* [Buildroot] [PATCHv2 01/12] toolchain-external: instrument wrapper to warn about unsafe paths
2014-12-01 21:55 [Buildroot] [PATCHv2 00/12] Paranoid header and library path checking Thomas Petazzoni
@ 2014-12-01 21:55 ` Thomas Petazzoni
2014-12-06 16:57 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 02/12] binutils/2.24: add patch to warn about unsafe library paths Thomas Petazzoni
` (10 subsequent siblings)
11 siblings, 1 reply; 26+ messages in thread
From: Thomas Petazzoni @ 2014-12-01 21:55 UTC (permalink / raw)
To: buildroot
The CodeSourcery toolchains have a very interesting feature: they warn
the user when an unsafe header or library path is used, i.e a path
that will lead host headers or libraries to leak into the build.
This commit adds a similar functionality into our external toolchain
wrapper, so that it can be used with all external toolchains, and can
also be tuned as needed. By default, the external toolchain wrapper
now gives warnings such as:
arm-linux-gcc: WARNING: unsafe header/library path used in cross-compilation: '-I /usr/foo'
arm-linux-gcc: WARNING: unsafe header/library path used in cross-compilation: '-L /usr/bleh'
but the compilation continues successfully. One can then easily grep
in his build log to search for occurences of this message.
Optionally, if BR_COMPILER_PARANOID_UNSAFE_PATH is defined in the
environment to a non empty value, the external wrapper will instead
error out and abort the compilation.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
.../toolchain-external/ext-toolchain-wrapper.c | 53 ++++++++++++++++++++++
1 file changed, 53 insertions(+)
diff --git a/toolchain/toolchain-external/ext-toolchain-wrapper.c b/toolchain/toolchain-external/ext-toolchain-wrapper.c
index f459a7e..846cb5b 100644
--- a/toolchain/toolchain-external/ext-toolchain-wrapper.c
+++ b/toolchain/toolchain-external/ext-toolchain-wrapper.c
@@ -15,11 +15,13 @@
* kind, whether express or implied.
*/
+#define _GNU_SOURCE
#include <stdio.h>
#include <string.h>
#include <limits.h>
#include <unistd.h>
#include <stdlib.h>
+#include <errno.h>
static char path[PATH_MAX];
static char sysroot[PATH_MAX];
@@ -69,6 +71,25 @@ static char *predef_args[] = {
#endif
};
+static void check_unsafe_path(const char *path, int paranoid)
+{
+ char **c;
+ static char *unsafe_paths[] = {
+ "/lib", "/usr/include", "/usr/lib", "/usr/local/include", "/usr/local/lib", NULL,
+ };
+
+ for (c = unsafe_paths; *c != NULL; c++) {
+ if (!strncmp(path, *c, strlen(*c))) {
+ fprintf(stderr, "%s: %s: unsafe header/library path used in cross-compilation: '%s'\n",
+ program_invocation_short_name,
+ paranoid ? "ERROR" : "WARNING", path);
+ if (paranoid)
+ exit(1);
+ continue;
+ }
+ }
+}
+
int main(int argc, char **argv)
{
char **args, **cur;
@@ -76,6 +97,8 @@ int main(int argc, char **argv)
char *progpath = argv[0];
char *basename;
char *env_debug;
+ char *paranoid_wrapper;
+ int paranoid;
int ret, i, count = 0, debug;
/* Calculate the relative paths */
@@ -172,6 +195,36 @@ int main(int argc, char **argv)
}
#endif /* ARCH || CPU */
+ paranoid_wrapper = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
+ if (paranoid_wrapper && strlen(paranoid_wrapper) > 0)
+ paranoid = 1;
+ else
+ paranoid = 0;
+
+
+ /* Check for unsafe library and header paths */
+ for (i = 1; i < argc; i++) {
+
+ /* Skip options that do not start with -I and -L */
+ if (strncmp(argv[i], "-I", 2) && strncmp(argv[i], "-L", 2))
+ continue;
+
+ /* We handle two cases: first the case where -I/-L and
+ * the path are separated by one space and therefore
+ * visible as two separate options, and then the case
+ * where they are stuck together forming one single
+ * option.
+ */
+ if (argv[i][2] == '\0') {
+ i++;
+ if (i == argc)
+ continue;
+ check_unsafe_path(argv[i], paranoid);
+ } else {
+ check_unsafe_path(argv[i] + 2, paranoid);
+ }
+ }
+
/* append forward args */
memcpy(cur, &argv[1], sizeof(char *) * (argc - 1));
cur += argc - 1;
--
2.1.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [Buildroot] [PATCHv2 01/12] toolchain-external: instrument wrapper to warn about unsafe paths
2014-12-01 21:55 ` [Buildroot] [PATCHv2 01/12] toolchain-external: instrument wrapper to warn about unsafe paths Thomas Petazzoni
@ 2014-12-06 16:57 ` Romain Naour
0 siblings, 0 replies; 26+ messages in thread
From: Romain Naour @ 2014-12-06 16:57 UTC (permalink / raw)
To: buildroot
Hi Thomas,
Le 01/12/2014 22:55, Thomas Petazzoni a ?crit :
> The CodeSourcery toolchains have a very interesting feature: they warn
> the user when an unsafe header or library path is used, i.e a path
> that will lead host headers or libraries to leak into the build.
>
> This commit adds a similar functionality into our external toolchain
> wrapper, so that it can be used with all external toolchains, and can
> also be tuned as needed. By default, the external toolchain wrapper
> now gives warnings such as:
>
> arm-linux-gcc: WARNING: unsafe header/library path used in cross-compilation: '-I /usr/foo'
> arm-linux-gcc: WARNING: unsafe header/library path used in cross-compilation: '-L /usr/bleh'
>
> but the compilation continues successfully. One can then easily grep
> in his build log to search for occurences of this message.
>
> Optionally, if BR_COMPILER_PARANOID_UNSAFE_PATH is defined in the
> environment to a non empty value, the external wrapper will instead
> error out and abort the compilation.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> ---
> .../toolchain-external/ext-toolchain-wrapper.c | 53 ++++++++++++++++++++++
> 1 file changed, 53 insertions(+)
>
> diff --git a/toolchain/toolchain-external/ext-toolchain-wrapper.c b/toolchain/toolchain-external/ext-toolchain-wrapper.c
> index f459a7e..846cb5b 100644
> --- a/toolchain/toolchain-external/ext-toolchain-wrapper.c
> +++ b/toolchain/toolchain-external/ext-toolchain-wrapper.c
> @@ -15,11 +15,13 @@
> * kind, whether express or implied.
> */
>
> +#define _GNU_SOURCE
> #include <stdio.h>
> #include <string.h>
> #include <limits.h>
> #include <unistd.h>
> #include <stdlib.h>
> +#include <errno.h>
>
> static char path[PATH_MAX];
> static char sysroot[PATH_MAX];
> @@ -69,6 +71,25 @@ static char *predef_args[] = {
> #endif
> };
>
> +static void check_unsafe_path(const char *path, int paranoid)
> +{
> + char **c;
> + static char *unsafe_paths[] = {
> + "/lib", "/usr/include", "/usr/lib", "/usr/local/include", "/usr/local/lib", NULL,
We may add "/lib64", "/usr/lib64" and "/usr/local/lib64" too ?
> + };
> +
> + for (c = unsafe_paths; *c != NULL; c++) {
> + if (!strncmp(path, *c, strlen(*c))) {
> + fprintf(stderr, "%s: %s: unsafe header/library path used in cross-compilation: '%s'\n",
> + program_invocation_short_name,
> + paranoid ? "ERROR" : "WARNING", path);
> + if (paranoid)
> + exit(1);
> + continue;
> + }
> + }
> +}
> +
> int main(int argc, char **argv)
> {
> char **args, **cur;
> @@ -76,6 +97,8 @@ int main(int argc, char **argv)
> char *progpath = argv[0];
> char *basename;
> char *env_debug;
> + char *paranoid_wrapper;
> + int paranoid;
> int ret, i, count = 0, debug;
>
> /* Calculate the relative paths */
> @@ -172,6 +195,36 @@ int main(int argc, char **argv)
> }
> #endif /* ARCH || CPU */
>
> + paranoid_wrapper = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
> + if (paranoid_wrapper && strlen(paranoid_wrapper) > 0)
> + paranoid = 1;
> + else
> + paranoid = 0;
> +
> +
extra new line
> + /* Check for unsafe library and header paths */
> + for (i = 1; i < argc; i++) {
> +
> + /* Skip options that do not start with -I and -L */
> + if (strncmp(argv[i], "-I", 2) && strncmp(argv[i], "-L", 2))
> + continue;
> +
> + /* We handle two cases: first the case where -I/-L and
> + * the path are separated by one space and therefore
> + * visible as two separate options, and then the case
> + * where they are stuck together forming one single
> + * option.
> + */
> + if (argv[i][2] == '\0') {
> + i++;
> + if (i == argc)
> + continue;
> + check_unsafe_path(argv[i], paranoid);
> + } else {
> + check_unsafe_path(argv[i] + 2, paranoid);
> + }
> + }
> +
> /* append forward args */
> memcpy(cur, &argv[1], sizeof(char *) * (argc - 1));
> cur += argc - 1;
>
Otherwise:
Reviewed-by: Romain Naour <romain.naour@openwide.fr>
Tested-by: Romain Naour <romain.naour@openwide.fr>
Tested with an external x86 toolchain with iprutils package selected.
$ make O=test/paranoid iprutils BR_COMPILER_PARANOID_UNSAFE_PATH=1
/home/naourr/git/buildroot/test/paranoid/host/usr/bin/i686-pc-linux-gnu-gcc -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -pipe -Os -Wall -DIPR_MAJOR_RELEASE=2 -DIPR_MINOR_RELEASE=4 -DIPR_FIX_LEVEL=2 -DIPR_FIX_DATE='"(June 10, 2014)"' -DIPR_VERSION_STR='"2.4.2 (June 10, 2014)"' -DIPR_RELEASE=1 -I. -I/usr/include/ncurses -o iprlib.o -c iprlib.c
gzip -f -c iprinit.8 > iprinit.8.gz
i686-pc-linux-gnu-gcc: ERROR: unsafe header/library path used in cross-compilation: '/usr/include/ncurses'
make[1]: *** [iprlib.o] Erreur 1
Thanks,
--
Romain Naour
OPEN WIDE Ing?nierie - Paris
23/25, rue Daviel| 75013 PARIS
http://ingenierie.openwide.fr
Le blog des technologies libres et embarqu?es :
http://www.linuxembedded.fr
^ permalink raw reply [flat|nested] 26+ messages in thread
* [Buildroot] [PATCHv2 02/12] binutils/2.24: add patch to warn about unsafe library paths
2014-12-01 21:55 [Buildroot] [PATCHv2 00/12] Paranoid header and library path checking Thomas Petazzoni
2014-12-01 21:55 ` [Buildroot] [PATCHv2 01/12] toolchain-external: instrument wrapper to warn about unsafe paths Thomas Petazzoni
@ 2014-12-01 21:55 ` Thomas Petazzoni
2014-12-08 22:51 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 03/12] binutils/2.23: " Thomas Petazzoni
` (9 subsequent siblings)
11 siblings, 1 reply; 26+ messages in thread
From: Thomas Petazzoni @ 2014-12-01 21:55 UTC (permalink / raw)
To: buildroot
This commit adds a patch to binutils borrowed from CodeSourcery/Yocto
that warns about unsafe library paths (i.e /usr/lib, /usr/local/lib,
etc.). The patch was adapted to binutils 2.24, and modified to support
the BR_COMPILER_PARANOID_UNSAFE_PATH environment variable to error out
instead of just warn when unsafe paths are used. Even though erroring
out can be chosen by passing --error-poison-system-directories, we are
not sure this option in LDFLAGS will always be passed, so having an
environment variable guarantees it will always be passed, and also
allows to have an identical behavior to the external toolchain
wrapper.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
.../2.24/600-poison-system-directories.patch | 279 +++++++++++++++++++++
1 file changed, 279 insertions(+)
create mode 100644 package/binutils/2.24/600-poison-system-directories.patch
diff --git a/package/binutils/2.24/600-poison-system-directories.patch b/package/binutils/2.24/600-poison-system-directories.patch
new file mode 100644
index 0000000..6a3bf6b
--- /dev/null
+++ b/package/binutils/2.24/600-poison-system-directories.patch
@@ -0,0 +1,279 @@
+Patch adapted to binutils 2.23.2 and extended to use
+BR_COMPILER_PARANOID_UNSAFE_PATH by Thomas Petazzoni.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+
+Upstream-Status: Inappropriate [distribution: codesourcery]
+
+Patch originally created by Mark Hatle, forward-ported to
+binutils 2.21 by Scott Garman.
