buildroot.busybox.net archive mirror
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/safeclib: fix build without stack-protector
@ 2022-01-08 21:07 Fabrice Fontaine
  2022-01-08 22:05 ` Peter Korsgaard
  0 siblings, 1 reply; 2+ messages in thread
From: Fabrice Fontaine @ 2022-01-08 21:07 UTC (permalink / raw)
  To: buildroot; +Cc: Fabrice Fontaine

Fix the following build failure without stack-protector raised since
bump to version 02092020 in commit
ebe808ac4071395b4d1e90d617c33a5e6e514af1 and
https://github.com/rurban/safeclib/commit/caa4408eb4a5c767f0474258af3b6ccf444e10aa:

/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/m68k-buildroot-uclinux-uclibc/bin/ld.real: ../src/.libs/libsafec-3.6.0.a(safe_mem_constraint.o): in function `handle_mem_bos_chk_warn':
safe_mem_constraint.c:(.text+0x40): undefined reference to `__stack_chk_guard'

If stack-protector is enabled in the Buildroot config, the toolchain
wrapper will make sure it is used, so there's no need for the safeclib
configure to handle it.

Fixes:
 - http://autobuild.buildroot.org/results/a481ee2d26a094358b0298617cce691be3077f22

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 ...gure.ac-add-disable-hardening-option.patch | 63 +++++++++++++++++++
 package/safeclib/safeclib.mk                  |  3 +
 2 files changed, 66 insertions(+)
 create mode 100644 package/safeclib/0001-configure.ac-add-disable-hardening-option.patch

diff --git a/package/safeclib/0001-configure.ac-add-disable-hardening-option.patch b/package/safeclib/0001-configure.ac-add-disable-hardening-option.patch
new file mode 100644
index 0000000000..e851fce993
--- /dev/null
+++ b/package/safeclib/0001-configure.ac-add-disable-hardening-option.patch
@@ -0,0 +1,63 @@
+From 94c612016834d7bdc2b721ff5f4f5e158bda6fdd Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sat, 8 Jan 2022 21:49:22 +0100
+Subject: [PATCH] configure.ac: add --disable-hardening option
+
+Allow the user to disable hardening which is enabled by default since
+version 02092020 and
+https://github.com/rurban/safeclib/commit/caa4408eb4a5c767f0474258af3b6ccf444e10aa
+to avoid the following build failure when the toolchain doesn't support
+stack-protector:
+
+/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/m68k-buildroot-uclinux-uclibc/bin/ld.real: ../src/.libs/libsafec-3.6.0.a(safe_mem_constraint.o): in function `handle_mem_bos_chk_warn':
+safe_mem_constraint.c:(.text+0x40): undefined reference to `__stack_chk_guard'
+
+Fixes:
+ - http://autobuild.buildroot.org/results/a481ee2d26a094358b0298617cce691be3077f22
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/rurban/safeclib/pull/107]
+---
+ configure.ac | 27 +++++++++++++++++++--------
+ 1 file changed, 19 insertions(+), 8 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 55756b06..f852ed44 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -383,6 +383,21 @@ AC_ARG_ENABLE(debug-build,
+ 	esac], [enable_debug_build=false ])
+ AM_CONDITIONAL(ENABLE_DEBUG_BUILD, test "x$enable_debug_build" = "xtrue")
+ 
++AC_ARG_ENABLE(hardening,
++	AS_HELP_STRING([--disable-hardening],
++	               [disable hardening @<:@default=no@:>@]),
++	[case "${enableval}" in
++	yes) enable_hardening=true ;;
++	no)  enable_hardening=false ;;
++	*)   AC_MSG_ERROR([bad value ${enableval} for --enable-hardening]) ;;
++	esac], [enable_hardening=true])
++
++if test "x$enable_hardening" = "xtrue" ; then
++	AX_APPEND_COMPILE_FLAGS([-fstack-protector-strong -fstack-clash-protection -fcf-protection],
++                         [WARN_CFLAGS],[$ax_ccf_err])
++	AX_APPEND_LINK_FLAGS([-fstack-protector-strong -fstack-clash-protection -fcf-protection],
++                         [WARN_LDFLAGS],[$ax_ccf_err])
++fi
+ 
+ AC_MSG_NOTICE([Check programs])
+ # ===============================================
+@@ -543,10 +562,6 @@ case $host_os in
+        [],[$ax_ccf_err])
+     ;;
+ esac
+-AX_APPEND_COMPILE_FLAGS([-fstack-protector-strong -fstack-clash-protection -fcf-protection],
+-                         [WARN_CFLAGS],[$ax_ccf_err])
+-AX_APPEND_LINK_FLAGS([-fstack-protector-strong -fstack-clash-protection -fcf-protection],
+-                         [WARN_LDFLAGS],[$ax_ccf_err])
+ 
+ if test x$ax_cv_check_cflags__Wrestrict = xyes; then
+    AC_DEFINE([HAVE_WARNING_RESTRICT], 1, [Have -Wrestrict])
+-- 
+2.34.1
+
diff --git a/package/safeclib/safeclib.mk b/package/safeclib/safeclib.mk
index 032a73bf67..87b710b37d 100644
--- a/package/safeclib/safeclib.mk
+++ b/package/safeclib/safeclib.mk
@@ -11,5 +11,8 @@ SAFECLIB_SOURCE = libsafec-$(SAFECLIB_VERSION).tar.xz
 SAFECLIB_LICENSE = MIT
 SAFECLIB_LICENSE_FILES = COPYING
 SAFECLIB_INSTALL_STAGING = YES
+# We're patching configure.ac
+SAFECLIB_AUTORECONF = YES
+SAFECLIB_CONF_OPTS = --disable-hardening
 
