Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 656106

Summary: dev-libs/libressl-2.6.4 - configure:12683: WARNING: compiler does not appear to support stack protection
Product: Gentoo Linux Reporter: Jeroen Roovers (RETIRED) <jer>
Component: Current packagesAssignee: Gentoo LibreSSL <libressl>
Status: RESOLVED WONTFIX    
Severity: normal CC: esigra
Priority: Normal Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 260867    
Attachments: libressl-2.6.4-.hppa-config.log

Description Jeroen Roovers (RETIRED) gentoo-dev 2018-05-19 08:54:53 UTC
Created attachment 532208 [details]
libressl-2.6.4-.hppa-config.log

configure:12418: checking if hppa2.0-unknown-linux-gnu-gcc supports "-D_FORTIFY_SOURCE=2"
configure:12435: /var/tmp/portage/dev-libs/libressl-2.6.4/work/libressl-2.6.4/scripts/wrap-compiler-for-flag-check hppa2.0-unknown-linux-gnu-gcc -o conftest -D_FORTIFY_SOURCE=2 -Wall -Werror  -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,--no-keep-memory conftest.c  >&5
<command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
<built-in>: note: this is the location of the previous definition
In file included from /usr/include/bits/libc-header-start.h:33:0,
                 from /usr/include/stdio.h:27,
                 from conftest.c:24:
/usr/include/features.h:376:4: error: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]
 #  warning _FORTIFY_SOURCE requires compiling with optimization (-O)
    ^~~~~~~
cc1: all warnings being treated as errors
configure:12435: $? = 1
configure: failed program was:
...

configure:12680: result: no
configure:12683: WARNING: compiler does not appear to support stack protection


This is caused by 

m4/check-hardening-options.m4:   CFLAGS="$1 -Wall -Werror"
m4/check-hardening-options.m4:   LDFLAGS="$1 -Wall -Werror"

which is entirely the wrong way to discover compiler features.