+
+purpose: warn for uses of system directories when cross linking
+
+Code Merged from Sourcery G++ binutils 2.19 - 4.4-277
+
+2008-07-02 Joseph Myers <joseph@codesourcery.com>
+
+ ld/
+ * ld.h (args_type): Add error_poison_system_directories.
+ * ld.texinfo (--error-poison-system-directories): Document.
+ * ldfile.c (ldfile_add_library_path): Check
+ command_line.error_poison_system_directories.
+ * ldmain.c (main): Initialize
+ command_line.error_poison_system_directories.
+ * lexsup.c (enum option_values): Add
+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES.
+ (ld_options): Add --error-poison-system-directories.
+ (parse_args): Handle new option.
+
+2007-06-13 Joseph Myers <joseph@codesourcery.com>
+
+ ld/
+ * config.in: Regenerate.
+ * ld.h (args_type): Add poison_system_directories.
+ * ld.texinfo (--no-poison-system-directories): Document.
+ * ldfile.c (ldfile_add_library_path): Check
+ command_line.poison_system_directories.
+ * ldmain.c (main): Initialize
+ command_line.poison_system_directories.
+ * lexsup.c (enum option_values): Add
+ OPTION_NO_POISON_SYSTEM_DIRECTORIES.
+ (ld_options): Add --no-poison-system-directories.
+ (parse_args): Handle new option.
+
+2007-04-20 Joseph Myers <joseph@codesourcery.com>
+
+ Merge from Sourcery G++ binutils 2.17:
+
+ 2007-03-20 Joseph Myers <joseph@codesourcery.com>
+ Based on patch by Mark Hatle <mark.hatle@windriver.com>.
+ ld/
+ * configure.in (--enable-poison-system-directories): New option.
+ * configure, config.in: Regenerate.
+ * ldfile.c (ldfile_add_library_path): If
+ ENABLE_POISON_SYSTEM_DIRECTORIES defined, warn for use of /lib,
+ /usr/lib, /usr/local/lib or /usr/X11R6/lib.
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+
+Index: b/ld/config.in
+===================================================================
+--- a/ld/config.in
++++ b/ld/config.in
+@@ -11,6 +11,9 @@
+ language is requested. */
+ #undef ENABLE_NLS
+
++/* Define to warn for use of native system library directories */
++#undef ENABLE_POISON_SYSTEM_DIRECTORIES
++
+ /* Additional extension a shared object might have. */
+ #undef EXTRA_SHLIB_EXTENSION
+
+Index: b/ld/configure
+===================================================================
+--- a/ld/configure
++++ b/ld/configure
+@@ -774,6 +774,7 @@
+ enable_targets
+ enable_64_bit_bfd
+ with_sysroot
++enable_poison_system_directories
+ enable_gold
+ enable_got
+ enable_werror
+@@ -1429,6 +1430,8 @@
+ (and sometimes confusing) to the casual installer
+ --enable-targets alternative target configurations
+ --enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes)
++ --enable-poison-system-directories
++ warn for use of native system library directories
+ --enable-gold[=ARG] build gold [ARG={default,yes,no}]
+ --enable-got=<type> GOT handling scheme (target, single, negative,
+ multigot)
+@@ -4339,7 +4342,18 @@
+ fi
+
+
++# Check whether --enable-poison-system-directories was given.
++if test "${enable_poison_system_directories+set}" = set; then :
++ enableval=$enable_poison_system_directories;
++else
++ enable_poison_system_directories=no
++fi
++
++if test "x${enable_poison_system_directories}" = "xyes"; then
+
++$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
++
++fi
+
+ # Check whether --enable-got was given.
+ if test "${enable_got+set}" = set; then :
+Index: b/ld/configure.in
+===================================================================
+--- a/ld/configure.in
++++ b/ld/configure.in
+@@ -87,6 +87,16 @@
+ AC_SUBST(TARGET_SYSTEM_ROOT)
+ AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE)
+
++AC_ARG_ENABLE([poison-system-directories],
++ AS_HELP_STRING([--enable-poison-system-directories],
++ [warn for use of native system library directories]),,
++ [enable_poison_system_directories=no])
++if test "x${enable_poison_system_directories}" = "xyes"; then
++ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
++ [1],
++ [Define to warn for use of native system library directories])
++fi
++
+ dnl Use --enable-gold to decide if this linker should be the default.
+ dnl "install_as_default" is set to false if gold is the default linker.
+ dnl "installed_linker" is the installed BFD linker name.
+Index: b/ld/ldfile.c
+===================================================================
+--- a/ld/ldfile.c
++++ b/ld/ldfile.c
+@@ -116,6 +116,23 @@
+ new_dirs->name = concat (ld_sysroot, name + 1, (const char *) NULL);
+ else
+ new_dirs->name = xstrdup (name);
++
++#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
++ if (command_line.poison_system_directories
++ && ((!strncmp (name, "/lib", 4))
++ || (!strncmp (name, "/usr/lib", 8))
++ || (!strncmp (name, "/usr/local/lib", 14))
++ || (!strncmp (name, "/usr/X11R6/lib", 14))))
++ {
++ if (command_line.error_poison_system_directories)
++ einfo (_("%X%P: error: library search path \"%s\" is unsafe for "
++ "cross-compilation\n"), name);
++ else
++ einfo (_("%P: warning: library search path \"%s\" is unsafe for "
++ "cross-compilation\n"), name);
++ }
++#endif
++
+ }
+
+ /* Try to open a BFD for a lang_input_statement. */
+Index: b/ld/ld.h
+===================================================================
+--- a/ld/ld.h
++++ b/ld/ld.h
+@@ -180,6 +180,14 @@
+ /* If TRUE we'll just print the default output on stdout. */
+ bfd_boolean print_output_format;
+
++ /* If TRUE (the default) warn for uses of system directories when
++ cross linking. */
++ bfd_boolean poison_system_directories;
++
++ /* If TRUE (default FALSE) give an error for uses of system
++ directories when cross linking instead of a warning. */
++ bfd_boolean error_poison_system_directories;
++
+ /* Big or little endian as set on command line. */
+ enum endian_enum endian;
+
+Index: b/ld/ldmain.c
+===================================================================
+--- a/ld/ldmain.c
++++ b/ld/ldmain.c
+@@ -266,6 +266,8 @@
+ command_line.warn_mismatch = TRUE;
+ command_line.warn_search_mismatch = TRUE;
+ command_line.check_section_addresses = -1;
++ command_line.poison_system_directories = TRUE;
++ command_line.error_poison_system_directories = FALSE;
+
+ /* We initialize DEMANGLING based on the environment variable
+ COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the
+Index: b/ld/ld.texinfo
+===================================================================
+--- a/ld/ld.texinfo
++++ b/ld/ld.texinfo
+@@ -2175,6 +2175,18 @@
+
+ Passing @code{none} for @var{style} disables the setting from any
+ @code{--build-id} options earlier on the command line.
++
++ at kindex --no-poison-system-directories
++ at item --no-poison-system-directories
++Do not warn for @option{-L} options using system directories such as
++ at file{/usr/lib} when cross linking. This option is intended for use
++in chroot environments when such directories contain the correct
++libraries for the target system rather than the host.
++
++ at kindex --error-poison-system-directories
++ at item --error-poison-system-directories
++Give an error instead of a warning for @option{-L} options using
++system directories when cross linking.
