Re: [Buildroot] [PATCH 1/1] package/jitterentropy-library: fix build without stack-protector

From: Baruch Siach via buildroot <buildroot@buildroot.org>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Matt Weber <matthew.weber@collins.com>, buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/jitterentropy-library: fix build without stack-protector
Date: Sun, 19 Dec 2021 17:36:48 +0200	[thread overview]
Message-ID: <87h7b4ehaw.fsf@tarshish> (raw)
In-Reply-To: <20211219153207.1084655-1-fontaine.fabrice@gmail.com>

Hi Fabrice,

On Sun, Dec 19 2021, Fabrice Fontaine wrote:
> Fix the following build failure without stack-protector raised since
> bump to version 3.3.1 in commit 3965f09cb427af411055a783cd14b501b2b28285
> and
> https://github.com/smuellerDD/jitterentropy-library/commit/5b3cb7f35e41ba2f34a75d004cf095c965a1a0c4:
>
> /home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
> jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
>
> Fixes:
>  - http://autobuild.buildroot.org/results/8de/8dee462d16d934dd173d58f17933c6911e4336bf/build-end.log
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  ...-Makefile-add-ENABLE_STACK_PROTECTOR.patch | 52 +++++++++++++++++++
>  .../jitterentropy-library.mk                  |  2 +-
>  2 files changed, 53 insertions(+), 1 deletion(-)
>  create mode 100644 package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
>
> diff --git a/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch b/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
> new file mode 100644
> index 0000000000..c4388663b0
> --- /dev/null
> +++ b/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
> @@ -0,0 +1,52 @@
> +From 272ee47892563e849f6b1bf59b0173f8aa33b631 Mon Sep 17 00:00:00 2001
> +From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +Date: Sun, 19 Dec 2021 11:36:13 +0100
> +Subject: [PATCH] Makefile: add ENABLE_STACK_PROTECTOR
> +
> +Add ENABLE_STACK_PROTECTOR as build on embedded toolchains without
> +stack-protector is again broken since
> +https://github.com/smuellerDD/jitterentropy-library/commit/5b3cb7f35e41ba2f34a75d004cf095c965a1a0c4:
> +
> +/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
> +jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
> +
> +Fixes:
> + - http://autobuild.buildroot.org/results/8dee462d16d934dd173d58f17933c6911e4336bf
> +
> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +Signed-off-by: Stephan Mueller <smueller@chronox.de>
> +[Retrieved from:
> +https://github.com/smuellerDD/jitterentropy-library/commit/272ee47892563e849f6b1bf59b0173f8aa33b631]
> +---
> + Makefile | 11 +++++++----
> + 1 file changed, 7 insertions(+), 4 deletions(-)
> +
> +diff --git a/Makefile b/Makefile
> +index dfb96a8..c999ef5 100644
> +--- a/Makefile
> ++++ b/Makefile
> +@@ -2,6 +2,7 @@
> + 
> + CC ?= gcc
> + #Hardening
> ++ENABLE_STACK_PROTECTOR ?= 1
> + CFLAGS ?= -fwrapv --param ssp-buffer-size=4 -fvisibility=hidden -fPIE -Wcast-align -Wmissing-field-initializers -Wshadow -Wswitch-enum
> + CFLAGS +=-Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
> + LDFLAGS +=-Wl,-z,relro,-z,now -lpthread
> +@@ -13,10 +14,12 @@ else
> +   GCC_GTEQ_490 := $(shell expr `$(CC) -dumpfullversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/'` \>= 40900)
> + endif
> + 
> +-ifeq "$(GCC_GTEQ_490)" "1"
> +-  CFLAGS += -fstack-protector-strong
> +-else
> +-  CFLAGS += -fstack-protector-all
> ++ifeq "$(ENABLE_STACK_PROTECTOR)" "1"
> ++  ifeq "$(GCC_GTEQ_490)" "1"
> ++    CFLAGS += -fstack-protector-strong
> ++  else
> ++    CFLAGS += -fstack-protector-all
> ++  endif
> + endif
> + 
> + # Change as necessary
> diff --git a/package/jitterentropy-library/jitterentropy-library.mk b/package/jitterentropy-library/jitterentropy-library.mk
> index 830da0e065..4cdebf46a3 100644
> --- a/package/jitterentropy-library/jitterentropy-library.mk
> +++ b/package/jitterentropy-library/jitterentropy-library.mk
> @@ -26,7 +26,7 @@ endif
>  
>  define JITTERENTROPY_LIBRARY_BUILD_CMDS
>  	$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
> -		$(JITTERENTROPY_LIBRARY_BUILD_TARGETS)
> +		ENABLE_STACK_PROTECTOR=0 $(JITTERENTROPY_LIBRARY_BUILD_TARGETS)

Why disable stack protector unconditionally instead of making it depend
on BR2_TOOLCHAIN_HAS_SSP?

baruch

>  endef
>  
>  define JITTERENTROPY_LIBRARY_INSTALL_STAGING_CMDS

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot