| Summary: | Glibc should filter -D_FORTIFY_SOURCE in ebuild | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Vladimir Lushnikov <vladimir> |
| Component: | Hardened | Assignee: | The Gentoo Linux Hardened Team <hardened> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | minor | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
*** This bug has been marked as a duplicate of bug 168260 *** Ah, thanks for that. Didn't come up in my search. :) |
When Glibc (2.6.x here, but it will fail on others as well) is compiled with -D_FORTIFY_SOURCE=2 in CFLAGS, it fails compilation on string/memmove.c. With glibc 2.6.1, like this: i686-pc-linux-gnu-gcc ../sysdeps/i386/i686/ffs.c -c -std=gnu99 -fgnu89-inline -D_FORTIFY_SOURCE=2 -O2 -Wall -Winline -Wno-error -Wwrite-strings -fmerge-all-constants -fno-stack-protector -fno-strict-aliasing -march=native -pipe -Wstrict-prototypes -mpreferred-stack-boundary=2 -I../include -I/var/tmp/portage/sys-libs/glibc-2.6.1/work/build-default-i686-pc-linux-gnu-nptl/string -I/var/tmp/portage/sys-libs/glibc-2.6.1/work/build-default-i686-pc-linux-gnu-nptl -I../sysdeps/i386/elf -I../nptl/sysdeps/unix/sysv/linux/i386/i686 -I../nptl/sysdeps/unix/sysv/linux/i386 -I../sysdeps/unix/sysv/linux/i386 -I../nptl/sysdeps/unix/sysv/linux -I../nptl/sysdeps/pthread -I../sysdeps/pthread -I../ports/sysdeps/unix/sysv/linux -I../sysdeps/unix/sysv/linux -I../sysdeps/gnu -I../sysdeps/unix/common -I../sysdeps/unix/mman -I../sysdeps/unix/inet -I../ports/sysdeps/unix/sysv/i386 -I../sysdeps/unix/sysv/i386 -I../nptl/sysdeps/unix/sysv -I../ports/sysdeps/unix/sysv -I../sysdeps/unix/sysv -I../sysdeps/unix/i386 -I../nptl/sysdeps/unix -I../ports/sysdeps/unix -I../sysdeps/unix -I../sysdeps/posix -I../sysdeps/i386/i686/fpu -I../nptl/sysdeps/i386/i686 -I../sysdeps/i386/i686 -I../sysdeps/i386/i486 -I../nptl/sysdeps/i386/i486 -I../sysdeps/i386/fpu -I../nptl/sysdeps/i386 -I../sysdeps/i386 -I../sysdeps/wordsize-32 -I../sysdeps/ieee754/ldbl-96 -I../sysdeps/ieee754/dbl-64 -I../sysdeps/ieee754/flt-32 -I../sysdeps/ieee754 -I../sysdeps/generic/elf -I../sysdeps/generic -I../nptl -I../ports -I.. -I../libio -I. -nostdinc -isystem /usr/lib/gcc/i686-pc-linux-gnu/4.2.1/include -isystem /usr/lib/gcc/i686-pc-linux-gnu/4.2.1/include-fixed -isystem /usr/include -D_LIBC_REENTRANT -include ../include/libc-symbols.h -DPIC -DPIC -o /var/tmp/portage/sys-libs/glibc-2.6.1/work/build-default-i686-pc-linux-gnu-nptl/string/ffs.o -MD -MP -MF /var/tmp/portage/sys-libs/glibc-2.6.1/work/build-default-i686-pc-linux-gnu-nptl/string/ffs.o.dt -MT /var/tmp/portage/sys-libs/glibc-2.6.1/work/build-default-i686-pc-linux-gnu-nptl/string/ffs.o bcopy.c:21:1: warning: "memmove" redefined In file included from ../include/bits/string3.h:1, from ../string/string.h:428, from ../include/string.h:49, from bcopy.c:19: ../string/bits/string3.h:55:1: warning: this is the location of the previous definition In file included from bcopy.c:29: ./memmove.c:42: error: expected identifier or '(' before 'void' ./memmove.c:42: error: expected ')' before '(' token ./memmove.c:46: error: expected identifier or '(' before '{' token make[2]: *** [/var/tmp/portage/sys-libs/glibc-2.6.1/work/build-default-i686-pc-linux-gnu-nptl/string/bcopy.o] Error 1 make[2]: *** Waiting for unfinished jobs.... make[2]: Leaving directory `/var/tmp/portage/sys-libs/glibc-2.6.1/work/glibc-2.6.1/string' make[1]: *** [string/subdir_lib] Error 2 make[1]: Leaving directory `/var/tmp/portage/sys-libs/glibc-2.6.1/work/glibc-2.6.1' make: *** [all] Error 2 * * ERROR: sys-libs/glibc-2.6.1 failed. * Call stack: * ebuild.sh, line 1648: Called dyn_compile * ebuild.sh, line 988: Called qa_call 'src_compile' * ebuild.sh, line 44: Called src_compile * glibc-2.6.1.ebuild, line 1192: Called toolchain-glibc_src_compile * glibc-2.6.1.ebuild, line 278: Called die * * make for default failed * If you need support, post the topmost build error, and the call stack if relevant. * A complete build log is located at '/var/tmp/portage/sys-libs/glibc-2.6.1/temp/build.log'. * I know new gcc and glibc are unsupported officially, but please consider filtering -D_FORTIFY_SOURCE from the ebuild - for much the same reasons as filtering ssp in glibc ebuild - compilation will fail Reproducible: Always Steps to Reproduce: 1. Add -D_FORTIFY_SOURCE=2 to CFLAGS 2. emerge glibc 3. Watch it fail :)