+ @end table
+
+ @c man end
+Index: b/ld/lexsup.c
+===================================================================
+--- a/ld/lexsup.c
++++ b/ld/lexsup.c
+@@ -507,6 +507,14 @@
+ OPTION_IGNORE_UNRESOLVED_SYMBOL},
+ '\0', N_("SYMBOL"),
+ N_("Unresolved SYMBOL will not cause an error or warning"), TWO_DASHES },
++ { {"no-poison-system-directories", no_argument, NULL,
++ OPTION_NO_POISON_SYSTEM_DIRECTORIES},
++ '\0', NULL, N_("Do not warn for -L options using system directories"),
++ TWO_DASHES },
++ { {"error-poison-system-directories", no_argument, NULL,
++ + OPTION_ERROR_POISON_SYSTEM_DIRECTORIES},
++ '\0', NULL, N_("Give an error for -L options using system directories"),
++ TWO_DASHES },
+ };
+
+ #define OPTION_COUNT ARRAY_SIZE (ld_options)
+@@ -519,6 +527,7 @@
+ int ingroup = 0;
+ char *default_dirlist = NULL;
+ char *shortopts;
++ char *BR_paranoid_env;
+ struct option *longopts;
+ struct option *really_longopts;
+ int last_optind;
+@@ -1442,9 +1451,21 @@
+ einfo (_("%P%X: --hash-size needs a numeric argument\n"));
+ }
+ break;
++
++ case OPTION_NO_POISON_SYSTEM_DIRECTORIES:
++ command_line.poison_system_directories = FALSE;
++ break;
++
++ case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES:
++ command_line.error_poison_system_directories = TRUE;
++ break;
+ }
+ }
+
++ BR_paranoid_env = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
++ if (BR_paranoid_env && strlen(BR_paranoid_env) > 0)
++ command_line.error_poison_system_directories = TRUE;
++
+ while (ingroup)
+ {
+ lang_leave_group ();
+Index: b/ld/ldlex.h
+===================================================================
+--- a/ld/ldlex.h
++++ b/ld/ldlex.h
+@@ -138,6 +138,8 @@
+ OPTION_DEFAULT_SCRIPT,
+ OPTION_PRINT_OUTPUT_FORMAT,
+ OPTION_IGNORE_UNRESOLVED_SYMBOL,
++ OPTION_NO_POISON_SYSTEM_DIRECTORIES,
++ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES,
+ };
+
+ /* The initial parser states. */
--
2.1.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [Buildroot] [PATCHv2 02/12] binutils/2.24: add patch to warn about unsafe library paths
2014-12-01 21:55 ` [Buildroot] [PATCHv2 02/12] binutils/2.24: add patch to warn about unsafe library paths Thomas Petazzoni
@ 2014-12-08 22:51 ` Romain Naour
0 siblings, 0 replies; 26+ messages in thread
From: Romain Naour @ 2014-12-08 22:51 UTC (permalink / raw)
To: buildroot
Hi Thomas,
Le 01/12/2014 22:55, Thomas Petazzoni a ?crit :
> This commit adds a patch to binutils borrowed from CodeSourcery/Yocto
> that warns about unsafe library paths (i.e /usr/lib, /usr/local/lib,
> etc.). The patch was adapted to binutils 2.24, and modified to support
> the BR_COMPILER_PARANOID_UNSAFE_PATH environment variable to error out
> instead of just warn when unsafe paths are used. Even though erroring
> out can be chosen by passing --error-poison-system-directories, we are
> not sure this option in LDFLAGS will always be passed, so having an
> environment variable guarantees it will always be passed, and also
> allows to have an identical behavior to the external toolchain
> wrapper.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> ---
Tested-by: Romain Naour <romain.naour@openwide.fr>
Tested with the following internal toolchain
BR2_i386=y
BR2_ARCH="i686"
BR2_ENDIAN="LITTLE"
BR2_GCC_TARGET_ARCH="i686"
BR2_ARCH_HAS_ATOMICS=y
BR2_x86_i686=y
BR2_COMPILER_PARANOID_UNSAFE_PATH=y
BR2_TOOLCHAIN=y
BR2_TOOLCHAIN_USES_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT=y
BR2_KERNEL_HEADERS_3_17=y
BR2_DEFAULT_KERNEL_HEADERS="3.17.4"
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT_LIBC="glibc"
BR2_PACKAGE_GLIBC=y
BR2_GLIBC_VERSION_2_20=y
BR2_GLIBC_VERSION_STRING="2.20"
BR2_BINUTILS_VERSION_2_24=y
BR2_BINUTILS_VERSION="2.24"
BR2_GCC_VERSION_4_9_X=y
BR2_GCC_VERSION="4.9.2"
and lmbench poisoned by LDFLAGS="-L/usr/lib $(LMBENCH_LDFLAGS)"
$ make O=test/paranoid-2/ lmbench
/home/naourr/git/buildroot/test/paranoid-2/host/usr/bin/i686-buildroot-linux-gnu-gcc
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -pipe -Os
-DHAVE_off64_t -DHAVE_lseek64 -DRUSAGE -DHAVE_uint=1 -DHAVE_int64_t=1
-DHAVE_pmap_clnt_h -DHAVE_socklen_t -DHAVE_DRAND48 -DHAVE_SCHED_SETAFFINITY=1
-L/usr/lib -o ../bin/i686/msleep msleep.c
/home/naourr/git/buildroot/test/paranoid-2/host/usr/lib/gcc/i686-buildroot-linux-gnu/4.9.2/../../../../i686-buildroot-linux-gnu/bin/ld:
error: library search path "/usr/lib" is unsafe for cross-compilation
gmake[2]: *** [../bin/i686/msleep] Erreur 1
Thanks,
--
Romain Naour
OPEN WIDE Ing?nierie - Paris
23/25, rue Daviel| 75013 PARIS
http://ingenierie.openwide.fr
Le blog des technologies libres et embarqu?es :
http://www.linuxembedded.fr
^ permalink raw reply [flat|nested] 26+ messages in thread
* [Buildroot] [PATCHv2 03/12] binutils/2.23: add patch to warn about unsafe library paths
2014-12-01 21:55 [Buildroot] [PATCHv2 00/12] Paranoid header and library path checking Thomas Petazzoni
2014-12-01 21:55 ` [Buildroot] [PATCHv2 01/12] toolchain-external: instrument wrapper to warn about unsafe paths Thomas Petazzoni
2014-12-01 21:55 ` [Buildroot] [PATCHv2 02/12] binutils/2.24: add patch to warn about unsafe library paths Thomas Petazzoni
@ 2014-12-01 21:55 ` Thomas Petazzoni
2014-12-06 17:23 ` Romain Naour
2014-12-08 22:51 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 04/12] binutils/2.22: " Thomas Petazzoni
` (8 subsequent siblings)
11 siblings, 2 replies; 26+ messages in thread
From: Thomas Petazzoni @ 2014-12-01 21:55 UTC (permalink / raw)
To: buildroot
This commit adds a patch to binutils borrowed from CodeSourcery/Yocto
that warns about unsafe library paths (i.e /usr/lib, /usr/local/lib,
etc.). The patch was adapted to binutils 2.23, and modified to support
the BR_COMPILER_PARANOID_UNSAFE_PATH environment variable to error out
instead of just warn when unsafe paths are used. Even though erroring
out can be chosen by passing --error-poison-system-directories, we are
not sure this option in LDFLAGS will always be passed, so having an
environment variable guarantees it will always be passed, and also
allows to have an identical behavior to the external toolchain
wrapper.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
.../2.23.2/600-poison-system-directories.patch | 279 +++++++++++++++++++++
1 file changed, 279 insertions(+)
create mode 100644 package/binutils/2.23.2/600-poison-system-directories.patch
diff --git a/package/binutils/2.23.2/600-poison-system-directories.patch b/package/binutils/2.23.2/600-poison-system-directories.patch
new file mode 100644
index 0000000..780e48e
--- /dev/null
+++ b/package/binutils/2.23.2/600-poison-system-directories.patch
@@ -0,0 +1,279 @@
+Patch adapted to binutils 2.23.2 and extended to use
+BR_COMPILER_PARANOID_UNSAFE_PATH by Thomas Petazzoni.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+
+Upstream-Status: Inappropriate [distribution: codesourcery]
+
+Patch originally created by Mark Hatle, forward-ported to
+binutils 2.21 by Scott Garman.
+
+purpose: warn for uses of system directories when cross linking
+
+Code Merged from Sourcery G++ binutils 2.19 - 4.4-277
+
+2008-07-02 Joseph Myers <joseph@codesourcery.com>
+
+ ld/
+ * ld.h (args_type): Add error_poison_system_directories.
+ * ld.texinfo (--error-poison-system-directories): Document.
+ * ldfile.c (ldfile_add_library_path): Check
+ command_line.error_poison_system_directories.
+ * ldmain.c (main): Initialize
+ command_line.error_poison_system_directories.
+ * lexsup.c (enum option_values): Add
+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES.
+ (ld_options): Add --error-poison-system-directories.
+ (parse_args): Handle new option.
+
+2007-06-13 Joseph Myers <joseph@codesourcery.com>
+
+ ld/
+ * config.in: Regenerate.
+ * ld.h (args_type): Add poison_system_directories.
+ * ld.texinfo (--no-poison-system-directories): Document.
+ * ldfile.c (ldfile_add_library_path): Check
+ command_line.poison_system_directories.
+ * ldmain.c (main): Initialize
+ command_line.poison_system_directories.
+ * lexsup.c (enum option_values): Add
+ OPTION_NO_POISON_SYSTEM_DIRECTORIES.
+ (ld_options): Add --no-poison-system-directories.
+ (parse_args): Handle new option.
+
+2007-04-20 Joseph Myers <joseph@codesourcery.com>
+
+ Merge from Sourcery G++ binutils 2.17:
+
+ 2007-03-20 Joseph Myers <joseph@codesourcery.com>
+ Based on patch by Mark Hatle <mark.hatle@windriver.com>.
+ ld/
+ * configure.in (--enable-poison-system-directories): New option.
+ * configure, config.in: Regenerate.
+ * ldfile.c (ldfile_add_library_path): If
+ ENABLE_POISON_SYSTEM_DIRECTORIES defined, warn for use of /lib,
+ /usr/lib, /usr/local/lib or /usr/X11R6/lib.
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+
+Index: b/ld/config.in
+===================================================================
+--- a/ld/config.in
++++ b/ld/config.in
+@@ -11,6 +11,9 @@
+ language is requested. */
+ #undef ENABLE_NLS
+
++/* Define to warn for use of native system library directories */
++#undef ENABLE_POISON_SYSTEM_DIRECTORIES
++
+ /* Additional extension a shared object might have. */
+ #undef EXTRA_SHLIB_EXTENSION
+
+Index: b/ld/configure
+===================================================================
+--- a/ld/configure
++++ b/ld/configure
+@@ -773,6 +773,7 @@
+ enable_targets
+ enable_64_bit_bfd
+ with_sysroot
++enable_poison_system_directories
+ enable_gold
+ enable_got
+ enable_werror
+@@ -1428,6 +1429,8 @@
+ (and sometimes confusing) to the casual installer
+ --enable-targets alternative target configurations
+ --enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes)
++ --enable-poison-system-directories
++ warn for use of native system library directories
+ --enable-gold[=ARG] build gold [ARG={default,yes,no}]
+ --enable-got=<type> GOT handling scheme (target, single, negative,
+ multigot)
+@@ -4338,7 +4341,18 @@
+ fi
+
+
++# Check whether --enable-poison-system-directories was given.
++if test "${enable_poison_system_directories+set}" = set; then :
++ enableval=$enable_poison_system_directories;
++else
++ enable_poison_system_directories=no
++fi
++
++if test "x${enable_poison_system_directories}" = "xyes"; then
+
++$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
++
++fi
+
+ # Check whether --enable-got was given.
+ if test "${enable_got+set}" = set; then :
+Index: b/ld/configure.in
+===================================================================
+--- a/ld/configure.in
++++ b/ld/configure.in
+@@ -70,6 +70,16 @@
+ AC_SUBST(TARGET_SYSTEM_ROOT)
+ AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE)
+
++AC_ARG_ENABLE([poison-system-directories],
++ AS_HELP_STRING([--enable-poison-system-directories],
++ [warn for use of native system library directories]),,
++ [enable_poison_system_directories=no])
++if test "x${enable_poison_system_directories}" = "xyes"; then
++ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
++ [1],
++ [Define to warn for use of native system library directories])
++fi
++
+ dnl Use --enable-gold to decide if this linker should be the default.
+ dnl "install_as_default" is set to false if gold is the default linker.
+ dnl "installed_linker" is the installed BFD linker name.
+Index: b/ld/ldfile.c
+===================================================================
+--- a/ld/ldfile.c
++++ b/ld/ldfile.c
+@@ -116,6 +116,23 @@
+ new_dirs->name = concat (ld_sysroot, name + 1, (const char *) NULL);
+ else
+ new_dirs->name = xstrdup (name);
++
++#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
++ if (command_line.poison_system_directories
++ && ((!strncmp (name, "/lib", 4))
++ || (!strncmp (name, "/usr/lib", 8))
++ || (!strncmp (name, "/usr/local/lib", 14))
++ || (!strncmp (name, "/usr/X11R6/lib", 14))))
++ {
++ if (command_line.error_poison_system_directories)
++ einfo (_("%X%P: error: library search path \"%s\" is unsafe for "
++ "cross-compilation\n"), name);
++ else
++ einfo (_("%P: warning: library search path \"%s\" is unsafe for "
++ "cross-compilation\n"), name);
++ }
++#endif
++
+ }
+
+ /* Try to open a BFD for a lang_input_statement. */
+Index: b/ld/ld.h
+===================================================================
+--- a/ld/ld.h
++++ b/ld/ld.h
+@@ -203,6 +203,14 @@
+ /* If TRUE we'll just print the default output on stdout. */
+ bfd_boolean print_output_format;
+
++ /* If TRUE (the default) warn for uses of system directories when
++ cross linking. */
++ bfd_boolean poison_system_directories;
++
++ /* If TRUE (default FALSE) give an error for uses of system
++ directories when cross linking instead of a warning. */
++ bfd_boolean error_poison_system_directories;
++
+ /* Big or little endian as set on command line. */
+ enum endian_enum endian;
+
+Index: b/ld/ldmain.c
+===================================================================
+--- a/ld/ldmain.c
++++ b/ld/ldmain.c
+@@ -265,6 +265,8 @@
+ command_line.warn_search_mismatch = TRUE;
+ command_line.check_section_addresses = -1;
+ command_line.disable_target_specific_optimizations = -1;
++ command_line.poison_system_directories = TRUE;
++ command_line.error_poison_system_directories = FALSE;
+
+ /* We initialize DEMANGLING based on the environment variable
+ COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the
+Index: b/ld/ld.texinfo
+===================================================================
+--- a/ld/ld.texinfo
++++ b/ld/ld.texinfo
+@@ -2154,6 +2154,18 @@
+
+ Passing @code{none} for @var{style} disables the setting from any
+ @code{--build-id} options earlier on the command line.
