Config.in: security hardening: disable FORTIFY_SOURCE for gcc < 6

As reported in the bug report [1], gcc < 6 doesn't build when
FORTIFY_SOURCE is set to 1 or 2. The issue is related to the
upstream bug report [2] but the patch fixing the issue for gcc 6
has not been backported to earlier gcc versions.

Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1
and BR2_FORTIFY_SOURCE_2.

[1] https://bugs.busybox.net/show_bug.cgi?id=11476
[2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
[3] https://github.com/gcc-mirror/gcc/commit/55f12fce4ccf77513644a247f9c401a5b1fa2402

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
---
To be backported up to Buildroot 2018.02.x.
---
 Config.in | 4 ++++
 1 file changed, 4 insertions(+)

Romain ,





On Mon, Nov 5, 2018, 14:07 Romain Naour <romain.naour@gmail.com wrote:

> As reported in the bug report [1], gcc < 6 doesn't build when
> FORTIFY_SOURCE is set to 1 or 2. The issue is related to the
> upstream bug report [2] but the patch fixing the issue for gcc 6
> has not been backported to earlier gcc versions.
>
> Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1
> and BR2_FORTIFY_SOURCE_2.
>

Sorry about the HTML email.

Could this dependency be conditional on if a internal toolchain is used?



> [1] https://bugs.busybox.net/show_bug.cgi?id=11476
> [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
> [3]
> https://github.com/gcc-mirror/gcc/commit/55f12fce4ccf77513644a247f9c401a5b1fa2402
>
> Signed-off-by: Romain Naour <romain.naour@gmail.com>
> Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
> Cc: Peter Korsgaard <peter@korsgaard.com>
> ---
> To be backported up to Buildroot 2018.02.x.
> ---
>  Config.in | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/Config.in b/Config.in
> index 584a1f087f..6176433fc0 100644
> --- a/Config.in
> +++ b/Config.in
> @@ -798,6 +798,8 @@ config BR2_FORTIFY_SOURCE_NONE
>
>  config BR2_FORTIFY_SOURCE_1
>         bool "Conservative"
> +       # gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
> +       depends on BR2_TOOLCHAIN_GCC_AT_LEAST_6
>         help
>           This option sets _FORTIFY_SOURCE to 1 and only introduces
>           checks that shouldn't change the behavior of conforming
> @@ -805,6 +807,8 @@ config BR2_FORTIFY_SOURCE_1
>
>  config BR2_FORTIFY_SOURCE_2
>         bool "Aggressive"
> +       # gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
> +       depends on BR2_TOOLCHAIN_GCC_AT_LEAST_6
>         help
>           This option sets _FORTIFY_SOURCES to 2 and some more
>           checking is added, but some conforming programs might fail.
> --
> 2.14.5
>
>
<div dir="auto"><div>Romain ,</div><div dir="auto"><br></div><div dir="auto"><br><div dir="auto"><br></div><br><br><div class="gmail_quote" dir="auto"><div dir="ltr">On Mon, Nov 5, 2018, 14:07 Romain Naour &lt;<a href="mailto:romain.naour@gmail.com">romain.naour@gmail.com</a> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">As reported in the bug report [1], gcc &lt; 6 doesn&#39;t build when<br>
FORTIFY_SOURCE is set to 1 or 2. The issue is related to the<br>
upstream bug report [2] but the patch fixing the issue for gcc 6<br>
has not been backported to earlier gcc versions.<br>
<br>
Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1<br>
and BR2_FORTIFY_SOURCE_2.<br></blockquote></div></div><div dir="auto"><br></div><div dir="auto">Sorry about the HTML email.  </div><div dir="auto"><br></div><div dir="auto">Could this dependency be conditional on if a internal toolchain is used?  </div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote" dir="auto"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
[1] <a href="https://bugs.busybox.net/show_bug.cgi?id=11476" rel="noreferrer noreferrer" target="_blank">https://bugs.busybox.net/show_bug.cgi?id=11476</a><br>
[2] <a href="https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164" rel="noreferrer noreferrer" target="_blank">https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164</a><br>
[3] <a href="https://github.com/gcc-mirror/gcc/commit/55f12fce4ccf77513644a247f9c401a5b1fa2402" rel="noreferrer noreferrer" target="_blank">https://github.com/gcc-mirror/gcc/commit/55f12fce4ccf77513644a247f9c401a5b1fa2402</a><br>
<br>
Signed-off-by: Romain Naour &lt;<a href="mailto:romain.naour@gmail.com" target="_blank" rel="noreferrer">romain.naour@gmail.com</a>&gt;<br>
Cc: Matthew Weber &lt;<a href="mailto:matthew.weber@rockwellcollins.com" target="_blank" rel="noreferrer">matthew.weber@rockwellcollins.com</a>&gt;<br>
Cc: Peter Korsgaard &lt;<a href="mailto:peter@korsgaard.com" target="_blank" rel="noreferrer">peter@korsgaard.com</a>&gt;<br>
---<br>
To be backported up to Buildroot 2018.02.x.<br>
---<br>
 Config.in | 4 ++++<br>
 1 file changed, 4 insertions(+)<br>
<br>
diff --git a/Config.in b/Config.in<br>
index 584a1f087f..6176433fc0 100644<br>
--- a/Config.in<br>
+++ b/Config.in<br>
@@ -798,6 +798,8 @@ config BR2_FORTIFY_SOURCE_NONE<br>
<br>
 config BR2_FORTIFY_SOURCE_1<br>
        bool &quot;Conservative&quot;<br>
+       # gcc bug <a href="https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164" rel="noreferrer noreferrer" target="_blank">https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164</a><br>
+       depends on BR2_TOOLCHAIN_GCC_AT_LEAST_6<br>
        help<br>
          This option sets _FORTIFY_SOURCE to 1 and only introduces<br>
          checks that shouldn&#39;t change the behavior of conforming<br>
@@ -805,6 +807,8 @@ config BR2_FORTIFY_SOURCE_1<br>
<br>
 config BR2_FORTIFY_SOURCE_2<br>
        bool &quot;Aggressive&quot;<br>
+       # gcc bug <a href="https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164" rel="noreferrer noreferrer" target="_blank">https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164</a><br>
+       depends on BR2_TOOLCHAIN_GCC_AT_LEAST_6<br>
        help<br>
          This option sets _FORTIFY_SOURCES to 2 and some more<br>
          checking is added, but some conforming programs might fail.<br>
-- <br>
2.14.5<br>
<br>
</blockquote></div></div></div>

