Bug 325849

Summary:	dev-lang/spidermonkey-1.7.0 fails to compile with hardened GCC 4.4.3
Product:	Gentoo Linux	Reporter:	Krzysztof Nowicki <krissn>
Component:	Hardened	Assignee:	The Gentoo Linux Hardened Team <hardened>
Status:	RESOLVED OBSOLETE
Severity:	normal	CC:	aballier, anton.kochkov, binki, bugs+gentoo, esigra, torinthiel, wyatt
Priority:	High
Version:	unspecified
Hardware:	x86
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:	326285, 347914
Bug Blocks:	306835
Attachments:	Change $(LD) to $(CC) Change ld to gcc files/spidermonkey-1.7.0-no-ld.patch multilib-portage.build.log

Description Krzysztof Nowicki 2010-06-27 16:51:26 UTC

As it says in the subject, dev-lang/spidermonkey-1.7.0 fails to compile with hardened sys-devel/gcc-4.4.3-r3 with PIE + SSP. The error is:

i686-pc-linux-gnu-ld -shared  -soname libjs.so -o Linux_All_OPT.OBJ/libjs.so Linux_All_OPT.OBJ/jsapi.lo Linux_All_OPT.OBJ/jsarena.lo Linux_All_OPT.OBJ/jsarray.lo Linux_All_OPT.OBJ/jsatom.lo Linux_All_OPT.OBJ/jsbool.lo Linux_All_OPT.OBJ/jscntxt.lo Linux_All_OPT.OBJ/jsdate.lo Linux_All_OPT.OBJ/jsdbgapi.lo Linux_All_OPT.OBJ/jsdhash.lo Linux_All_OPT.OBJ/jsdtoa.lo Linux_All_OPT.OBJ/jsemit.lo Linux_All_OPT.OBJ/jsexn.lo Linux_All_OPT.OBJ/jsfun.lo Linux_All_OPT.OBJ/jsgc.lo Linux_All_OPT.OBJ/jshash.lo Linux_All_OPT.OBJ/jsinterp.lo Linux_All_OPT.OBJ/jsiter.lo Linux_All_OPT.OBJ/jslock.lo Linux_All_OPT.OBJ/jslog2.lo Linux_All_OPT.OBJ/jslong.lo Linux_All_OPT.OBJ/jsmath.lo Linux_All_OPT.OBJ/jsnum.lo Linux_All_OPT.OBJ/jsobj.lo Linux_All_OPT.OBJ/jsopcode.lo Linux_All_OPT.OBJ/jsparse.lo Linux_All_OPT.OBJ/jsprf.lo Linux_All_OPT.OBJ/jsregexp.lo Linux_All_OPT.OBJ/jsscan.lo Linux_All_OPT.OBJ/jsscope.lo Linux_All_OPT.OBJ/jsscript.lo Linux_All_OPT.OBJ/jsstr.lo Linux_All_OPT.OBJ/jsutil.lo Linux_All_OPT.OBJ/jsxdrapi.lo Linux_All_OPT.OBJ/jsxml.lo Linux_All_OPT.OBJ/prmjtime.lo  -lm 
Linux_All_OPT.OBJ/jsapi.lo: In function `JS_GetNaNValue':
jsapi.c:(.text+0x2d): undefined reference to `__stack_chk_fail_local'
Linux_All_OPT.OBJ/jsapi.lo: In function `JS_GetNegativeInfinityValue':
jsapi.c:(.text+0x60): undefined reference to `__stack_chk_fail_local'
Linux_All_OPT.OBJ/jsapi.lo: In function `JS_GetPositiveInfinityValue':
jsapi.c:(.text+0x93): undefined reference to `__stack_chk_fail_local'
Linux_All_OPT.OBJ/jsapi.lo: In function `JS_GetEmptyStringValue':
jsapi.c:(.text+0xc6): undefined reference to `__stack_chk_fail_local'
Linux_All_OPT.OBJ/jsapi.lo: In function `JS_TypeOfValue':
jsapi.c:(.text+0x1a9): undefined reference to `__stack_chk_fail_local'
Linux_All_OPT.OBJ/jsapi.lo:jsapi.c:(.text+0x1ee): more undefined references to `__stack_chk_fail_local' follow
i686-pc-linux-gnu-ld: Linux_All_OPT.OBJ/libjs.so: hidden symbol `__stack_chk_fail_local' isn't defined
i686-pc-linux-gnu-ld: final link failed: Nonrepresentable section on output
make[1]: *** [Linux_All_OPT.OBJ/libjs.so] Błąd 1
make[1]: Opuszczenie katalogu `/var/tmp/portage/dev-lang/spidermonkey-1.7.0/work/js/src'
make: *** [all] Błąd 2
 * ERROR: dev-lang/spidermonkey-1.7.0 failed:
 *   emake without threadsafe enabled failed
 * 
 * Call stack:
 *     ebuild.sh, line  54:  Called src_compile
 *   environment, line 2252:  Called die
 * The specific snippet of code:
 *           emake -j1 -f Makefile.ref LIBDIR="$(get_libdir)" || die "emake without threadsafe enabled failed";
 * 
 * If you need support, post the output of 'emerge --info =dev-lang/spidermonkey-1.7.0',
 * the complete build log and the output of 'emerge -pqv =dev-lang/spidermonkey-1.7.0'.
 * The complete build log is located at '/var/tmp/portage/dev-lang/spidermonkey-1.7.0/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/dev-lang/spidermonkey-1.7.0/temp/environment'.
 * S: '/var/tmp/portage/dev-lang/spidermonkey-1.7.0/work/js/src'