++
++ at kindex --no-poison-system-directories
++ at item --no-poison-system-directories
++Do not warn for @option{-L} options using system directories such as
++ at file{/usr/lib} when cross linking. This option is intended for use
++in chroot environments when such directories contain the correct
++libraries for the target system rather than the host.
++
++ at kindex --error-poison-system-directories
++ at item --error-poison-system-directories
++Give an error instead of a warning for @option{-L} options using
++system directories when cross linking.
+ @end table
+
+ @c man end
+Index: b/ld/lexsup.c
+===================================================================
+--- a/ld/lexsup.c
++++ b/ld/lexsup.c
+@@ -498,6 +498,14 @@
+ TWO_DASHES },
+ { {"wrap", required_argument, NULL, OPTION_WRAP},
+ '\0', N_("SYMBOL"), N_("Use wrapper functions for SYMBOL"), TWO_DASHES },
++ { {"no-poison-system-directories", no_argument, NULL,
++ OPTION_NO_POISON_SYSTEM_DIRECTORIES},
++ '\0', NULL, N_("Do not warn for -L options using system directories"),
++ TWO_DASHES },
++ { {"error-poison-system-directories", no_argument, NULL,
++ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES},
++ '\0', NULL, N_("Give an error for -L options using system directories"),
++ TWO_DASHES },
+ };
+
+ #define OPTION_COUNT ARRAY_SIZE (ld_options)
+@@ -510,6 +518,7 @@
+ int ingroup = 0;
+ char *default_dirlist = NULL;
+ char *shortopts;
++ char *BR_paranoid_env;
+ struct option *longopts;
+ struct option *really_longopts;
+ int last_optind;
+@@ -1427,9 +1436,21 @@
+ einfo (_("%P%X: --hash-size needs a numeric argument\n"));
+ }
+ break;
++
++ case OPTION_NO_POISON_SYSTEM_DIRECTORIES:
++ command_line.poison_system_directories = FALSE;
++ break;
++
++ case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES:
++ command_line.error_poison_system_directories = TRUE;
++ break;
+ }
+ }
+
++ BR_paranoid_env = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
++ if (BR_paranoid_env && strlen(BR_paranoid_env) > 0)
++ command_line.error_poison_system_directories = TRUE;
++
+ while (ingroup)
+ {
+ lang_leave_group ();
+Index: b/ld/ldlex.h
+===================================================================
+--- a/ld/ldlex.h
++++ b/ld/ldlex.h
+@@ -136,6 +136,8 @@
+ #endif /* ENABLE_PLUGINS */
+ OPTION_DEFAULT_SCRIPT,
+ OPTION_PRINT_OUTPUT_FORMAT,
++ OPTION_NO_POISON_SYSTEM_DIRECTORIES,
++ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES,
+ };
+
+ /* The initial parser states. */
--
2.1.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [Buildroot] [PATCHv2 03/12] binutils/2.23: add patch to warn about unsafe library paths
2014-12-01 21:55 ` [Buildroot] [PATCHv2 03/12] binutils/2.23: " Thomas Petazzoni
@ 2014-12-06 17:23 ` Romain Naour
2014-12-08 21:55 ` Romain Naour
2014-12-08 22:51 ` Romain Naour
1 sibling, 1 reply; 26+ messages in thread
From: Romain Naour @ 2014-12-06 17:23 UTC (permalink / raw)
To: buildroot
Hi Thomas,
Le 01/12/2014 22:55, Thomas Petazzoni a ?crit :
> This commit adds a patch to binutils borrowed from CodeSourcery/Yocto
> that warns about unsafe library paths (i.e /usr/lib, /usr/local/lib,
> etc.). The patch was adapted to binutils 2.23, and modified to support
> the BR_COMPILER_PARANOID_UNSAFE_PATH environment variable to error out
> instead of just warn when unsafe paths are used. Even though erroring
> out can be chosen by passing --error-poison-system-directories, we are
> not sure this option in LDFLAGS will always be passed, so having an
> environment variable guarantees it will always be passed, and also
> allows to have an identical behavior to the external toolchain
> wrapper.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> ---
Tested-by: Romain Naour <romain.naour@openwide.fr>
Tested with the following internal toolchain
BR2_i386=y
BR2_ARCH="i686"
BR2_ENDIAN="LITTLE"
BR2_GCC_TARGET_ARCH="i686"
BR2_ARCH_HAS_ATOMICS=y
BR2_x86_i686=y
BR2_COMPILER_PARANOID_UNSAFE_PATH=y
BR2_TOOLCHAIN=y
BR2_TOOLCHAIN_USES_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT=y
BR2_KERNEL_HEADERS_3_17=y
BR2_DEFAULT_KERNEL_HEADERS="3.17.4"
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT_LIBC="glibc"
BR2_PACKAGE_GLIBC=y
BR2_GLIBC_VERSION_2_20=y
BR2_GLIBC_VERSION_STRING="2.20"
BR2_BINUTILS_VERSION_2_23_2=y
BR2_BINUTILS_VERSION="2.23.2"
BR2_GCC_VERSION_4_8_X=y
BR2_GCC_VERSION="4.8.3"
$ make O=test/paranoid-3/ iprutils
/home/naourr/git/buildroot/test/paranoid-3/host/usr/bin/i686-buildroot-linux-gnu-gcc
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -pipe -Os
-Wall -DIPR_MAJOR_RELEASE=2 -DIPR_MINOR_RELEASE=4 -DIPR_FIX_LEVEL=2
-DIPR_FIX_DATE='"(June 10, 2014)"' -DIPR_VERSION_STR='"2.4.2 (June 10, 2014)"'
-DIPR_RELEASE=1 -I. -I/usr/include/ncurses -o iprlib.o -c iprlib.c
cc1: erreur: include location "/usr/include/ncurses" is unsafe for
cross-compilation [-Werror=poison-system-directories]
cc1: some warnings being treated as errors
make[1]: *** [iprlib.o] Erreur 1
Thanks
--
Romain Naour
OPEN WIDE Ing?nierie - Paris
23/25, rue Daviel| 75013 PARIS
http://ingenierie.openwide.fr
Le blog des technologies libres et embarqu?es :
http://www.linuxembedded.fr
^ permalink raw reply [flat|nested] 26+ messages in thread
* [Buildroot] [PATCHv2 03/12] binutils/2.23: add patch to warn about unsafe library paths
2014-12-06 17:23 ` Romain Naour
@ 2014-12-08 21:55 ` Romain Naour
0 siblings, 0 replies; 26+ messages in thread
From: Romain Naour @ 2014-12-08 21:55 UTC (permalink / raw)
To: buildroot
Hello,
Le 06/12/2014 18:23, Romain Naour a ?crit :
> Hi Thomas,
>
> Le 01/12/2014 22:55, Thomas Petazzoni a ?crit :
>> This commit adds a patch to binutils borrowed from CodeSourcery/Yocto
>> that warns about unsafe library paths (i.e /usr/lib, /usr/local/lib,
>> etc.). The patch was adapted to binutils 2.23, and modified to support
>> the BR_COMPILER_PARANOID_UNSAFE_PATH environment variable to error out
>> instead of just warn when unsafe paths are used. Even though erroring
>> out can be chosen by passing --error-poison-system-directories, we are
>> not sure this option in LDFLAGS will always be passed, so having an
>> environment variable guarantees it will always be passed, and also
>> allows to have an identical behavior to the external toolchain
>> wrapper.
>>
>> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
>> ---
>
> Tested-by: Romain Naour <romain.naour@openwide.fr>
>
> Tested with the following internal toolchain
Please ignore this email, I accidentally sent the mail...
Thanks,
Romain Naour
^ permalink raw reply [flat|nested] 26+ messages in thread
* [Buildroot] [PATCHv2 03/12] binutils/2.23: add patch to warn about unsafe library paths
2014-12-01 21:55 ` [Buildroot] [PATCHv2 03/12] binutils/2.23: " Thomas Petazzoni
2014-12-06 17:23 ` Romain Naour
@ 2014-12-08 22:51 ` Romain Naour
1 sibling, 0 replies; 26+ messages in thread
From: Romain Naour @ 2014-12-08 22:51 UTC (permalink / raw)
To: buildroot
Hello Thomas,
Le 01/12/2014 22:55, Thomas Petazzoni a ?crit :
> This commit adds a patch to binutils borrowed from CodeSourcery/Yocto
> that warns about unsafe library paths (i.e /usr/lib, /usr/local/lib,
> etc.). The patch was adapted to binutils 2.23, and modified to support
> the BR_COMPILER_PARANOID_UNSAFE_PATH environment variable to error out
> instead of just warn when unsafe paths are used. Even though erroring
> out can be chosen by passing --error-poison-system-directories, we are
> not sure this option in LDFLAGS will always be passed, so having an
> environment variable guarantees it will always be passed, and also
> allows to have an identical behavior to the external toolchain
> wrapper.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> ---
Tested-by: Romain Naour <romain.naour@openwide.fr>
Tested with the following internal toolchain
BR2_i386=y
BR2_ARCH="i686"
BR2_ENDIAN="LITTLE"
BR2_GCC_TARGET_ARCH="i686"
BR2_ARCH_HAS_ATOMICS=y
BR2_x86_i686=y
BR2_COMPILER_PARANOID_UNSAFE_PATH=y
BR2_TOOLCHAIN=y
BR2_TOOLCHAIN_USES_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT=y
BR2_KERNEL_HEADERS_3_17=y
BR2_DEFAULT_KERNEL_HEADERS="3.17.4"
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT_LIBC="glibc"
BR2_PACKAGE_GLIBC=y
BR2_GLIBC_VERSION_2_20=y
BR2_GLIBC_VERSION_STRING="2.20"
BR2_BINUTILS_VERSION_2_23_2=y
BR2_BINUTILS_VERSION="2.23.2"
BR2_GCC_VERSION_4_8_X=y
BR2_GCC_VERSION="4.8.3"
and lmbench poisoned by LDFLAGS="-L/usr/lib $(LMBENCH_LDFLAGS)"
$ make O=test/paranoid-3/ lmbench
/home/naourr/git/buildroot/test/paranoid-3/host/usr/bin/i686-buildroot-linux-gnu-gcc
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -pipe -Os
-DHAVE_off64_t -DHAVE_lseek64 -DRUSAGE -DHAVE_uint=1 -DHAVE_int64_t=1
-DHAVE_pmap_clnt_h -DHAVE_socklen_t -DHAVE_DRAND48 -DHAVE_SCHED_SETAFFINITY=1
-L/usr/lib -o ../bin/i686/msleep msleep.c
/home/naourr/git/buildroot/test/paranoid-3/host/usr/lib/gcc/i686-buildroot-linux-gnu/4.8.3/../../../../i686-buildroot-linux-gnu/bin/ld:
error: library search path "/usr/lib" is unsafe for cross-compilation
gmake[2]: *** [../bin/i686/msleep] Erreur 1
--
Romain Naour
OPEN WIDE Ing?nierie - Paris
23/25, rue Daviel| 75013 PARIS
http://ingenierie.openwide.fr
Le blog des technologies libres et embarqu?es :
http://www.linuxembedded.fr
^ permalink raw reply [flat|nested] 26+ messages in thread
* [Buildroot] [PATCHv2 04/12] binutils/2.22: add patch to warn about unsafe library paths
2014-12-01 21:55 [Buildroot] [PATCHv2 00/12] Paranoid header and library path checking Thomas Petazzoni
` (2 preceding siblings ...)
