* [Buildroot] [PATCH 1/1] package/safeclib: fix build without stack-protector
@ 2022-01-08 21:07 Fabrice Fontaine
2022-01-08 22:05 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Fabrice Fontaine @ 2022-01-08 21:07 UTC (permalink / raw)
To: buildroot; +Cc: Fabrice Fontaine
Fix the following build failure without stack-protector raised since
bump to version 02092020 in commit
ebe808ac4071395b4d1e90d617c33a5e6e514af1 and
https://github.com/rurban/safeclib/commit/caa4408eb4a5c767f0474258af3b6ccf444e10aa:
/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/m68k-buildroot-uclinux-uclibc/bin/ld.real: ../src/.libs/libsafec-3.6.0.a(safe_mem_constraint.o): in function `handle_mem_bos_chk_warn':
safe_mem_constraint.c:(.text+0x40): undefined reference to `__stack_chk_guard'
If stack-protector is enabled in the Buildroot config, the toolchain
wrapper will make sure it is used, so there's no need for the safeclib
configure to handle it.
Fixes:
- http://autobuild.buildroot.org/results/a481ee2d26a094358b0298617cce691be3077f22
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...gure.ac-add-disable-hardening-option.patch | 63 +++++++++++++++++++
package/safeclib/safeclib.mk | 3 +
2 files changed, 66 insertions(+)
create mode 100644 package/safeclib/0001-configure.ac-add-disable-hardening-option.patch
diff --git a/package/safeclib/0001-configure.ac-add-disable-hardening-option.patch b/package/safeclib/0001-configure.ac-add-disable-hardening-option.patch
new file mode 100644
index 0000000000..e851fce993
--- /dev/null
+++ b/package/safeclib/0001-configure.ac-add-disable-hardening-option.patch
@@ -0,0 +1,63 @@
+From 94c612016834d7bdc2b721ff5f4f5e158bda6fdd Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sat, 8 Jan 2022 21:49:22 +0100
+Subject: [PATCH] configure.ac: add --disable-hardening option
+
+Allow the user to disable hardening which is enabled by default since
+version 02092020 and
+https://github.com/rurban/safeclib/commit/caa4408eb4a5c767f0474258af3b6ccf444e10aa
+to avoid the following build failure when the toolchain doesn't support
+stack-protector:
+
+/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/m68k-buildroot-uclinux-uclibc/bin/ld.real: ../src/.libs/libsafec-3.6.0.a(safe_mem_constraint.o): in function `handle_mem_bos_chk_warn':
+safe_mem_constraint.c:(.text+0x40): undefined reference to `__stack_chk_guard'
+
+Fixes:
+ - http://autobuild.buildroot.org/results/a481ee2d26a094358b0298617cce691be3077f22
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/rurban/safeclib/pull/107]
+---
+ configure.ac | 27 +++++++++++++++++++--------
+ 1 file changed, 19 insertions(+), 8 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 55756b06..f852ed44 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -383,6 +383,21 @@ AC_ARG_ENABLE(debug-build,
+ esac], [enable_debug_build=false ])
+ AM_CONDITIONAL(ENABLE_DEBUG_BUILD, test "x$enable_debug_build" = "xtrue")
+
++AC_ARG_ENABLE(hardening,
++ AS_HELP_STRING([--disable-hardening],
++ [disable hardening @<:@default=no@:>@]),
++ [case "${enableval}" in
++ yes) enable_hardening=true ;;
++ no) enable_hardening=false ;;
++ *) AC_MSG_ERROR([bad value ${enableval} for --enable-hardening]) ;;
++ esac], [enable_hardening=true])
++
++if test "x$enable_hardening" = "xtrue" ; then
++ AX_APPEND_COMPILE_FLAGS([-fstack-protector-strong -fstack-clash-protection -fcf-protection],
++ [WARN_CFLAGS],[$ax_ccf_err])
++ AX_APPEND_LINK_FLAGS([-fstack-protector-strong -fstack-clash-protection -fcf-protection],
++ [WARN_LDFLAGS],[$ax_ccf_err])
++fi
+
+ AC_MSG_NOTICE([Check programs])
+ # ===============================================
+@@ -543,10 +562,6 @@ case $host_os in
+ [],[$ax_ccf_err])
+ ;;
+ esac
+-AX_APPEND_COMPILE_FLAGS([-fstack-protector-strong -fstack-clash-protection -fcf-protection],
+- [WARN_CFLAGS],[$ax_ccf_err])
+-AX_APPEND_LINK_FLAGS([-fstack-protector-strong -fstack-clash-protection -fcf-protection],
+- [WARN_LDFLAGS],[$ax_ccf_err])
+
+ if test x$ax_cv_check_cflags__Wrestrict = xyes; then
+ AC_DEFINE([HAVE_WARNING_RESTRICT], 1, [Have -Wrestrict])
+--
+2.34.1
+
diff --git a/package/safeclib/safeclib.mk b/package/safeclib/safeclib.mk
index 032a73bf67..87b710b37d 100644
--- a/package/safeclib/safeclib.mk
+++ b/package/safeclib/safeclib.mk
@@ -11,5 +11,8 @@ SAFECLIB_SOURCE = libsafec-$(SAFECLIB_VERSION).tar.xz
SAFECLIB_LICENSE = MIT
SAFECLIB_LICENSE_FILES = COPYING
SAFECLIB_INSTALL_STAGING = YES
+# We're patching configure.ac
+SAFECLIB_AUTORECONF = YES
+SAFECLIB_CONF_OPTS = --disable-hardening
$(eval $(autotools-package))
--
2.34.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/safeclib: fix build without stack-protector
2022-01-08 21:07 [Buildroot] [PATCH 1/1] package/safeclib: fix build without stack-protector Fabrice Fontaine
@ 2022-01-08 22:05 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2022-01-08 22:05 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Fix the following build failure without stack-protector raised since
> bump to version 02092020 in commit
> ebe808ac4071395b4d1e90d617c33a5e6e514af1 and
> https://github.com/rurban/safeclib/commit/caa4408eb4a5c767f0474258af3b6ccf444e10aa:
> /home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/m68k-buildroot-uclinux-uclibc/bin/ld.real:
> ../src/.libs/libsafec-3.6.0.a(safe_mem_constraint.o): in function
> `handle_mem_bos_chk_warn':
> safe_mem_constraint.c:(.text+0x40): undefined reference to `__stack_chk_guard'
> If stack-protector is enabled in the Buildroot config, the toolchain
> wrapper will make sure it is used, so there's no need for the safeclib
> configure to handle it.
> Fixes:
> - http://autobuild.buildroot.org/results/a481ee2d26a094358b0298617cce691be3077f22
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> +++ b/package/safeclib/safeclib.mk
> @@ -11,5 +11,8 @@ SAFECLIB_SOURCE = libsafec-$(SAFECLIB_VERSION).tar.xz
> SAFECLIB_LICENSE = MIT
> SAFECLIB_LICENSE_FILES = COPYING
> SAFECLIB_INSTALL_STAGING = YES
> +# We're patching configure.ac
> +SAFECLIB_AUTORECONF = YES
> +SAFECLIB_CONF_OPTS = --disable-hardening
I've added a comment explaining why this is done, similar to how we do
it in tpm2-tools.mk and committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-01-08 22:05 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-08 21:07 [Buildroot] [PATCH 1/1] package/safeclib: fix build without stack-protector Fabrice Fontaine
2022-01-08 22:05 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).