sox: disable SSP when using MIPS Codescape toolchains

MIPS Codescape toolchains don't support stack-smashing protection
despite of using glibc, therefore we see failures like this one:

mips-img-linux-gnu/bin/ld: cannot find -lssp

Fixes:
  http://autobuild.buildroot.net/results/957/95721f7b88c46a20202fb02e408817097df965c3/

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
---
 package/sox/sox.mk | 6 ++++++
 1 file changed, 6 insertions(+)

Vicente,

On Mon, 29 Feb 2016 16:39:42 +0000, Vicente Olivert Riera wrote:

> diff --git a/package/sox/sox.mk b/package/sox/sox.mk
> index f4d1608..61f5220 100644
> --- a/package/sox/sox.mk
> +++ b/package/sox/sox.mk
> @@ -13,6 +13,12 @@ SOX_CONF_OPTS = --with-distro="Buildroot" --without-ffmpeg --disable-gomp \
>  SOX_LICENSE = GPLv2+ (sox binary), LGPLv2.1+ (libraries)
>  SOX_LICENSE_FILES = LICENSE.GPL LICENSE.LGPL
>  
> +# MIPS Codescape toolchains don't support stack-smashing protection
> +# despite of using glibc.
> +ifeq ($(BR2_TOOLCHAIN_EXTERNAL_CODESCAPE_IMG_MIPS)$(BR2_TOOLCHAIN_EXTERNAL_CODESCAPE_MTI_MIPS),y)
> +SOX_CONF_OPTS += --disable-stack-protector
> +endif

Shouldn't we instead change BR2_TOOLCHAIN_HAS_SSP so that it is defined
to false for those toolchains? This way:

 1/ The existing BR2_TOOLCHAIN_HAS_SSP tests would do the right thing
    for the Codescape toolchains.

 2/ The additional test you are adding would also be useful for other
    non-SSP capable toolchains.

That being said, we're very close to 2016.02, so I'm not sure this will
get into 2016.02. If the folks releasing the Codescape toolchain
release soon a version which has a properly working SSP implementation,
then we could simply forget about this problem until they make this
release. If of course such a new toolchain version is not planned in
the near future, we would need to fix the problem.

Best regards,

Thomas

Hi Thomas,

On 29/02/16 16:51, Thomas Petazzoni wrote:
> Vicente,
> 
> On Mon, 29 Feb 2016 16:39:42 +0000, Vicente Olivert Riera wrote:
> 
>> diff --git a/package/sox/sox.mk b/package/sox/sox.mk
>> index f4d1608..61f5220 100644
>> --- a/package/sox/sox.mk
>> +++ b/package/sox/sox.mk
>> @@ -13,6 +13,12 @@ SOX_CONF_OPTS = --with-distro="Buildroot" --without-ffmpeg --disable-gomp \
>>  SOX_LICENSE = GPLv2+ (sox binary), LGPLv2.1+ (libraries)
>>  SOX_LICENSE_FILES = LICENSE.GPL LICENSE.LGPL
>>  
>> +# MIPS Codescape toolchains don't support stack-smashing protection
>> +# despite of using glibc.
>> +ifeq ($(BR2_TOOLCHAIN_EXTERNAL_CODESCAPE_IMG_MIPS)$(BR2_TOOLCHAIN_EXTERNAL_CODESCAPE_MTI_MIPS),y)
>> +SOX_CONF_OPTS += --disable-stack-protector
>> +endif
> 
> Shouldn't we instead change BR2_TOOLCHAIN_HAS_SSP so that it is defined
> to false for those toolchains?

Uhm..., how would you do that? BR2_TOOLCHAIN_HAS_SSP is selected by
BR2_TOOLCHAIN_USES_GLIBC. We would need to do changes in the toolchain
infra in order to not define it in that place, and define it
individually for every toolchain. Is that what you mean?

Regards,

Vincent.

> This way:
> 
>  1/ The existing BR2_TOOLCHAIN_HAS_SSP tests would do the right thing
>     for the Codescape toolchains.
> 
>  2/ The additional test you are adding would also be useful for other
>     non-SSP capable toolchains.
> 
> That being said, we're very close to 2016.02, so I'm not sure this will
> get into 2016.02. If the folks releasing the Codescape toolchain
> release soon a version which has a properly working SSP implementation,
> then we could simply forget about this problem until they make this
> release. If of course such a new toolchain version is not planned in
> the near future, we would need to fix the problem.
> 
> Best regards,
> 
> Thomas
>

Hello,

On Mon, 29 Feb 2016 17:00:56 +0000, Vicente Olivert Riera wrote:

> Uhm..., how would you do that? BR2_TOOLCHAIN_HAS_SSP is selected by
> BR2_TOOLCHAIN_USES_GLIBC. We would need to do changes in the toolchain
> infra in order to not define it in that place, and define it
> individually for every toolchain. Is that what you mean?

