GCL is unable to build with a randomized sbrk, so during the configure step, it attempts to check for this condition and confirm that it can be worked around using personality(). Unfortunately, the configure check for the presence of personality(ADDR_NO_RANDOMIZE) is buggy, and fails to compile with -O2 with hardened gcc. The actual code being compiled by the configure script is: int main(int argc,char *argv[],char *envp[]) { #include "h/unrandomize.h" return 0;} Among other things, the h/unrandomize.h file contains a #include <unistd.h>. It is a syntax error (at least in C99) to #include a standard header inside of a function definition, and gcc rightly refuses to compile this test. Reproducible: Always Steps to Reproduce: 1. Compile a hardened kernel and hardened gcc. 2. Try to emerge gcl from portage or from the latest lisp overlap. 3. Actual Results: checking for ADDR_NO_RANDOMIZE constant... yes, 40000 checking for personality(ADDR_NO_RANDOMIZE) support... no checking that sbrk is (now) non-random... no Cannot build with randomized sbrk. Your options: - upgrade to a kernel/libc that knows about personality(ADDR_NO_RANDOMIZE) - recompile your kernel with CONFIG_COMPAT_BRK (if it has that option) - run sysctl kernel.randomize_va_space=0 before using gcl Expected Results: gcl will compile. According to this RedHat bugzilla entry, the problem is only triggered when gcc is given both -O (or higher) and -D_FORTIFY_SOURCE. With hardened gcc, I believe, FORTIFY_SOURCE is always active, so just having "safe" CFLAGS that includes -O or -O2 will trigger the bug. https://bugzilla.redhat.com/show_bug.cgi?id=469866
Please post your emerge --info (always when filing bugs).
I may be a dupe of #132873. We need more info Can you poste the build.log too?
(In reply to comment #1) > Please post your emerge --info (always when filing bugs). > Sorry. Forgot :) Portage 2.2_rc33 (default/linux/amd64/2008.0, gcc-4.3.3, glibc-2.10.1-r0, 2.6.29-gentoo-r1 x86_64) ================================================================= System uname: Linux-2.6.29-gentoo-r1-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T6400_@_2.00GHz-with-gentoo-2.0.1 Timestamp of tree: Fri, 24 Jul 2009 14:45:01 +0000 app-shells/bash: 4.0_p24 dev-java/java-config: 2.1.8-r1 dev-lang/python: 2.5.4-r2, 2.6.2-r1 dev-util/cmake: 2.6.4 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.4.3-r3 sys-apps/sandbox: 2.0 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.5, 1.8.5-r3, 1.9.6-r2, 1.10.2, 1.11 sys-devel/binutils: 2.19.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.30 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -fomit-frame-pointer -march=core2" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -pipe -fomit-frame-pointer -march=core2" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages metadata-transfer parallel-fetch preserve-libs protect-owned sandbox sfperms strict test unmerge-orphans userfetch userpriv usersandbox usersync" GENTOO_MIRRORS="http://www.gtlib.gatech.edu/pub/gentoo http://open-systems.ufl.edu/mirrors/gentoo" LDFLAGS="-Wl,-O1" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/sunrise /usr/local/portage/layman/kutulu /usr/local/portage/layman/x11 /usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="X acl acpi alsa amd64 automount avahi bash-completion branding bzip2 cairo cdr cli consolekit cracklib crypt css cups dbus dell dri dvd ffmpeg firefox flac gdbm gnome gpm gstreamer gtk gtk2 hal iconv isdnlog java java6 jpeg laptop lm_sensors midi mmx mono mp3 mudflap multilib nautilus ncurses nls nptl nptlonly nsplugin offensive ogg opengl openmp pam pcre perl png pppd python readline reflection samba session spl sse sse2 ssl sysfs tcpd threads tiff unicode vim-syntax xml xorg xulrunner zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev synaptics" KERNEL="linux" USERLAND="GNU" VIDEO_CARDS="intel" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
(In reply to comment #2) > I may be a dupe of #132873. We need more info > Can you poste the build.log too? > Actually I think it's a bug in the *fix* for #132873, as my build output has the new configure messages. A build.log is attached. Also, there's a patch posted to Debian's bug tracker that they've applied to their build of gcl that fixes the problem: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494153 It patches configure.in, though, so I'm not sure that's the preferred way for Gentoo to handle this kind of problem.
Created attachment 199032 [details] build.log from failed build
(In reply to comment #4) > > Actually I think it's a bug in the *fix* for #132873, as my build output has > the new configure messages. A build.log is attached. > Thank you for the build log. It can't be that because no hardened patches have been included in the package. > Also, there's a patch posted to Debian's bug tracker that they've applied to > their build of gcl that fixes the problem: > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494153 > > It patches configure.in, though, so I'm not sure that's the preferred way for > Gentoo to handle this kind of problem. > That patch looks about right to me, thank you for taking the time to investigate. Yes, patching configure.in is the right place - we then make the ebuild run autoreconf, libtool, autoheader, etc. as necessary (via eautoreconf). I suspect the common-lisp herd will be along to test it out.
RESOLVED WONTFIX. This package is masked for many months. We may make an attempt to revive it, but not in the near future. You're free to reopen if you want. But as Marijn says: # Marijn Schouten <hkBst at gentoo dot org> (29 Jul 2009) # Masked for increasingly many problems. Upstream is flaky and hasn't released since 2005. # Maxima is the only consumer and can be built with sbcl or clisp. # Hopefully upstream will do a release that we can add to revive this package. dev-lisp/gcl