Message ID | 1441639933-24172-1-git-send-email-helmut.schaa@googlemail.com |
---|---|
State | Rejected |
Headers | show |
NAK. Not many package build systems honors CPPFLAGS so this solution is impractical, since it effectively disables fortification for many of them. To my knowledge c-ares is the only package enforcing this kind of behavior so it should be fixed to work with our buildsystem instead.
Hi Am 07.09.2015 um 17:32 schrieb Helmut Schaa: > Fix the following configure error with c-ares by using CPPFLAGS for -D_FORTIFY_SOURCE. > Not sure if any other packages suffer from the same issue. > > configure: using CFLAGS: -Os -pipe -march=74kc -fno-caller-saves -mno-branch-likely -g3 -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro > configure: CFLAGS error: CFLAGS may only be used to specify C compiler flags, not macro definitions. Use CPPFLAGS for: -D_FORTIFY_SOURCE=1 > configure: error: Can not continue. Fix errors mentioned immediately above this line. Did you get this in the CC branch? According to https://github.com/openwrt/packages/pull/1464 this should be fixed in master and applying this patch on top of the CC branch worked for me. With kind regards Stefan Peter
On Mon, Sep 7, 2015 at 6:19 PM, Steven Barth <cyrus@openwrt.org> wrote: > NAK. > Not many package build systems honors CPPFLAGS so this solution is impractical, > since it effectively disables fortification for many of them. > > To my knowledge c-ares is the only package enforcing this kind of behavior > so it should be fixed to work with our buildsystem instead. Thanks for the info. Please drop this patch then ... Helmut
On Tue, Sep 8, 2015 at 9:03 AM, Stefan Peter <st3fanp3t3r@gmail.com> wrote: > Hi > Am 07.09.2015 um 17:32 schrieb Helmut Schaa: >> Fix the following configure error with c-ares by using CPPFLAGS for -D_FORTIFY_SOURCE. >> Not sure if any other packages suffer from the same issue. >> >> configure: using CFLAGS: -Os -pipe -march=74kc -fno-caller-saves -mno-branch-likely -g3 -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro >> configure: CFLAGS error: CFLAGS may only be used to specify C compiler flags, not macro definitions. Use CPPFLAGS for: -D_FORTIFY_SOURCE=1 >> configure: error: Can not continue. Fix errors mentioned immediately above this line. > > Did you get this in the CC branch? > > According to > https://github.com/openwrt/packages/pull/1464 > this should be fixed in master and applying this patch on top of the CC > branch worked for me. I came up with a similar patch now :) but good to know it's fixed in master already. Helmut
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Helmut Schaa <helmut.schaa@googlemail.com> wrote: > On Tue, Sep 8, 2015 at 9:03 AM, Stefan Peter <st3fanp3t3r@gmail.com> > wrote: > > Hi > > Am 07.09.2015 um 17:32 schrieb Helmut Schaa: > >> Fix the following configure error with c-ares by using CPPFLAGS for -D_FORTIFY_SOURCE. > >> Not sure if any other packages suffer from the same issue. > >> > >> configure: using CFLAGS: -Os -pipe -march=74kc -fno-caller-saves -mno-branch-likely -g3 -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro > >> configure: CFLAGS error: CFLAGS may only be used to specify C compiler flags, not macro definitions. Use CPPFLAGS for: -D_FORTIFY_SOURCE=1 > >> configure: error: Can not continue. Fix errors mentioned immediately above this line. > > > > Did you get this in the CC branch? > > > > According to > > https://github.com/openwrt/packages/pull/1464 > > this should be fixed in master and applying this patch on top of the CC > > branch worked for me. > > I came up with a similar patch now :) but good to know it's fixed in > master already. > Helmut Also, I took it up with c-ares, they largely feel that we're "wrong" but agreed that they could probably relax their check from an error to a warning: http://c-ares.haxx.se/mail/c-ares-archive-2015-06/0005.shtml However, that's "in the future" Cheers, Karl P -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJV7wXfAAoJEBmotQ/U1cr2ISAP/3so2iplIZldSEM+nvQZPbcj nlRu2uLw8A0ZaMiu0kgdDt2Qbm+cD/ZXAPmnavOmS3A0v7v9E8DYqJq44WAJiDH+ 7LHQf/UKMm0VLXBAFp1x/271mwS+hNa29qsUIZQYWsaL0rI3a7MV7vCBzkwjmtAZ obRxrWT2zlBQYquXiHe+2bO362s7GGu51XqGFFDSFz2kYX+lKYQkpzTUuU/6jzQI byTXcW0rNwSehcIM5lMOo7oMuXTmsZrqsC+YRxAx3C/jAgNbFwSPkAN9YQankA8m PIvtjGvB86svimlFZXKVIurlXYFfbN48hPfYKhbGkM7ZPtanc8MJ+PtzAqI3HRR1 eDJ/RRZPEnBwShN/Waz3p1hV7UV1H0mVaEoWtOdZt7wYudRauQJTM89eIeAcaqYq I3LZqOimeOYeY4Qaw8KoP9EecX+pfFC9EOSnvjvZnYjeFMeoXLB7g7qyy1g2SQSW rE2zM00KDcBulRegVSLnMobnbj6kINNbk0jIK+kvDI7bd805IRB5upAtx0dHHDPE qOivN8oKlWHOOnNKdmwpgwcMuUJzotTX8We+fMUF/Wq2hO0in76T2EaFiX3dntBJ yoqv+wXG5vghK5vunu5+825wHwwjEBfEmiFuh8FhGpIXs5Ft2fqPQjLEzzh9c15J w762vHTLSp0MKmba93jQ =Dp1P -----END PGP SIGNATURE-----
diff --git a/include/hardening.mk b/include/hardening.mk index c277081..4de9cfc 100644 --- a/include/hardening.mk +++ b/include/hardening.mk @@ -27,12 +27,12 @@ ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG endif ifdef CONFIG_PKG_FORTIFY_SOURCE_1 ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1) - TARGET_CFLAGS += -D_FORTIFY_SOURCE=1 + TARGET_CPPFLAGS += -D_FORTIFY_SOURCE=1 endif endif ifdef CONFIG_PKG_FORTIFY_SOURCE_2 ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1) - TARGET_CFLAGS += -D_FORTIFY_SOURCE=2 + TARGET_CPPFLAGS += -D_FORTIFY_SOURCE=2 endif endif ifdef CONFIG_PKG_RELRO_PARTIAL
Fix the following configure error with c-ares by using CPPFLAGS for -D_FORTIFY_SOURCE. Not sure if any other packages suffer from the same issue. configure: using CFLAGS: -Os -pipe -march=74kc -fno-caller-saves -mno-branch-likely -g3 -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro configure: CFLAGS error: CFLAGS may only be used to specify C compiler flags, not macro definitions. Use CPPFLAGS for: -D_FORTIFY_SOURCE=1 configure: error: Can not continue. Fix errors mentioned immediately above this line. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> --- include/hardening.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)