2014-12-01 21:55 ` [Buildroot] [PATCHv2 03/12] binutils/2.23: " Thomas Petazzoni
@ 2014-12-01 21:55 ` Thomas Petazzoni
2014-12-08 22:51 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 05/12] binutils/arc-4.8-R3: " Thomas Petazzoni
` (7 subsequent siblings)
11 siblings, 1 reply; 26+ messages in thread
From: Thomas Petazzoni @ 2014-12-01 21:55 UTC (permalink / raw)
To: buildroot
This commit adds a patch to binutils borrowed from CodeSourcery/Yocto
that warns about unsafe library paths (i.e /usr/lib, /usr/local/lib,
etc.). The patch was adapted to binutils 2.22, and modified to support
the BR_COMPILER_PARANOID_UNSAFE_PATH environment variable to error out
instead of just warn when unsafe paths are used. Even though erroring
out can be chosen by passing --error-poison-system-directories, we are
not sure this option in LDFLAGS will always be passed, so having an
environment variable guarantees it will always be passed, and also
allows to have an identical behavior to the external toolchain
wrapper.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
.../2.22/600-poison-system-directories.patch | 274 +++++++++++++++++++++
1 file changed, 274 insertions(+)
create mode 100644 package/binutils/2.22/600-poison-system-directories.patch
diff --git a/package/binutils/2.22/600-poison-system-directories.patch b/package/binutils/2.22/600-poison-system-directories.patch
new file mode 100644
index 0000000..b9ff8be
--- /dev/null
+++ b/package/binutils/2.22/600-poison-system-directories.patch
@@ -0,0 +1,274 @@
+Patch adapted to binutils 2.23.2 and extended to use
+BR_COMPILER_PARANOID_UNSAFE_PATH by Thomas Petazzoni.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+
+Upstream-Status: Inappropriate [distribution: codesourcery]
+
+Patch originally created by Mark Hatle, forward-ported to
+binutils 2.21 by Scott Garman.
+
+purpose: warn for uses of system directories when cross linking
+
+Code Merged from Sourcery G++ binutils 2.19 - 4.4-277
+
+2008-07-02 Joseph Myers <joseph@codesourcery.com>
+
+ ld/
+ * ld.h (args_type): Add error_poison_system_directories.
+ * ld.texinfo (--error-poison-system-directories): Document.
+ * ldfile.c (ldfile_add_library_path): Check
+ command_line.error_poison_system_directories.
+ * ldmain.c (main): Initialize
+ command_line.error_poison_system_directories.
+ * lexsup.c (enum option_values): Add
+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES.
+ (ld_options): Add --error-poison-system-directories.
+ (parse_args): Handle new option.
+
+2007-06-13 Joseph Myers <joseph@codesourcery.com>
+
+ ld/
+ * config.in: Regenerate.
+ * ld.h (args_type): Add poison_system_directories.
+ * ld.texinfo (--no-poison-system-directories): Document.
+ * ldfile.c (ldfile_add_library_path): Check
+ command_line.poison_system_directories.
+ * ldmain.c (main): Initialize
+ command_line.poison_system_directories.
+ * lexsup.c (enum option_values): Add
+ OPTION_NO_POISON_SYSTEM_DIRECTORIES.
+ (ld_options): Add --no-poison-system-directories.
+ (parse_args): Handle new option.
+
+2007-04-20 Joseph Myers <joseph@codesourcery.com>
+
+ Merge from Sourcery G++ binutils 2.17:
+
+ 2007-03-20 Joseph Myers <joseph@codesourcery.com>
+ Based on patch by Mark Hatle <mark.hatle@windriver.com>.
+ ld/
+ * configure.in (--enable-poison-system-directories): New option.
+ * configure, config.in: Regenerate.
+ * ldfile.c (ldfile_add_library_path): If
+ ENABLE_POISON_SYSTEM_DIRECTORIES defined, warn for use of /lib,
+ /usr/lib, /usr/local/lib or /usr/X11R6/lib.
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+
+Index: b/ld/config.in
+===================================================================
+--- a/ld/config.in
++++ b/ld/config.in
+@@ -4,6 +4,9 @@
+ language is requested. */
+ #undef ENABLE_NLS
+
++/* Define to warn for use of native system library directories */
++#undef ENABLE_POISON_SYSTEM_DIRECTORIES
++
+ /* Additional extension a shared object might have. */
+ #undef EXTRA_SHLIB_EXTENSION
+
+Index: b/ld/configure
+===================================================================
+--- a/ld/configure
++++ b/ld/configure
+@@ -773,6 +773,7 @@
+ enable_targets
+ enable_64_bit_bfd
+ with_sysroot
++enable_poison_system_directories
+ enable_gold
+ enable_got
+ enable_werror
+@@ -1427,6 +1428,8 @@
+ (and sometimes confusing) to the casual installer
+ --enable-targets alternative target configurations
+ --enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes)
++ --enable-poison-system-directories
++ warn for use of native system library directories
+ --enable-gold[=ARG] build gold [ARG={default,yes,no}]
+ --enable-got=<type> GOT handling scheme (target, single, negative,
+ multigot)
+@@ -4336,7 +4339,18 @@
+ fi
+
+
++# Check whether --enable-poison-system-directories was given.
++if test "${enable_poison_system_directories+set}" = set; then :
++ enableval=$enable_poison_system_directories;
++else
++ enable_poison_system_directories=no
++fi
++
++if test "x${enable_poison_system_directories}" = "xyes"; then
+
++$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
++
++fi
+
+ # Check whether --enable-got was given.
+ if test "${enable_got+set}" = set; then :
+Index: b/ld/configure.in
+===================================================================
+--- a/ld/configure.in
++++ b/ld/configure.in
+@@ -70,6 +70,16 @@
+ AC_SUBST(TARGET_SYSTEM_ROOT)
+ AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE)
+
++AC_ARG_ENABLE([poison-system-directories],
++ AS_HELP_STRING([--enable-poison-system-directories],
++ [warn for use of native system library directories]),,
++ [enable_poison_system_directories=no])
++if test "x${enable_poison_system_directories}" = "xyes"; then
++ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
++ [1],
++ [Define to warn for use of native system library directories])
++fi
++
+ dnl Use --enable-gold to decide if this linker should be the default.
+ dnl "install_as_default" is set to false if gold is the default linker.
+ dnl "installed_linker" is the installed BFD linker name.
+Index: b/ld/ldfile.c
+===================================================================
+--- a/ld/ldfile.c
++++ b/ld/ldfile.c
+@@ -126,6 +126,22 @@
+ new_dirs->name = xstrdup (name);
+ new_dirs->sysrooted = is_sysrooted_pathname (name, FALSE);
+ }
++
++#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
++ if (command_line.poison_system_directories
++ && ((!strncmp (name, "/lib", 4))
++ || (!strncmp (name, "/usr/lib", 8))
++ || (!strncmp (name, "/usr/local/lib", 14))
++ || (!strncmp (name, "/usr/X11R6/lib", 14))))
++ {
++ if (command_line.error_poison_system_directories)
++ einfo (_("%X%P: error: library search path \"%s\" is unsafe for "
++ "cross-compilation\n"), name);
++ else
++ einfo (_("%P: warning: library search path \"%s\" is unsafe for "
++ "cross-compilation\n"), name);
++ }
++#endif
+ }
+
+ /* Try to open a BFD for a lang_input_statement. */
+Index: b/ld/ld.h
+===================================================================
+--- a/ld/ld.h
++++ b/ld/ld.h
+@@ -203,6 +203,14 @@
+ /* If TRUE we'll just print the default output on stdout. */
+ bfd_boolean print_output_format;
+
++ /* If TRUE (the default) warn for uses of system directories when
++ cross linking. */
++ bfd_boolean poison_system_directories;
++
++ /* If TRUE (default FALSE) give an error for uses of system
++ directories when cross linking instead of a warning. */
++ bfd_boolean error_poison_system_directories;
++
+ /* Big or little endian as set on command line. */
+ enum endian_enum endian;
+
+Index: b/ld/ldmain.c
+===================================================================
+--- a/ld/ldmain.c
++++ b/ld/ldmain.c
+@@ -259,6 +259,8 @@
+ command_line.warn_search_mismatch = TRUE;
+ command_line.check_section_addresses = -1;
+ command_line.disable_target_specific_optimizations = -1;
++ command_line.poison_system_directories = TRUE;
++ command_line.error_poison_system_directories = FALSE;
+
+ /* We initialize DEMANGLING based on the environment variable
+ COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the
+Index: b/ld/ld.texinfo
+===================================================================
+--- a/ld/ld.texinfo
++++ b/ld/ld.texinfo
+@@ -2147,6 +2147,18 @@
+
+ Passing @code{none} for @var{style} disables the setting from any
+ @code{--build-id} options earlier on the command line.
++
++ at kindex --no-poison-system-directories
++ at item --no-poison-system-directories
++Do not warn for @option{-L} options using system directories such as
++ at file{/usr/lib} when cross linking. This option is intended for use
++in chroot environments when such directories contain the correct
++libraries for the target system rather than the host.
++
++ at kindex --error-poison-system-directories
++ at item --error-poison-system-directories
++Give an error instead of a warning for @option{-L} options using
++system directories when cross linking.
