462276 – net-misc/curl-7.29.0-r1 on hardened with -D_FORTIFY_SOURCE in CFLAGS - configure: CFLAGS error: CFLAGS may only be used to specify C compiler flags, not macro definitions. Use CPPFLAGS for: -D_FORTIFY_SOURCE=2

Bug 462276 - net-misc/curl-7.29.0-r1 on hardened with -D_FORTIFY_SOURCE in CFLAGS - configure: CFLAGS error: CFLAGS may only be used to specify C compiler flags, not macro definitions. Use CPPFLAGS for: -D_FORTIFY_SOURCE=2

Summary: net-misc/curl-7.29.0-r1 on hardened with -D_FORTIFY_SOURCE in CFLAGS - config...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Anthony Basile

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-03-19 08:58 UTC by Bruno
Modified:	2013-03-26 12:00 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
config.log (config.log,11.26 KB, text/plain) 2013-03-19 09:01 UTC, Bruno	Details
emerge --info (emerge-info.txt,15.27 KB, text/plain) 2013-03-19 09:01 UTC, Bruno	Details
build.log (build.log,6.89 KB, text/plain) 2013-03-21 13:28 UTC, Bruno	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bruno 2013-03-19 08:58:31 UTC

Configure script of curl bails out complaining about presence of macro definitions in CLFAGS. It complains about -D_FORTIFY_SOURCE=2.


checking for x86_64-pc-linux-gnu-ar... /usr/bin/x86_64-pc-linux-gnu-ar
configure: using CFLAGS: -O2 -pipe -march=core2 -fstack-protector-all -D_FORTIFY_SOURCE=2 -fstack-protector-all -D_FORTIFY_SOURCE=2 -fstack-protector-all -D_FORTIFY_SOURCE=2 -fstack-protector-all -D_FORTIFY_SOURCE=2
configure: CFLAGS error: CFLAGS may only be used to specify C compiler flags, not macro definitions. Use CPPFLAGS for: -D_FORTIFY_SOURCE=2
configure: CFLAGS error: CFLAGS may only be used to specify C compiler flags, not macro definitions. Use CPPFLAGS for: -D_FORTIFY_SOURCE=2
configure: CFLAGS error: CFLAGS may only be used to specify C compiler flags, not macro definitions. Use CPPFLAGS for: -D_FORTIFY_SOURCE=2
configure: CFLAGS error: CFLAGS may only be used to specify C compiler flags, not macro definitions. Use CPPFLAGS for: -D_FORTIFY_SOURCE=2
configure: error: Can not continue. Fix errors mentioned immediately above this line.



Reproducible: Always

Comment 1 Bruno 2013-03-19 09:01:16 UTC

Created attachment 342610 [details]
config.log

Comment 2 Bruno 2013-03-19 09:01:36 UTC

Created attachment 342612 [details]
emerge --info

Comment 3 Anthony Basile gentoo-dev

2013-03-21 13:16:35 UTC

Use CPPFLAGS for -D_FORTIFY_SOURCE=2 doesn't sound right.  Can you attatch the build log?

Comment 4 Bruno 2013-03-21 13:28:19 UTC

Created attachment 342842 [details]
build.log

Comment 5 Anthony Basile gentoo-dev

2013-03-24 18:44:09 UTC

(In reply to comment #4)
> Created attachment 342842 [details]
> build.log

Okay this occurs if you have CFLAGS="-D_FORTIFY_SOURCE=2" anywhere in your environment.  Can you see if you have that in your make.conf?  Or maybe somewhere else you in system?  There's nothing for me to do with curl since curl never touches _FORTIFY_SOURCE and it does respect CPP/CFLAGS.

Comment 6 Bruno 2013-03-25 20:50:20 UTC

(In reply to comment #5)
> Okay this occurs if you have CFLAGS="-D_FORTIFY_SOURCE=2" anywhere in your
> environment.  Can you see if you have that in your make.conf?  Or maybe
> somewhere else you in system?  There's nothing for me to do with curl since
> curl never touches _FORTIFY_SOURCE and it does respect CPP/CFLAGS.

I had it in CFLAGS/CXXFLAGS via /etc/portage/bashrc (), dating back from early hardening some longer time ago.
Removed it from there as hardened gcc profile is expected to handle it. With that fixed, curl compile.

Comment 7 Anthony Basile gentoo-dev

2013-03-26 12:00:32 UTC

(In reply to comment #6)
> (In reply to comment #5)
> > Okay this occurs if you have CFLAGS="-D_FORTIFY_SOURCE=2" anywhere in your
> > environment.  Can you see if you have that in your make.conf?  Or maybe
> > somewhere else you in system?  There's nothing for me to do with curl since
> > curl never touches _FORTIFY_SOURCE and it does respect CPP/CFLAGS.
> 
> I had it in CFLAGS/CXXFLAGS via /etc/portage/bashrc (), dating back from
> early hardening some longer time ago.
> Removed it from there as hardened gcc profile is expected to handle it. With
> that fixed, curl compile.

thanks.