>>>>> "Matthew" == Matthew Weber <matthew.weber@rockwellcollins.com> writes:

 > Romain ,
 > On Mon, Nov 5, 2018, 14:07 Romain Naour <romain.naour@gmail.com wrote:

 >> As reported in the bug report [1], gcc < 6 doesn't build when
 >> FORTIFY_SOURCE is set to 1 or 2. The issue is related to the
 >> upstream bug report [2] but the patch fixing the issue for gcc 6
 >> has not been backported to earlier gcc versions.
 >> 
 >> Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1
 >> and BR2_FORTIFY_SOURCE_2.
 >> 

 > Sorry about the HTML email.

 > Could this dependency be conditional on if a internal toolchain is used?

Ahh yes, if this is really about *building* gcc, then it should be

depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6

Peter/Romain,


On Mon, Nov 5, 2018 at 4:17 PM Peter Korsgaard <peter@korsgaard.com> wrote:
>
> >>>>> "Matthew" == Matthew Weber <matthew.weber@rockwellcollins.com> writes:
>
>  > Romain ,
>  > On Mon, Nov 5, 2018, 14:07 Romain Naour <romain.naour@gmail.com wrote:
>
>  >> As reported in the bug report [1], gcc < 6 doesn't build when
>  >> FORTIFY_SOURCE is set to 1 or 2. The issue is related to the
>  >> upstream bug report [2] but the patch fixing the issue for gcc 6
>  >> has not been backported to earlier gcc versions.
>  >>
>  >> Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1
>  >> and BR2_FORTIFY_SOURCE_2.
>  >>
>
>  > Sorry about the HTML email.
>
>  > Could this dependency be conditional on if a internal toolchain is used?
>
> Ahh yes, if this is really about *building* gcc, then it should be
>
> depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
>

Correct.  I'll have to dig a bit and see what the minimum supported
external toolchain version is.  I believe 5.4.x

Matt

>>>>> "Romain" == Romain Naour <romain.naour@gmail.com> writes:

 > As reported in the bug report [1], gcc < 6 doesn't build when
 > FORTIFY_SOURCE is set to 1 or 2. The issue is related to the
 > upstream bug report [2] but the patch fixing the issue for gcc 6
 > has not been backported to earlier gcc versions.

 > Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1
 > and BR2_FORTIFY_SOURCE_2.

 > [1] https://bugs.busybox.net/show_bug.cgi?id=11476
 > [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
 > [3] https://github.com/gcc-mirror/gcc/commit/55f12fce4ccf77513644a247f9c401a5b1fa2402

 > Signed-off-by: Romain Naour <romain.naour@gmail.com>
 > Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
 > Cc: Peter Korsgaard <peter@korsgaard.com>
 > ---
 > To be backported up to Buildroot 2018.02.x.

Committed after adding the internal toolchain dependency as pointed out
by Matthew, thanks.