+ @end table
+
+ @c man end
+Index: b/ld/lexsup.c
+===================================================================
+--- a/ld/lexsup.c
++++ b/ld/lexsup.c
+@@ -176,6 +176,8 @@
+ #endif /* ENABLE_PLUGINS */
+ OPTION_DEFAULT_SCRIPT,
+ OPTION_PRINT_OUTPUT_FORMAT,
++ OPTION_NO_POISON_SYSTEM_DIRECTORIES,
++ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES,
+ };
+
+ /* The long options. This structure is used for both the option
+@@ -612,6 +614,14 @@
+ TWO_DASHES },
+ { {"wrap", required_argument, NULL, OPTION_WRAP},
+ '\0', N_("SYMBOL"), N_("Use wrapper functions for SYMBOL"), TWO_DASHES },
++ { {"no-poison-system-directories", no_argument, NULL,
++ OPTION_NO_POISON_SYSTEM_DIRECTORIES},
++ '\0', NULL, N_("Do not warn for -L options using system directories"),
++ TWO_DASHES },
++ { {"error-poison-system-directories", no_argument, NULL,
++ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES},
++ '\0', NULL, N_("Give an error for -L options using system directories"),
++ TWO_DASHES },
+ };
+
+ #define OPTION_COUNT ARRAY_SIZE (ld_options)
+@@ -624,6 +634,7 @@
+ int ingroup = 0;
+ char *default_dirlist = NULL;
+ char *shortopts;
++ char *BR_paranoid_env;
+ struct option *longopts;
+ struct option *really_longopts;
+ int last_optind;
+@@ -1541,9 +1552,21 @@
+ einfo (_("%P%X: --hash-size needs a numeric argument\n"));
+ }
+ break;
++
++ case OPTION_NO_POISON_SYSTEM_DIRECTORIES:
++ command_line.poison_system_directories = FALSE;
++ break;
++
++ case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES:
++ command_line.error_poison_system_directories = TRUE;
++ break;
+ }
+ }
+
++ BR_paranoid_env = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
++ if (BR_paranoid_env && strlen(BR_paranoid_env) > 0)
++ command_line.error_poison_system_directories = TRUE;
++
+ while (ingroup)
+ {
+ lang_leave_group ();
--
2.1.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [Buildroot] [PATCHv2 04/12] binutils/2.22: add patch to warn about unsafe library paths
2014-12-01 21:55 ` [Buildroot] [PATCHv2 04/12] binutils/2.22: " Thomas Petazzoni
@ 2014-12-08 22:51 ` Romain Naour
0 siblings, 0 replies; 26+ messages in thread
From: Romain Naour @ 2014-12-08 22:51 UTC (permalink / raw)
To: buildroot
Hi Thomas,
Le 01/12/2014 22:55, Thomas Petazzoni a ?crit :
> This commit adds a patch to binutils borrowed from CodeSourcery/Yocto
> that warns about unsafe library paths (i.e /usr/lib, /usr/local/lib,
> etc.). The patch was adapted to binutils 2.22, and modified to support
> the BR_COMPILER_PARANOID_UNSAFE_PATH environment variable to error out
> instead of just warn when unsafe paths are used. Even though erroring
> out can be chosen by passing --error-poison-system-directories, we are
> not sure this option in LDFLAGS will always be passed, so having an
> environment variable guarantees it will always be passed, and also
> allows to have an identical behavior to the external toolchain
> wrapper.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> ---
Tested-by: Romain Naour <romain.naour@openwide.fr>
Tested with the following internal toolchain
BR2_i386=y
BR2_ARCH="i686"
BR2_ENDIAN="LITTLE"
BR2_GCC_TARGET_ARCH="i686"
BR2_ARCH_HAS_ATOMICS=y
BR2_x86_i686=y
BR2_COMPILER_PARANOID_UNSAFE_PATH=y
BR2_TOOLCHAIN=y
BR2_TOOLCHAIN_USES_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT=y
BR2_KERNEL_HEADERS_3_17=y
BR2_DEFAULT_KERNEL_HEADERS="3.17.4"
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT_LIBC="glibc"
BR2_PACKAGE_GLIBC=y
BR2_GLIBC_VERSION_2_20=y
BR2_GLIBC_VERSION_STRING="2.20"
BR2_BINUTILS_VERSION_2_22=y
BR2_BINUTILS_VERSION="2.22"
BR2_GCC_VERSION_4_7_X=y
BR2_GCC_VERSION="4.7.4"
and lmbench poisoned by LDFLAGS="-L/usr/lib $(LMBENCH_LDFLAGS)"
$ make O=test/paranoid-4/ lmbench
/home/naourr/git/buildroot/test/paranoid-4/host/usr/bin/i686-buildroot-linux-gnu-gcc
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -pipe -Os
-DHAVE_off64_t -DHAVE_lseek64 -DRUSAGE -DHAVE_uint=1 -DHAVE_int64_t=1
-DHAVE_pmap_clnt_h -DHAVE_socklen_t -DHAVE_DRAND48 -DHAVE_SCHED_SETAFFINITY=1
-L/usr/lib -o ../bin/i686/msleep msleep.c
/home/naourr/git/buildroot/test/paranoid-4/host/usr/lib/gcc/i686-buildroot-linux-gnu/4.7.4/../../../../i686-buildroot-linux-gnu/bin/ld:
error: library search path "/usr/lib" is unsafe for cross-compilation
gmake[2]: *** [../bin/i686/msleep] Erreur 1
Thanks,
--
Romain Naour
OPEN WIDE Ing?nierie - Paris
23/25, rue Daviel| 75013 PARIS
http://ingenierie.openwide.fr
Le blog des technologies libres et embarqu?es :
http://www.linuxembedded.fr
^ permalink raw reply [flat|nested] 26+ messages in thread
* [Buildroot] [PATCHv2 05/12] binutils/arc-4.8-R3: add patch to warn about unsafe library paths
2014-12-01 21:55 [Buildroot] [PATCHv2 00/12] Paranoid header and library path checking Thomas Petazzoni
` (3 preceding siblings ...)
2014-12-01 21:55 ` [Buildroot] [PATCHv2 04/12] binutils/2.22: " Thomas Petazzoni
@ 2014-12-01 21:55 ` Thomas Petazzoni
2014-12-08 22:58 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 06/12] gcc/4.9: add patch to warn about unsafe header paths Thomas Petazzoni
` (6 subsequent siblings)
11 siblings, 1 reply; 26+ messages in thread
From: Thomas Petazzoni @ 2014-12-01 21:55 UTC (permalink / raw)
To: buildroot
This commit adds a patch to binutils borrowed from CodeSourcery/Yocto
that warns about unsafe library paths (i.e /usr/lib, /usr/local/lib,
etc.). The patch was adapted to binutils arc-4.8-R3, and modified to
support the BR_COMPILER_PARANOID_UNSAFE_PATH environment variable to
error out instead of just warn when unsafe paths are used. Even though
erroring out can be chosen by passing
--error-poison-system-directories, we are not sure this option in
LDFLAGS will always be passed, so having an environment variable
guarantees it will always be passed, and also allows to have an
identical behavior to the external toolchain wrapper.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
.../arc-4.8-R3/600-poison-system-directories.patch | 279 +++++++++++++++++++++
1 file changed, 279 insertions(+)
create mode 100644 package/binutils/arc-4.8-R3/600-poison-system-directories.patch
diff --git a/package/binutils/arc-4.8-R3/600-poison-system-directories.patch b/package/binutils/arc-4.8-R3/600-poison-system-directories.patch
new file mode 100644
index 0000000..8a3bdc6
--- /dev/null
+++ b/package/binutils/arc-4.8-R3/600-poison-system-directories.patch
@@ -0,0 +1,279 @@
+Patch adapted to binutils arc-4.8-R3 and extended to use
+BR_COMPILER_PARANOID_UNSAFE_PATH by Thomas Petazzoni.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+
+Upstream-Status: Inappropriate [distribution: codesourcery]
+
+Patch originally created by Mark Hatle, forward-ported to
+binutils 2.21 by Scott Garman.
+
+purpose: warn for uses of system directories when cross linking
+
+Code Merged from Sourcery G++ binutils 2.19 - 4.4-277
+
+2008-07-02 Joseph Myers <joseph@codesourcery.com>
+
+ ld/
+ * ld.h (args_type): Add error_poison_system_directories.
+ * ld.texinfo (--error-poison-system-directories): Document.
+ * ldfile.c (ldfile_add_library_path): Check
+ command_line.error_poison_system_directories.
+ * ldmain.c (main): Initialize
+ command_line.error_poison_system_directories.
+ * lexsup.c (enum option_values): Add
+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES.
+ (ld_options): Add --error-poison-system-directories.
+ (parse_args): Handle new option.
+
+2007-06-13 Joseph Myers <joseph@codesourcery.com>
+
+ ld/
+ * config.in: Regenerate.
+ * ld.h (args_type): Add poison_system_directories.
+ * ld.texinfo (--no-poison-system-directories): Document.
+ * ldfile.c (ldfile_add_library_path): Check
+ command_line.poison_system_directories.
+ * ldmain.c (main): Initialize
+ command_line.poison_system_directories.
+ * lexsup.c (enum option_values): Add
+ OPTION_NO_POISON_SYSTEM_DIRECTORIES.
+ (ld_options): Add --no-poison-system-directories.
+ (parse_args): Handle new option.
+
+2007-04-20 Joseph Myers <joseph@codesourcery.com>
+
+ Merge from Sourcery G++ binutils 2.17:
+
+ 2007-03-20 Joseph Myers <joseph@codesourcery.com>
+ Based on patch by Mark Hatle <mark.hatle@windriver.com>.
+ ld/
+ * configure.in (--enable-poison-system-directories): New option.
+ * configure, config.in: Regenerate.
+ * ldfile.c (ldfile_add_library_path): If
+ ENABLE_POISON_SYSTEM_DIRECTORIES defined, warn for use of /lib,
+ /usr/lib, /usr/local/lib or /usr/X11R6/lib.
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+
+Index: b/ld/config.in
+===================================================================
+--- a/ld/config.in
++++ b/ld/config.in
+@@ -11,6 +11,9 @@
+ language is requested. */
+ #undef ENABLE_NLS
+
++/* Define to warn for use of native system library directories */
++#undef ENABLE_POISON_SYSTEM_DIRECTORIES
++
+ /* Additional extension a shared object might have. */
+ #undef EXTRA_SHLIB_EXTENSION
+
+Index: b/ld/configure
+===================================================================
+--- a/ld/configure
++++ b/ld/configure
+@@ -773,6 +773,7 @@
+ enable_targets
+ enable_64_bit_bfd
+ with_sysroot
++enable_poison_system_directories
+ enable_gold
+ enable_got
+ enable_werror
+@@ -1428,6 +1429,8 @@
+ (and sometimes confusing) to the casual installer
+ --enable-targets alternative target configurations
+ --enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes)
++ --enable-poison-system-directories
++ warn for use of native system library directories
+ --enable-gold[=ARG] build gold [ARG={default,yes,no}]
+ --enable-got=<type> GOT handling scheme (target, single, negative,
+ multigot)
+@@ -4338,7 +4341,18 @@
+ fi
+
+
++# Check whether --enable-poison-system-directories was given.
++if test "${enable_poison_system_directories+set}" = set; then :
++ enableval=$enable_poison_system_directories;
++else
++ enable_poison_system_directories=no
++fi
++
++if test "x${enable_poison_system_directories}" = "xyes"; then
+
++$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
++
++fi
+
+ # Check whether --enable-got was given.
+ if test "${enable_got+set}" = set; then :
+Index: b/ld/configure.in
+===================================================================
+--- a/ld/configure.in
++++ b/ld/configure.in
+@@ -70,6 +70,16 @@
+ AC_SUBST(TARGET_SYSTEM_ROOT)
+ AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE)
+
++AC_ARG_ENABLE([poison-system-directories],
++ AS_HELP_STRING([--enable-poison-system-directories],
++ [warn for use of native system library directories]),,
++ [enable_poison_system_directories=no])
++if test "x${enable_poison_system_directories}" = "xyes"; then
++ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
++ [1],
++ [Define to warn for use of native system library directories])
++fi
++
+ dnl Use --enable-gold to decide if this linker should be the default.
+ dnl "install_as_default" is set to false if gold is the default linker.
+ dnl "installed_linker" is the installed BFD linker name.