Comment 1 Krzysztof Nowicki 2010-06-27 16:52:22 UTC

# emerge --info =dev-lang/spidermonkey-1.7.0
Portage 2.1.8.3 (selinux/v2refpolicy/x86/hardened, gcc-4.4.3, glibc-2.11.1-r0, 2.6.29-hardened i686)
=================================================================
                        System Settings
=================================================================
System uname: Linux-2.6.29-hardened-i686-VIA_Eden_Processor_1200MHz-with-gentoo-1.12.13
Timestamp of tree: Sat, 26 Jun 2010 18:00:01 +0000
app-shells/bash:     4.0_p37
dev-java/java-config: 1.3.7-r1, 2.1.8-r1
dev-lang/python:     2.6.5-r2
sys-apps/baselayout: 1.12.13
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.63-r1
sys-devel/automake:  1.4_p6, 1.9.6-r2, 1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc:       3.4.6-r2, 4.3.4, 4.4.3-r3
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA @FSF-APPROVED dlj-1.1"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=i686 -O2 -pipe -fforce-addr -mmmx -msse -msse2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=i686 -O2 -pipe -fforce-addr -mmmx -msse -msse2"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests distlocks fixpackages loadpolicy news parallel-fetch protect-owned sandbox selinux sesandbox sfperms strict unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LC_ALL="pl_PL.UTF-8"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_COMPRESS="lzma"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="7zip apache2 bash-completion bashlogger berkdb bzip2 caps cli cracklib crypt cxx dri ftp gd hardened iconv imap ipv6 json kerberos lzma mhash mmx mmxext modules mudflap mysql ncurses nls openmp pam pcre perl php pic posix pppd python readline reflection samba selinux session sftp slang spl sse sse2 ssl sysvipc tcpd threads truetype unicode x86 xml xorg xsl zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers identimagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa via vmware voodoo" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LINGUAS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

=================================================================
                        Package Settings
=================================================================

dev-lang/spidermonkey-1.7.0 was built with the following:
USE="(selinux) -threadsafe" 
LDFLAGS=""

>>> Attempting to run pkg_info() for 'dev-lang/spidermonkey-1.7.0'
 * pkg_info() is not defined: 'spidermonkey-1.7.0.ebuild'

Comment 2 Magnus Granberg gentoo-dev

2010-06-27 21:50:13 UTC

Do the dev-lang/spidermonkey-1.7.0-r1 fail the same way?

Comment 3 Krzysztof Nowicki 2010-06-28 04:22:57 UTC

(In reply to comment #2)
> Do the dev-lang/spidermonkey-1.7.0-r1 fail the same way?
> 

Yes, dev-lang/spidermonkey-1.7.0-r1 fails with exactly the same error.

Comment 4 Magnus Granberg gentoo-dev

2010-06-28 23:56:50 UTC

Created attachment 236867 [details, diff]
Change $(LD) to $(CC)

We use gcc instead of calling ld direct.

Comment 5 Alexis Ballier gentoo-dev

2010-06-29 15:09:50 UTC

First, why do you use -Xlinker instead of the more standard -Wl,-soname ?

Secondly, if I understand it correctly, having ssp by default on hardened completely removes the ability not to link to the libc, right ? Why not fixing the linker to link to libc_nonshared.a by default instead ? As I understand it, it is *always* needed with the hardened toolchain...

Comment 6 Magnus Granberg gentoo-dev

2010-07-01 02:26:21 UTC

Created attachment 237101 [details, diff]
Change ld to gcc

New patch

Comment 7 Wyatt Draggoo 2010-10-19 17:25:01 UTC

I'm a little confused here. At this point I'm used to adding --keep-going to my emerge updates because of this, but there's been a patch available for over three months. Is there a reason why hasn't it made it into portage yet?

Comment 8 Jory A. Pratt gentoo-dev

2010-12-06 17:32:09 UTC

(In reply to comment #7)
> I'm a little confused here. At this point I'm used to adding --keep-going to my
> emerge updates because of this, but there's been a patch available for over
> three months. Is there a reason why hasn't it made it into portage yet?
> 

This will be fixed soon as the update is made which we have a current bug for now.

Comment 9 Jory A. Pratt gentoo-dev

2011-01-01 19:56:51 UTC

1.9.2.13 is no in the tree and works fine for hardened.

Comment 10 Nathan Phillip Brink (binki) (RETIRED) gentoo-dev

2011-01-11 03:09:31 UTC

Created attachment 259514 [details]
files/spidermonkey-1.7.0-no-ld.patch

Fixes compilation issue described in this bug, fixes missing $(LDFLAGS), and fixes missing $(CLFAGS) (which causes a compilation error for portage-multilib folk).

Comment 11 Nathan Phillip Brink (binki) (RETIRED) gentoo-dev

2011-01-11 03:18:44 UTC

Created attachment 259515 [details]
multilib-portage.build.log

The patch fixes build problems not just for hardened but also for portage-multilib users.

May someone update the bug summary to reflect this?

Comment 12 Nathan Phillip Brink (binki) (RETIRED) gentoo-dev

2011-01-11 04:50:59 UTC

(In reply to comment #9)
> 1.9.2.13 is no in the tree and works fine for hardened.

This version works fine for multilib-portage users too, but elinks's dependency metadata specifies <=dev-lang/spidermonkey-1.9 -- thus, this fix should be applied to the spidermonkey-1.7.0 series so that elinks can be installed.

Comment 13 SpanKY gentoo-dev

2012-10-07 06:39:01 UTC

*** Bug 407613 has been marked as a duplicate of this bug. ***

Comment 14 Ian Stakenvicius (RETIRED) gentoo-dev

2013-08-29 20:31:00 UTC

Is this bug relevant any longer?  I know the patch hasn't been applied but I believe all other packages in the tree either embed their own spidermonkey or will work with 1.8.5