Yes, this is what I mean. It is indeed more work, but looks cleaner IMO.

Thomas

>>>>> "Vicente" == Vicente Olivert Riera <Vincent.Riera@imgtec.com> writes:

 > MIPS Codescape toolchains don't support stack-smashing protection
 > despite of using glibc, therefore we see failures like this one:

 > mips-img-linux-gnu/bin/ld: cannot find -lssp

 > Fixes:
 >   http://autobuild.buildroot.net/results/957/95721f7b88c46a20202fb02e408817097df965c3/

 > Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
 > ---
 >  package/sox/sox.mk | 6 ++++++
 >  1 file changed, 6 insertions(+)

 > diff --git a/package/sox/sox.mk b/package/sox/sox.mk
 > index f4d1608..61f5220 100644
 > --- a/package/sox/sox.mk
 > +++ b/package/sox/sox.mk
 > @@ -13,6 +13,12 @@ SOX_CONF_OPTS = --with-distro="Buildroot" --without-ffmpeg --disable-gomp \
 >  SOX_LICENSE = GPLv2+ (sox binary), LGPLv2.1+ (libraries)
 >  SOX_LICENSE_FILES = LICENSE.GPL LICENSE.LGPL
 
 > +# MIPS Codescape toolchains don't support stack-smashing protection
 > +# despite of using glibc.
 > +ifeq ($(BR2_TOOLCHAIN_EXTERNAL_CODESCAPE_IMG_MIPS)$(BR2_TOOLCHAIN_EXTERNAL_CODESCAPE_MTI_MIPS),y)
 > +SOX_CONF_OPTS += --disable-stack-protector
 > +endif

Committed, thanks (for 2016.02). Please consider generalizing it like
Thomas suggested for the 2016.05 cycle.

Hi Peter,

On 01/03/16 10:32, Peter Korsgaard wrote:
>>>>>> "Vicente" == Vicente Olivert Riera <Vincent.Riera@imgtec.com> writes:
> 
>  > MIPS Codescape toolchains don't support stack-smashing protection
>  > despite of using glibc, therefore we see failures like this one:
> 
>  > mips-img-linux-gnu/bin/ld: cannot find -lssp
> 
>  > Fixes:
>  >   http://autobuild.buildroot.net/results/957/95721f7b88c46a20202fb02e408817097df965c3/
> 
>  > Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
>  > ---
>  >  package/sox/sox.mk | 6 ++++++
>  >  1 file changed, 6 insertions(+)
> 
>  > diff --git a/package/sox/sox.mk b/package/sox/sox.mk
>  > index f4d1608..61f5220 100644
>  > --- a/package/sox/sox.mk
>  > +++ b/package/sox/sox.mk
>  > @@ -13,6 +13,12 @@ SOX_CONF_OPTS = --with-distro="Buildroot" --without-ffmpeg --disable-gomp \
>  >  SOX_LICENSE = GPLv2+ (sox binary), LGPLv2.1+ (libraries)
>  >  SOX_LICENSE_FILES = LICENSE.GPL LICENSE.LGPL
>  
>  > +# MIPS Codescape toolchains don't support stack-smashing protection
>  > +# despite of using glibc.
>  > +ifeq ($(BR2_TOOLCHAIN_EXTERNAL_CODESCAPE_IMG_MIPS)$(BR2_TOOLCHAIN_EXTERNAL_CODESCAPE_MTI_MIPS),y)
>  > +SOX_CONF_OPTS += --disable-stack-protector
>  > +endif
> 
> Committed, thanks (for 2016.02). Please consider generalizing it like
> Thomas suggested for the 2016.05 cycle.
> 

Sure, I will do it.

Thanks,

Vincent.

>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@free-electrons.com> writes:

 > Hello,
 > On Mon, 29 Feb 2016 17:00:56 +0000, Vicente Olivert Riera wrote:

 >> Uhm..., how would you do that? BR2_TOOLCHAIN_HAS_SSP is selected by
 >> BR2_TOOLCHAIN_USES_GLIBC. We would need to do changes in the toolchain
 >> infra in order to not define it in that place, and define it
 >> individually for every toolchain. Is that what you mean?

 > Yes, this is what I mean. It is indeed more work, but looks cleaner IMO.

Agreed. This kind of toolchains are probably quite rare. If we want to
keep the number of changes to a minimum we could perhaps handle them
using a negative symbol:

config BR2_TOOLCHAIN_WITHOUT_SSP
       bool

..

config BR2_TOOLCHAIN_USES_GLIBC
       ..
       select BR2_TOOLCHAIN_HAS_SSP if !BR2_TOOLCHAIN_WITHOUT_SSP


And then select BR2_TOOLCHAIN_WITHOUT_SSP from the affected external
toolchains.

But it's quite ugly.