When using gentoo-hardened with the new fortify-source-3.patch built into gcc-12.2.1_p20230428-r1 , net-vpn/i2pd package with the i2p-hardening USE flag enabled: results in a warning about a definition redefined collision. <command-line>: warning: "_FORTIFY_SOURCE" redefined <built-in>: note: this is the location of the previous definition Meaning the package has _F_S=2 hardcoded internally: @ CMakeLists.txt line 134 : add_definitions("-D_FORTIFY_SOURCE=2") @ & build.ninja (generated command) that flag should be stripped so _F_S=3 can take effect from the gcc spec profile without conflict.
Created attachment 864560 [details] i2pd build.log FORTIFY_SOURCE redefined
Please also attach emerge --info with the build log. This was happening for i2pd 2.46.1 with GCC 12. Does this happen for the current version?
yes this still happens with stable net-vpn/i2pd-2.52.0 as of August 18, 2024. this also still happens with testing net-vpn/i2pd-2.53.1 as of today as well. so it should be very easy to reproduce under any hardened profile gentoo system. [1/84] /usr/bin/x86_64-pc-linux-gnu-g++ -DBOOST_ATOMIC_DYN_LINK -DBOOST_DATE_TIME_DYN_LINK -DBOOST_FILESYSTEM_DYN_LINK -DBOOST_PROGRAM_OPTIONS_DYN_LINK -DBOOST_REGEX_DYN_LINK -DBOOST_SYSTEM_DYN_LINK -DOPENSSL_SUPPRESS_DEPRECATED -D_FORTIFY_SOURCE=2 -D_GLIBCXX_USE_NANOSLEEP=1 -D__AES__ -Dlibi2pd_EXPORTS -I/var/tmp/portage/net-vpn/i2pd-2.53.1/work/i2pd-2.53.1/build/../libi2pd -I/var/tmp/portage/net-vpn/i2pd-2.53.1/work/i2pd-2.53.1/build/../libi2pd_client -I/var/tmp/portage/net-vpn/i2pd-2.53.1/work/i2pd-2.53.1/build/../i18n -I/var/tmp/portage/net-vpn/i2pd-2.53.1/work/i2pd-2.53.1/build/../daemon -O2 -pipe -march=x86-64-v2 -fdiagnostics-color=always -Wall -Wextra -Winvalid-pch -Wno-unused-parameter -Wno-uninitialized -std=c++17 -pipe -Wformat -Wformat-security -Werror=format-security -fstack-protector --param ssp-buffer-size=4 -maes -fPIC -fPIC -fdiagnostics-color=always -MD -MT CMakeFiles/libi2pd.dir/var/tmp/portage/net-vpn/i2pd-2.53.1/work/i2pd-2.53.1/libi2pd/Base.cpp.o -MF CMakeFiles/libi2pd.dir/var/tmp/portage/net-vpn/i2pd-2.53.1/work/i2pd-2.53.1/libi2pd/Base.cpp.o.d -o CMakeFiles/libi2pd.dir/var/tmp/portage/net-vpn/i2pd-2.53.1/work/i2pd-2.53.1/libi2pd/Base.cpp.o -c /var/tmp/portage/net-vpn/i2pd-2.53.1/work/i2pd-2.53.1/libi2pd/Base.cpp <command-line>: warning: "_FORTIFY_SOURCE" redefined <built-in>: note: this is the location of the previous definition
Created attachment 900597 [details] emerge --info of my system i2pd 2.52.0 & 2.53.1 compile fine here
(In reply to Filip Kobierski from comment #4) Did you try grepping for _FORTIFY_SOURCE or look for the warning in the log? It's clearly still there.
if(WITH_HARDENING) add_definitions("-D_FORTIFY_SOURCE=2") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wformat -Wformat-security -Werror=format-security") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector --param ssp-buffer-size=4") endif() if(WITH_HARDENING AND CMAKE_CXX_COMPILER_ID STREQUAL "GNU") set_target_properties("${PROJECT_NAME}" PROPERTIES LINK_FLAGS "-z relro -z now") endif() We should simply never ever set this.
In gentoo-historical, commit 4af95be36ca13b36a87ccb67d20882b0368fb74e Author: Anthony G. Basile <blueness@gentoo.org> AuthorDate: Thu Jan 8 17:44:46 2015 Commit: Anthony G. Basile <blueness@gentoo.org> CommitDate: Thu Jan 8 17:44:46 2015 Initial commit to gentoo tree, copied from klondike's overlay (Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key 0xF52D4BBA) This version already contained the USE=i2p-hardening and it has remained there ever since -- even though the USE flag duplicates existing efforts, provides no value, and even overrides the hardening profile.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a48dc95507286b1c1866f152d399fdee0499d8d8 commit a48dc95507286b1c1866f152d399fdee0499d8d8 Author: Filip Kobierski <fkobi@pm.me> AuthorDate: 2024-08-18 22:24:11 +0000 Commit: Eli Schwartz <eschwartz@gentoo.org> CommitDate: 2024-08-25 20:23:18 +0000 net-vpn/i2pd: drop i2p-hardening USE flag Sam James and Eli Schwartz suggested that it should be done: "[the hardening] matches the defaults or makes them worse" No revbump as it was turned off by default. Closes: https://bugs.gentoo.org/909080 Signed-off-by: Filip Kobierski <fkobi@pm.me> Closes: https://github.com/gentoo/gentoo/pull/38193 Signed-off-by: Eli Schwartz <eschwartz@gentoo.org> net-vpn/i2pd/i2pd-2.52.0.ebuild | 10 ++-------- net-vpn/i2pd/i2pd-2.53.1.ebuild | 10 ++-------- net-vpn/i2pd/metadata.xml | 5 ----- 3 files changed, 4 insertions(+), 21 deletions(-)