All,

On Mon, Nov 5, 2018 at 4:21 PM Matthew Weber
<matthew.weber@rockwellcollins.com> wrote:
>
> Peter/Romain,
>
>
> On Mon, Nov 5, 2018 at 4:17 PM Peter Korsgaard <peter@korsgaard.com> wrote:
> >
> > >>>>> "Matthew" == Matthew Weber <matthew.weber@rockwellcollins.com> writes:
> >
> >  > Romain ,
> >  > On Mon, Nov 5, 2018, 14:07 Romain Naour <romain.naour@gmail.com wrote:
> >
> >  >> As reported in the bug report [1], gcc < 6 doesn't build when
> >  >> FORTIFY_SOURCE is set to 1 or 2. The issue is related to the
> >  >> upstream bug report [2] but the patch fixing the issue for gcc 6
> >  >> has not been backported to earlier gcc versions.
> >  >>
> >  >> Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1
> >  >> and BR2_FORTIFY_SOURCE_2.
> >  >>
> >
> >  > Sorry about the HTML email.
> >
> >  > Could this dependency be conditional on if a internal toolchain is used?
> >
> > Ahh yes, if this is really about *building* gcc, then it should be
> >
> > depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
> >
>
> Correct.  I'll have to dig a bit and see what the minimum supported
> external toolchain version is.  I believe 5.4.x

Found an old post....  https://access.redhat.com/blogs/766093/posts/1976213
Looks like the FORTIFY options should work from GCC 4.0+ and is more
dependent on GLIBC being new enough (which we won't run into).
Macros are supported since GLIBC2.3.4 -
http://man7.org/linux/man-pages/man7/feature_test_macros.7.html

Matt

Le 06/11/2018 à 13:27, Matthew Weber a écrit :
> All,
> 
> On Mon, Nov 5, 2018 at 4:21 PM Matthew Weber
> <matthew.weber@rockwellcollins.com> wrote:
>>
>> Peter/Romain,
>>
>>
>> On Mon, Nov 5, 2018 at 4:17 PM Peter Korsgaard <peter@korsgaard.com> wrote:
>>>
>>>>>>>> "Matthew" == Matthew Weber <matthew.weber@rockwellcollins.com> writes:
>>>
>>>  > Romain ,
>>>  > On Mon, Nov 5, 2018, 14:07 Romain Naour <romain.naour@gmail.com wrote:
>>>
>>>  >> As reported in the bug report [1], gcc < 6 doesn't build when
>>>  >> FORTIFY_SOURCE is set to 1 or 2. The issue is related to the
>>>  >> upstream bug report [2] but the patch fixing the issue for gcc 6
>>>  >> has not been backported to earlier gcc versions.
>>>  >>
>>>  >> Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1
>>>  >> and BR2_FORTIFY_SOURCE_2.
>>>  >>
>>>
>>>  > Sorry about the HTML email.
>>>
>>>  > Could this dependency be conditional on if a internal toolchain is used?
>>>
>>> Ahh yes, if this is really about *building* gcc, then it should be
>>>
>>> depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
>>>
>>
>> Correct.  I'll have to dig a bit and see what the minimum supported
>> external toolchain version is.  I believe 5.4.x
> 
> Found an old post....  https://access.redhat.com/blogs/766093/posts/1976213
> Looks like the FORTIFY options should work from GCC 4.0+ and is more
> dependent on GLIBC being new enough (which we won't run into).
> Macros are supported since GLIBC2.3.4 -
> http://man7.org/linux/man-pages/man7/feature_test_macros.7.html

Maybe it worth to backport this patch?

https://github.com/gcc-mirror/gcc/commit/55f12fce4ccf77513644a247f9c401a5b1fa2402

Best regards,
Romain

> 
> Matt
>

>>>>> "Romain" == Romain Naour <romain.naour@gmail.com> writes:

 > As reported in the bug report [1], gcc < 6 doesn't build when
 > FORTIFY_SOURCE is set to 1 or 2. The issue is related to the
 > upstream bug report [2] but the patch fixing the issue for gcc 6
 > has not been backported to earlier gcc versions.

 > Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1
 > and BR2_FORTIFY_SOURCE_2.

 > [1] https://bugs.busybox.net/show_bug.cgi?id=11476
 > [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
 > [3] https://github.com/gcc-mirror/gcc/commit/55f12fce4ccf77513644a247f9c401a5b1fa2402

 > Signed-off-by: Romain Naour <romain.naour@gmail.com>
 > Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
 > Cc: Peter Korsgaard <peter@korsgaard.com>
 > ---
 > To be backported up to Buildroot 2018.02.x.

Committed to 2018.02.x and 2018.08.x, thanks.