Hi, Emerge of the openssl-0.9.7c ebuilds fails with a segmentation fault when using -fstack-protector on sparc. I tried several times to compile it and it always kept segfaulting at exactly the same place when compiling ca.c even after a reboot (just to be sure it is not a hardware issue) also this happens for both the -r1 and "-r0" ebuild. ------------- emerge openssl output ------------------- [...] gcc -DMONOLITH -I.. -I../include -DOPENSSL_SYSNAME_ULTRASPARC -fPIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -DOPENSSL_NO_KRB5 -DB_ENDIAN -DTERMIO -Wall -Wa,-Av8plus -DBN_DIV2W -mcpu=ultrasparc -O3 -pipe -fomit-f rame-pointer -fstack-protector -DMD5_ASM -c -o errstr.o errstr.c gcc -DMONOLITH -I.. -I../include -DOPENSSL_SYSNAME_ULTRASPARC -fPIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHA VE_DLFCN_H -DOPENSSL_NO_KRB5 -DB_ENDIAN -DTERMIO -Wall -Wa,-Av8plus -DBN_DIV2W -mcpu=ultrasparc -O3 -pipe -fomit-f rame-pointer -fstack-protector -DMD5_ASM -c -o ca.o ca.c ca.c: In function `do_body': ca.c:2399: internal error: Segmentation fault Please submit a full bug report, with preprocessed source if appropriate. See <URL:http://bugs.gentoo.org/> for instructions. make[1]: *** [ca.o] Error 1 make[1]: Leaving directory `/var/tmp/portage/openssl-0.9.7c-r1/work/openssl-0.9.7c/apps' make: *** [sub_all] Error 1 !!! ERROR: dev-libs/openssl-0.9.7c-r1 failed. !!! Function src_compile, Line 132, Exitcode 2 !!! (no error message) ------------------------------------------------------- ------------------------------------------------------- FYI the segfault happens somewhere around here (in apps/ca.c) [...] 2379 err: 2380 for (i=0; i<DB_NUMBER; i++) 2381 if (row[i] != NULL) OPENSSL_free(row[i]); 2382 2383 if (CAname != NULL) 2384 X509_NAME_free(CAname); 2385 if (subject != NULL) 2386 X509_NAME_free(subject); 2387 if ((dn_subject != NULL) && !email_dn) 2388 X509_NAME_free(dn_subject); 2389 if (tmptm != NULL) 2390 ASN1_UTCTIME_free(tmptm); 2391 if (ok <= 0) 2392 { 2393 if (ret != NULL) X509_free(ret); 2394 ret=NULL; 2395 } 2396 else 2397 *xret=ret; 2398 return(ok); 2399 } ------------------------------------------------------- Removing "-fomit-frame-pointer" or changing other parts of my CFLAGS did not change a thing but as soon as -fstack-protector was beeing removed it just compiled fine. (Feel free to contact me just in case you are interested in the complete output or any other files etc.) Regards, Daniel PS: I dont know if -fstack-protector is really fully and officially supported, but I thought this seems something that should at least have been reported as known bug... ;-) Reproducible: Always Steps to Reproduce: 1. CFLAGS including -fstack-protector 2. emerge openssl -> segfault 3. CFLAGS without -fstack-protector 4. emerge openssl -> :-) Expected Results: compile fine with -fstack-protector or at minimum strip CFLAGS in the ebuild and issue a warning that openssl currently cannot be compiled with stack smashing protection. (but really just as a last resort, I'd really like to make us of this - especially in openssl) emerge info: Portage 2.0.50-r1 (default-sparc64-2004.0, gcc-3.2.3, glibc-2.3.3_pre20040207-r0, 2.4.22-rc2-iso-up) ================================================================= System uname: 2.4.22-rc2-iso-up sparc64 sun4u Gentoo Base System version 1.4.3.13 Autoconf: sys-devel/autoconf-2.59-r3 Automake: sys-devel/automake-1.8.2 ACCEPT_KEYWORDS="sparc ~sparc" AUTOCLEAN="yes" CFLAGS="-mcpu=ultrasparc -O3 -pipe -fstack-protector -fomit-frame-pointer" CHOST="sparc-unknown-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-mcpu=ultrasparc -O3 -pipe -fstack-protector -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="ccache sandbox" GENTOO_MIRRORS="http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="arts avi berkdb crypt cups encode esd fbcon foomaticdb gdbm gif imlib jpeg kde libwww mad mikmod motif mpeg ncurses nls oggvorbis opengl oss pam pdflib perl png python qt readline sdl slang sparc spell ssl tcpd truetype xml2 xmms xv zlib"
What revision of gcc-3.2.3 are you using, and could you try adding -fforce-addr to your CFLAGS and try again? I've seen this error before, and I *think* it needed a patch from the propolice creator, but oddly enough, -fforce-addr did virtually the same thing that the patch did.
Just tried with -fforce-addr but still get the seg fault. I am using revision 2 of the gcc 3.2.3 ebuild. gcc --version returns: gcc (GCC) 3.2.3 20030422 (Gentoo Linux 1.4 3.2.3-r2, propolice)
FYI: Hmm, I just ran into another problem related to propolice - can't compile sash-3.6. See #41675 comment #20
sparc will suffer from a great deal many of bugs with ssp unless the toolchain is an updated one. i.e. you need atleast 3.2.3-r5 to have this bug with static linking to go away. I think there is a sparc-profile in portage that has support for an updated toolchain. That might be worth a try. Also of interest is seemant@g.o is working on the hardened-sparc-2004.X profile which should have all the updated goodies. I can't vouch that it's functional for production use yet, but it should be in portage in the next day or two if not already..
Hi Solar. Thanks for these pointers. I just had a short look at the profiles available and it seems there is no newer (default) sparc profile available than the one I am currently already using which is default-sparc64-2004.0 (please correct me if I am wrong here). Also hardened-sparc-2004.X isn't there jet but that definitely sounds interesting, so you can probably already count me as beta tester for that one. ;-) As I probably won't have enough time to continue installing today anyway, I will see what I can do and give it another try next week (either with another profile or manually updating to a newer gcc...) :)
Ok, so FYI: I manually emerged gcc-3.2.3-r7 [1] then re-emerged glibc and afterwards the complete emerge system [2] went just fine - everything smooth with -fstack-protector. :-) I'd be more than happy only that I just noticed that the 30gb harddisk I put into the box just began to die and currupted my reiserfs system partition. *sigh* :-( But that's now probably getting off-topic... ------ 1 To be precise it complained about the /usr/bin/eqn binary (-> __guard@@GCC) so I first emerged gentookit then re-emerged groff before I could actually merge gcc... 2 I modified the sparc profile's "packages" to avoid downgrading gcc.
Looks like GCC 3.3.3 will be ready for sparc soon and fix this (Weeve, if I am wrong here, correct me :) ).
Resolving this as fixed as gcc-3.3.3 is now stable on sparc and I've successfully built out a system from stage 1 using -fstack-protector. If for some reason this continues to plague you, feel free to re-open.