+Index: b/ld/ldfile.c
+===================================================================
+--- a/ld/ldfile.c
++++ b/ld/ldfile.c
+@@ -116,6 +116,23 @@
+ new_dirs->name = concat (ld_sysroot, name + 1, (const char *) NULL);
+ else
+ new_dirs->name = xstrdup (name);
++
++#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
++ if (command_line.poison_system_directories
++ && ((!strncmp (name, "/lib", 4))
++ || (!strncmp (name, "/usr/lib", 8))
++ || (!strncmp (name, "/usr/local/lib", 14))
++ || (!strncmp (name, "/usr/X11R6/lib", 14))))
++ {
++ if (command_line.error_poison_system_directories)
++ einfo (_("%X%P: error: library search path \"%s\" is unsafe for "
++ "cross-compilation\n"), name);
++ else
++ einfo (_("%P: warning: library search path \"%s\" is unsafe for "
++ "cross-compilation\n"), name);
++ }
++#endif
++
+ }
+
+ /* Try to open a BFD for a lang_input_statement. */
+Index: b/ld/ld.h
+===================================================================
+--- a/ld/ld.h
++++ b/ld/ld.h
+@@ -203,6 +203,14 @@
+ /* If TRUE we'll just print the default output on stdout. */
+ bfd_boolean print_output_format;
+
++ /* If TRUE (the default) warn for uses of system directories when
++ cross linking. */
++ bfd_boolean poison_system_directories;
++
++ /* If TRUE (default FALSE) give an error for uses of system
++ directories when cross linking instead of a warning. */
++ bfd_boolean error_poison_system_directories;
++
+ /* Big or little endian as set on command line. */
+ enum endian_enum endian;
+
+Index: b/ld/ldmain.c
+===================================================================
+--- a/ld/ldmain.c
++++ b/ld/ldmain.c
+@@ -265,6 +265,8 @@
+ command_line.warn_search_mismatch = TRUE;
+ command_line.check_section_addresses = -1;
+ command_line.disable_target_specific_optimizations = -1;
++ command_line.poison_system_directories = TRUE;
++ command_line.error_poison_system_directories = FALSE;
+
+ /* We initialize DEMANGLING based on the environment variable
+ COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the
+Index: b/ld/ld.texinfo
+===================================================================
+--- a/ld/ld.texinfo
++++ b/ld/ld.texinfo
+@@ -2156,6 +2156,18 @@
+
+ Passing @code{none} for @var{style} disables the setting from any
+ @code{--build-id} options earlier on the command line.
++
++ at kindex --no-poison-system-directories
++ at item --no-poison-system-directories
++Do not warn for @option{-L} options using system directories such as
++ at file{/usr/lib} when cross linking. This option is intended for use
++in chroot environments when such directories contain the correct
++libraries for the target system rather than the host.
++
++ at kindex --error-poison-system-directories
++ at item --error-poison-system-directories
++Give an error instead of a warning for @option{-L} options using
++system directories when cross linking.
+ @end table
+
+ @c man end
+Index: b/ld/lexsup.c
+===================================================================
+--- a/ld/lexsup.c
++++ b/ld/lexsup.c
+@@ -498,6 +498,14 @@
+ TWO_DASHES },
+ { {"wrap", required_argument, NULL, OPTION_WRAP},
+ '\0', N_("SYMBOL"), N_("Use wrapper functions for SYMBOL"), TWO_DASHES },
++ { {"no-poison-system-directories", no_argument, NULL,
++ OPTION_NO_POISON_SYSTEM_DIRECTORIES},
++ '\0', NULL, N_("Do not warn for -L options using system directories"),
++ TWO_DASHES },
++ { {"error-poison-system-directories", no_argument, NULL,
++ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES},
++ '\0', NULL, N_("Give an error for -L options using system directories"),
++ TWO_DASHES },
+ };
+
+ #define OPTION_COUNT ARRAY_SIZE (ld_options)
+@@ -510,6 +518,7 @@
+ int ingroup = 0;
+ char *default_dirlist = NULL;
+ char *shortopts;
++ char *BR_paranoid_env;
+ struct option *longopts;
+ struct option *really_longopts;
+ int last_optind;
+@@ -1427,9 +1436,21 @@
+ einfo (_("%P%X: --hash-size needs a numeric argument\n"));
+ }
+ break;
++
++ case OPTION_NO_POISON_SYSTEM_DIRECTORIES:
++ command_line.poison_system_directories = FALSE;
++ break;
++
++ case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES:
++ command_line.error_poison_system_directories = TRUE;
++ break;
+ }
+ }
+
++ BR_paranoid_env = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
++ if (BR_paranoid_env && strlen(BR_paranoid_env) > 0)
++ command_line.error_poison_system_directories = TRUE;
++
+ while (ingroup)
+ {
+ lang_leave_group ();
+Index: b/ld/ldlex.h
+===================================================================
+--- a/ld/ldlex.h
++++ b/ld/ldlex.h
+@@ -136,6 +136,8 @@
+ #endif /* ENABLE_PLUGINS */
+ OPTION_DEFAULT_SCRIPT,
+ OPTION_PRINT_OUTPUT_FORMAT,
++ OPTION_NO_POISON_SYSTEM_DIRECTORIES,
++ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES,
+ };
+
+ /* The initial parser states. */
--
2.1.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [Buildroot] [PATCHv2 05/12] binutils/arc-4.8-R3: add patch to warn about unsafe library paths
2014-12-01 21:55 ` [Buildroot] [PATCHv2 05/12] binutils/arc-4.8-R3: " Thomas Petazzoni
@ 2014-12-08 22:58 ` Romain Naour
0 siblings, 0 replies; 26+ messages in thread
From: Romain Naour @ 2014-12-08 22:58 UTC (permalink / raw)
To: buildroot
Hi Thomas,
Le 01/12/2014 22:55, Thomas Petazzoni a ?crit :
> This commit adds a patch to binutils borrowed from CodeSourcery/Yocto
> that warns about unsafe library paths (i.e /usr/lib, /usr/local/lib,
> etc.). The patch was adapted to binutils arc-4.8-R3, and modified to
> support the BR_COMPILER_PARANOID_UNSAFE_PATH environment variable to
> error out instead of just warn when unsafe paths are used. Even though
> erroring out can be chosen by passing
> --error-poison-system-directories, we are not sure this option in
> LDFLAGS will always be passed, so having an environment variable
> guarantees it will always be passed, and also allows to have an
> identical behavior to the external toolchain wrapper.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> ---
> .../arc-4.8-R3/600-poison-system-directories.patch | 279 +++++++++++++++++++++
> 1 file changed, 279 insertions(+)
> create mode 100644 package/binutils/arc-4.8-R3/600-poison-system-directories.patch
NAK.
The arc toolchain has been updated to arc-2014.08 by Alexey Brodkin.
Best regards,
--
Romain Naour
OPEN WIDE Ing?nierie - Paris
23/25, rue Daviel| 75013 PARIS
http://ingenierie.openwide.fr
Le blog des technologies libres et embarqu?es :
http://www.linuxembedded.fr
^ permalink raw reply [flat|nested] 26+ messages in thread
* [Buildroot] [PATCHv2 06/12] gcc/4.9: add patch to warn about unsafe header paths
2014-12-01 21:55 [Buildroot] [PATCHv2 00/12] Paranoid header and library path checking Thomas Petazzoni
` (4 preceding siblings ...)
2014-12-01 21:55 ` [Buildroot] [PATCHv2 05/12] binutils/arc-4.8-R3: " Thomas Petazzoni
@ 2014-12-01 21:55 ` Thomas Petazzoni
2014-12-08 22:52 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 07/12] gcc/4.8: " Thomas Petazzoni
` (5 subsequent siblings)
11 siblings, 1 reply; 26+ messages in thread
From: Thomas Petazzoni @ 2014-12-01 21:55 UTC (permalink / raw)
To: buildroot
This commit adds a patch to gcc borrowed from CodeSourcery/Yocto that
warns about unsafe include paths (i.e /usr/include,
/usr/local/include, etc.). The patch was adapted to gcc 4.9.1, and
modified to support the BR_COMPILER_PARANOID_UNSAFE_PATH environment
variable to error out instead of just warn when unsafe paths are
used. Even though erroring out can be chosen by passing
-Werror=poison-system-directories, we are not sure this option in
CFLAGS will always be passed, so having an environment variable
guarantees it will always be passed, and also allows to have an
identical behavior to the external toolchain wrapper.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
.../4.9.2/910-gcc-poison-system-directories.patch | 207 +++++++++++++++++++++
1 file changed, 207 insertions(+)
create mode 100644 package/gcc/4.9.2/910-gcc-poison-system-directories.patch
diff --git a/package/gcc/4.9.2/910-gcc-poison-system-directories.patch b/package/gcc/4.9.2/910-gcc-poison-system-directories.patch
new file mode 100644
index 0000000..975f01f
--- /dev/null
+++ b/package/gcc/4.9.2/910-gcc-poison-system-directories.patch
@@ -0,0 +1,207 @@
+From 160397ef3c3331099af028f1b8d3e085b07d88ad Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 29 Mar 2013 08:59:00 +0400
+Subject: [PATCH 16/35] gcc: poison-system-directories
+
+Adapted to Buildroot and gcc 4.9.1 by Thomas Petazzoni, especially the
+addition of the BR_COMPILER_PARANOID_UNSAFE_PATH environment variable.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+
+Upstream-Status: Inappropriate [distribution: codesourcery]
+---
+ gcc/Makefile.in | 2 +-
+ gcc/common.opt | 4 ++++
+ gcc/config.in | 6 ++++++
+ gcc/configure | 20 ++++++++++++++++++--
+ gcc/configure.ac | 10 ++++++++++
+ gcc/doc/invoke.texi | 9 +++++++++
+ gcc/gcc.c | 2 ++
+ gcc/incpath.c | 19 +++++++++++++++++++
+ 8 files changed, 69 insertions(+), 3 deletions(-)
+
+Index: b/gcc/common.opt
+===================================================================
+--- a/gcc/common.opt
++++ b/gcc/common.opt
+@@ -603,6 +603,10 @@
+ Common Var(pedantic) Warning
+ Issue warnings needed for strict compliance to the standard
+
++Wpoison-system-directories
++Common Var(flag_poison_system_directories) Init(1) Warning
++Warn for -I and -L options using system directories if cross compiling
++
+ Wshadow
+ Common Var(warn_shadow) Warning
+ Warn when one local variable shadows another
+Index: b/gcc/config.in
+===================================================================
+--- a/gcc/config.in
++++ b/gcc/config.in
+@@ -138,6 +138,12 @@
+ #endif
+
+
++/* Define to warn for use of native system header directories */
++#ifndef USED_FOR_TARGET
++#undef ENABLE_POISON_SYSTEM_DIRECTORIES
++#endif
++
++
+ /* Define if you want all operations on RTL (the basic data structure of the
+ optimizer and back end) to be checked for dynamic type safety at runtime.
+ This is quite expensive. */
+Index: b/gcc/configure
+===================================================================
+--- a/gcc/configure
++++ b/gcc/configure
+@@ -929,6 +929,7 @@
+ enable_maintainer_mode
+ enable_link_mutex
+ enable_version_specific_runtime_libs
++enable_poison_system_directories
+ enable_plugin
+ enable_host_shared
+ enable_libquadmath_support
+@@ -1657,6 +1658,8 @@
+ --enable-version-specific-runtime-libs
+ specify that runtime libraries should be installed
+ in a compiler-specific directory
++ --enable-poison-system-directories
++ warn for use of native system header directories
+ --enable-plugin enable plugin support
+ --enable-host-shared build host code as shared libraries
+ --disable-libquadmath-support
+@@ -27765,6 +27768,19 @@
+ fi
+
+
++# Check whether --enable-poison-system-directories was given.
++if test "${enable_poison_system_directories+set}" = set; then :
++ enableval=$enable_poison_system_directories;
++else
++ enable_poison_system_directories=no
++fi
++
++if test "x${enable_poison_system_directories}" = "xyes"; then
++
++$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
++
++fi
++
+ # Substitute configuration variables
+
+
+Index: b/gcc/configure.ac
+===================================================================
+--- a/gcc/configure.ac
++++ b/gcc/configure.ac
+@@ -5411,6 +5411,16 @@
+ [specify that runtime libraries should be
+ installed in a compiler-specific directory])])
+
++AC_ARG_ENABLE([poison-system-directories],
++ AS_HELP_STRING([--enable-poison-system-directories],
++ [warn for use of native system header directories]),,
++ [enable_poison_system_directories=no])
++if test "x${enable_poison_system_directories}" = "xyes"; then
++ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
++ [1],
++ [Define to warn for use of native system header directories])
++fi
++
+ # Substitute configuration variables
+ AC_SUBST(subdirs)
+ AC_SUBST(srcdir)
+Index: b/gcc/doc/invoke.texi
+===================================================================
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -260,6 +260,7 @@
+ -Woverlength-strings -Wpacked -Wpacked-bitfield-compat -Wpadded @gol
+ -Wparentheses -Wpedantic-ms-format -Wno-pedantic-ms-format @gol
+ -Wpointer-arith -Wno-pointer-to-int-cast @gol
++-Wno-poison-system-directories @gol
+ -Wredundant-decls -Wno-return-local-addr @gol
+ -Wreturn-type -Wsequence-point -Wshadow @gol
+ -Wsign-compare -Wsign-conversion -Wfloat-conversion @gol
+@@ -4209,6 +4210,14 @@
+ for most targets, it is made up of code and thus requires the stack
+ to be made executable in order for the program to work properly.
