 +1642,14 @@ parse_args (unsigned argc, char **argv)
+ }
+ break;
+
++ case OPTION_NO_POISON_SYSTEM_DIRECTORIES:
++ command_line.poison_system_directories = FALSE;
++ break;
++
++ case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES:
++ command_line.error_poison_system_directories = TRUE;
++ break;
++
+ case OPTION_PUSH_STATE:
+ input_flags.pushed = xmemdup (&input_flags,
+ sizeof (input_flags),
+@@ -1778,6 +1795,10 @@ parse_args (unsigned argc, char **argv)
+ command_line.soname = NULL;
+ }
+
++ BR_paranoid_env = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
++ if (BR_paranoid_env && strlen(BR_paranoid_env) > 0)
++ command_line.error_poison_system_directories = TRUE;
++
+ while (ingroup)
+ {
+ einfo (_("%P: missing --end-group; added as last command line option\n"));
+--
+2.29.2
+