 $(eval $(autotools-package))
-- 
2.34.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/safeclib: fix build without stack-protector
  2022-01-08 21:07 [Buildroot] [PATCH 1/1] package/safeclib: fix build without stack-protector Fabrice Fontaine
@ 2022-01-08 22:05 ` Peter Korsgaard
  0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2022-01-08 22:05 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix the following build failure without stack-protector raised since
 > bump to version 02092020 in commit
 > ebe808ac4071395b4d1e90d617c33a5e6e514af1 and
 > https://github.com/rurban/safeclib/commit/caa4408eb4a5c767f0474258af3b6ccf444e10aa:

 > /home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/m68k-buildroot-uclinux-uclibc/bin/ld.real:
 > ../src/.libs/libsafec-3.6.0.a(safe_mem_constraint.o): in function
 > `handle_mem_bos_chk_warn':
 > safe_mem_constraint.c:(.text+0x40): undefined reference to `__stack_chk_guard'

 > If stack-protector is enabled in the Buildroot config, the toolchain
 > wrapper will make sure it is used, so there's no need for the safeclib
 > configure to handle it.

 > Fixes:
 >  - http://autobuild.buildroot.org/results/a481ee2d26a094358b0298617cce691be3077f22

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 > ---

 > +++ b/package/safeclib/safeclib.mk
 > @@ -11,5 +11,8 @@ SAFECLIB_SOURCE = libsafec-$(SAFECLIB_VERSION).tar.xz
 >  SAFECLIB_LICENSE = MIT
 >  SAFECLIB_LICENSE_FILES = COPYING
 >  SAFECLIB_INSTALL_STAGING = YES
 > +# We're patching configure.ac
 > +SAFECLIB_AUTORECONF = YES
 > +SAFECLIB_CONF_OPTS = --disable-hardening

I've added a comment explaining why this is done, similar to how we do
it in tpm2-tools.mk and committed, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-01-08 22:05 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-08 21:07 [Buildroot] [PATCH 1/1] package/safeclib: fix build without stack-protector Fabrice Fontaine
2022-01-08 22:05 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).