mmc-utils: Rely on our own _FORTIFY_SOURCE

Message ID 48287dd12fcef0440cc49ff86343867d6cb8429e.1533656185.git.jan.kundrat@cesnet.cz
State Changes Requested
Headers show
Series
  • mmc-utils: Rely on our own _FORTIFY_SOURCE
Related show

Commit Message

Jan Kundrát Aug. 7, 2018, 3:32 p.m.
Upstream always forced _FORTIFY_SOURCE=2. At first, I tried changing
their flags to undefine that macro first, but that did not work well.
This patch ensures that the package always respects our toolchain
settings, even in cases where we are not fortifying the build.

This fixes a build failure where the mmc-utils package failed to build
with, e.g., BR2_FORTIFY_SOURCE_1:

  <command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
  <command-line>:0:0: note: this is the location of the previous definition

Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
---
 ...on-the-build-env-for-_FORTIFY_SOURCE.patch | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 package/mmc-utils/0001-Rely-on-the-build-env-for-_FORTIFY_SOURCE.patch

Comments

Jan Kundrát Aug. 8, 2018, 7:25 a.m. | #1
On úterý 7. srpna 2018 17:32:51 CEST, Jan Kundrát wrote:
> Upstream always forced _FORTIFY_SOURCE=2. At first, I tried changing
> their flags to undefine that macro first, but that did not work well.
> This patch ensures that the package always respects our toolchain
> settings, even in cases where we are not fortifying the build.
>
> This fixes a build failure where the mmc-utils package failed to build
> with, e.g., BR2_FORTIFY_SOURCE_1:
>
>   <command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
>   <command-line>:0:0: note: this is the location of the previous definition
>
> Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
> ---
>  ...on-the-build-env-for-_FORTIFY_SOURCE.patch | 27 +++++++++++++++++++
>  1 file changed, 27 insertions(+)
>  create mode 100644 
> package/mmc-utils/0001-Rely-on-the-build-env-for-_FORTIFY_SOURCE.patch
>
> diff --git 
> a/package/mmc-utils/0001-Rely-on-the-build-env-for-_FORTIFY_SOURCE.patch 
> b/package/mmc-utils/0001-Rely-on-the-build-env-for-_FORTIFY_SOURCE.patch
> new file mode 100644
> index 0000000000..b099efa6c4
> --- /dev/null
> +++ b/package/mmc-utils/0001-Rely-on-the-build-env-for-_FORTIFY_SOURCE.patch
> @@ -0,0 +1,27 @@
> +From 0c893e6f272351572548264bf423208a7b76bb16 Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= <jan.kundrat@cesnet.cz>
> +Date: Tue, 7 Aug 2018 17:29:35 +0200
> +Subject: [PATCH] Rely on the build env for _FORTIFY_SOURCE
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
> +---
> + Makefile | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/Makefile b/Makefile
> +index aa27ff2..a3890b2 100644
> +--- a/Makefile
> ++++ b/Makefile
> +@@ -1,5 +1,5 @@
> + CC ?= gcc
> +-AM_CFLAGS = -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2
> ++AM_CFLAGS = -D_FILE_OFFSET_BITS=64
> + CFLAGS ?= -g -O2
> + objects = \
> + 	mmc.o \
> +-- 
> +2.17.1
> +

This patch might not be needed when Matthew Weber's series ([PATCH 0/6] 
Hardening Flag Bugfix/Enhancement) lands. My recommendation is to hold it 
for a while.

With kind regards,
Jan
Thomas Petazzoni Aug. 8, 2018, 1:17 p.m. | #2
Hello,

On Tue, 7 Aug 2018 17:32:51 +0200, Jan Kundrát wrote:
> Upstream always forced _FORTIFY_SOURCE=2. At first, I tried changing
> their flags to undefine that macro first, but that did not work well.
> This patch ensures that the package always respects our toolchain
> settings, even in cases where we are not fortifying the build.
> 
> This fixes a build failure where the mmc-utils package failed to build
> with, e.g., BR2_FORTIFY_SOURCE_1:
> 
>   <command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
>   <command-line>:0:0: note: this is the location of the previous definition
> 
> Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>

Is this fixing a build issue reported by the autobuilders ? Or only
with hardening options ? Your commit log is not very verbose in details
about the configuration/condition under which the build failure happens.

Thanks!

Thomas
Matthew Weber Aug. 10, 2018, 2:56 a.m. | #3
All,
On Wed, Aug 8, 2018 at 8:17 AM Thomas Petazzoni
<thomas.petazzoni@bootlin.com> wrote:
>
> Hello,
>
> On Tue, 7 Aug 2018 17:32:51 +0200, Jan Kundrát wrote:
> > Upstream always forced _FORTIFY_SOURCE=2. At first, I tried changing
> > their flags to undefine that macro first, but that did not work well.
> > This patch ensures that the package always respects our toolchain
> > settings, even in cases where we are not fortifying the build.
> >
> > This fixes a build failure where the mmc-utils package failed to build
> > with, e.g., BR2_FORTIFY_SOURCE_1:
> >
> >   <command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
> >   <command-line>:0:0: note: this is the location of the previous definition
> >
> > Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
>
> Is this fixing a build issue reported by the autobuilders ? Or only
> with hardening options ? Your commit log is not very verbose in details
> about the configuration/condition under which the build failure happens.

(I haven't directly talked with Jan on this) It looks very similar to
other pkgs him and I looked at where flags were messy in the pkg and
now exposed when a build is done using hardening options, not a
autobuilder.

This isn't related to my hardening fixes patchset (ie those patches
won't fix this issue).  Instead, I'd refactor this patch to move the
AM_CFLAGS "-D_FORTIFY_SOURCE=2" into the CFLAGS ?= .  That should be
an upstream-able change and preserve their intent.

Matt

Patch

diff --git a/package/mmc-utils/0001-Rely-on-the-build-env-for-_FORTIFY_SOURCE.patch b/package/mmc-utils/0001-Rely-on-the-build-env-for-_FORTIFY_SOURCE.patch
new file mode 100644
index 0000000000..b099efa6c4
--- /dev/null
+++ b/package/mmc-utils/0001-Rely-on-the-build-env-for-_FORTIFY_SOURCE.patch
@@ -0,0 +1,27 @@ 
+From 0c893e6f272351572548264bf423208a7b76bb16 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= <jan.kundrat@cesnet.cz>
+Date: Tue, 7 Aug 2018 17:29:35 +0200
+Subject: [PATCH] Rely on the build env for _FORTIFY_SOURCE
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index aa27ff2..a3890b2 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,5 +1,5 @@
+ CC ?= gcc
+-AM_CFLAGS = -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2
++AM_CFLAGS = -D_FILE_OFFSET_BITS=64
+ CFLAGS ?= -g -O2
+ objects = \
+ 	mmc.o \
+-- 
+2.17.1
+