+
++ at item -Wno-poison-system-directories
++ at opindex Wno-poison-system-directories
++Do not warn for @option{-I} or @option{-L} options using system
++directories such as @file{/usr/include} when cross compiling. This
++option is intended for use in chroot environments when such
++directories contain the correct headers and libraries for the target
++system rather than the host.
++
+ @item -Wfloat-equal
+ @opindex Wfloat-equal
+ @opindex Wno-float-equal
+Index: b/gcc/gcc.c
+===================================================================
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -770,6 +770,8 @@
+ "%{fuse-ld=*:-fuse-ld=%*}\
+ %X %{o*} %{e*} %{N} %{n} %{r}\
+ %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}} " VTABLE_VERIFICATION_SPEC " \
++ %{Wno-poison-system-directories:--no-poison-system-directories}\
++ %{Werror=poison-system-directories:--error-poison-system-directories}\
+ %{static:} %{L*} %(mfwrap) %(link_libgcc) " SANITIZER_EARLY_SPEC " %o\
+ %{fopenmp|ftree-parallelize-loops=*:%:include(libgomp.spec)%(link_gomp)}\
+ %{fcilkplus:%:include(libcilkrts.spec)%(link_cilkrts)}\
+@@ -4034,6 +4036,12 @@
+ gcc_assert (!compare_debug_opt);
+ }
+
++ temp = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
++ if (temp && strlen(temp) > 0)
++ {
++ save_switch("-Werror=poison-system-directories", 0, NULL, false, true);
++ }
++
+ /* Set up the search paths. We add directories that we expect to
+ contain GNU Toolchain components before directories specified by
+ the machine description so that we will find GNU components (like
+Index: b/gcc/incpath.c
+===================================================================
+--- a/gcc/incpath.c
++++ b/gcc/incpath.c
+@@ -28,6 +28,7 @@
+ #include "intl.h"
+ #include "incpath.h"
+ #include "cppdefault.h"
++#include "diagnostic-core.h"
+
+ /* Microsoft Windows does not natively support inodes.
+ VMS has non-numeric inodes. */
+@@ -382,6 +383,24 @@
+ }
+ fprintf (stderr, _("End of search list.\n"));
+ }
++
++#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
++ if (flag_poison_system_directories)
++ {
++ struct cpp_dir *p;
++
++ for (p = heads[QUOTE]; p; p = p->next)
++ {
++ if ((!strncmp (p->name, "/usr/include", 12))
++ || (!strncmp (p->name, "/usr/local/include", 18))
++ || (!strncmp (p->name, "/usr/X11R6/include", 18)))
++ warning (OPT_Wpoison_system_directories,
++ "include location \"%s\" is unsafe for "
++ "cross-compilation",
++ p->name);
++ }
++ }
++#endif
+ }
+
+ /* Use given -I paths for #include "..." but not #include <...>, and
--
2.1.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [Buildroot] [PATCHv2 06/12] gcc/4.9: add patch to warn about unsafe header paths
2014-12-01 21:55 ` [Buildroot] [PATCHv2 06/12] gcc/4.9: add patch to warn about unsafe header paths Thomas Petazzoni
@ 2014-12-08 22:52 ` Romain Naour
0 siblings, 0 replies; 26+ messages in thread
From: Romain Naour @ 2014-12-08 22:52 UTC (permalink / raw)
To: buildroot
Hi Thomas,
Le 01/12/2014 22:55, Thomas Petazzoni a ?crit :
> This commit adds a patch to gcc borrowed from CodeSourcery/Yocto that
> warns about unsafe include paths (i.e /usr/include,
> /usr/local/include, etc.). The patch was adapted to gcc 4.9.1, and
> modified to support the BR_COMPILER_PARANOID_UNSAFE_PATH environment
> variable to error out instead of just warn when unsafe paths are
> used. Even though erroring out can be chosen by passing
> -Werror=poison-system-directories, we are not sure this option in
> CFLAGS will always be passed, so having an environment variable
> guarantees it will always be passed, and also allows to have an
> identical behavior to the external toolchain wrapper.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> ---
Tested-by: Romain Naour <romain.naour@openwide.fr>
Tested with the following internal toolchain
BR2_i386=y
BR2_ARCH="i686"
BR2_ENDIAN="LITTLE"
BR2_GCC_TARGET_ARCH="i686"
BR2_ARCH_HAS_ATOMICS=y
BR2_x86_i686=y
BR2_COMPILER_PARANOID_UNSAFE_PATH=y
BR2_TOOLCHAIN=y
BR2_TOOLCHAIN_USES_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT=y
BR2_KERNEL_HEADERS_3_17=y
BR2_DEFAULT_KERNEL_HEADERS="3.17.4"
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT_LIBC="glibc"
BR2_PACKAGE_GLIBC=y
BR2_GLIBC_VERSION_2_20=y
BR2_GLIBC_VERSION_STRING="2.20"
BR2_BINUTILS_VERSION_2_24=y
BR2_BINUTILS_VERSION="2.24"
BR2_GCC_VERSION_4_9_X=y
BR2_GCC_VERSION="4.9.2"
$ make O=test/paranoid-2/ iprutils
/home/naourr/git/buildroot/test/paranoid-2/host/usr/bin/i686-buildroot-linux-gnu-gcc
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -pipe -Os
-Wall -DIPR_MAJOR_RELEASE=2 -DIPR_MINOR_RELEASE=4 -DIPR_FIX_LEVEL=2
-DIPR_FIX_DATE='"(June 10, 2014)"' -DIPR_VERSION_STR='"2.4.2 (June 10, 2014)"'
-DIPR_RELEASE=1 -I. -I/usr/include/ncurses -o iprlib.o -c iprlib.c
cc1: erreur: include location "/usr/include/ncurses" is unsafe for
cross-compilation [-Werror=poison-system-directories]
cc1: some warnings being treated as errors
make[1]: *** [iprlib.o] Erreur 1
Thanks
--
Romain Naour
OPEN WIDE Ing?nierie - Paris
23/25, rue Daviel| 75013 PARIS
http://ingenierie.openwide.fr
Le blog des technologies libres et embarqu?es :
http://www.linuxembedded.fr
^ permalink raw reply [flat|nested] 26+ messages in thread
* [Buildroot] [PATCHv2 07/12] gcc/4.8: add patch to warn about unsafe header paths
2014-12-01 21:55 [Buildroot] [PATCHv2 00/12] Paranoid header and library path checking Thomas Petazzoni
` (5 preceding siblings ...)
2014-12-01 21:55 ` [Buildroot] [PATCHv2 06/12] gcc/4.9: add patch to warn about unsafe header paths Thomas Petazzoni
@ 2014-12-01 21:55 ` Thomas Petazzoni
2014-12-08 22:52 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 08/12] gcc/arc-4.8-R3: " Thomas Petazzoni
` (4 subsequent siblings)
11 siblings, 1 reply; 26+ messages in thread
From: Thomas Petazzoni @ 2014-12-01 21:55 UTC (permalink / raw)
To: buildroot
This commit adds a patch to gcc borrowed from CodeSourcery/Yocto that
warns about unsafe include paths (i.e /usr/include,
/usr/local/include, etc.). The patch was adapted to gcc 4.8.3, and
modified to support the BR_COMPILER_PARANOID_UNSAFE_PATH environment
variable to error out instead of just warn when unsafe paths are
used. Even though erroring out can be chosen by passing
-Werror=poison-system-directories, we are not sure this option in
CFLAGS will always be passed, so having an environment variable
guarantees it will always be passed, and also allows to have an
identical behavior to the external toolchain wrapper.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
.../4.8.3/910-gcc-poison-system-directories.patch | 207 +++++++++++++++++++++
1 file changed, 207 insertions(+)
create mode 100644 package/gcc/4.8.3/910-gcc-poison-system-directories.patch
diff --git a/package/gcc/4.8.3/910-gcc-poison-system-directories.patch b/package/gcc/4.8.3/910-gcc-poison-system-directories.patch
new file mode 100644
index 0000000..88b2c4e
--- /dev/null
+++ b/package/gcc/4.8.3/910-gcc-poison-system-directories.patch
@@ -0,0 +1,207 @@
+From 160397ef3c3331099af028f1b8d3e085b07d88ad Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 29 Mar 2013 08:59:00 +0400
+Subject: [PATCH 16/35] gcc: poison-system-directories
+
+Adapted to Buildroot and gcc 4.8.3 by Thomas Petazzoni, especially the
+addition of the BR_COMPILER_PARANOID_UNSAFE_PATH environment variable.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+
+Upstream-Status: Inappropriate [distribution: codesourcery]
+---
+ gcc/Makefile.in | 2 +-
+ gcc/common.opt | 4 ++++
+ gcc/config.in | 6 ++++++
+ gcc/configure | 20 ++++++++++++++++++--
+ gcc/configure.ac | 10 ++++++++++
+ gcc/doc/invoke.texi | 9 +++++++++
+ gcc/gcc.c | 2 ++
+ gcc/incpath.c | 19 +++++++++++++++++++
+ 8 files changed, 69 insertions(+), 3 deletions(-)
+
+Index: b/gcc/common.opt
+===================================================================
+--- a/gcc/common.opt
++++ b/gcc/common.opt
+@@ -595,6 +595,10 @@
+ Common Var(pedantic) Warning
+ Issue warnings needed for strict compliance to the standard
+
++Wpoison-system-directories
++Common Var(flag_poison_system_directories) Init(1) Warning
++Warn for -I and -L options using system directories if cross compiling
++
+ Wshadow
+ Common Var(warn_shadow) Warning
+ Warn when one local variable shadows another
+Index: b/gcc/config.in
+===================================================================
+--- a/gcc/config.in
++++ b/gcc/config.in
+@@ -138,6 +138,12 @@
+ #endif
+
+
++/* Define to warn for use of native system header directories */
++#ifndef USED_FOR_TARGET
++#undef ENABLE_POISON_SYSTEM_DIRECTORIES
++#endif
++
++
+ /* Define if you want all operations on RTL (the basic data structure of the
+ optimizer and back end) to be checked for dynamic type safety at runtime.
+ This is quite expensive. */
+Index: b/gcc/configure
+===================================================================
+--- a/gcc/configure
++++ b/gcc/configure
+@@ -917,6 +917,7 @@
+ with_system_zlib
+ enable_maintainer_mode
+ enable_version_specific_runtime_libs
++enable_poison_system_directories
+ enable_plugin
+ enable_libquadmath_support
+ with_linker_hash_style
+@@ -1630,6 +1631,8 @@
+ --enable-version-specific-runtime-libs
+ specify that runtime libraries should be installed
+ in a compiler-specific directory
++ --enable-poison-system-directories
++ warn for use of native system header directories
+ --enable-plugin enable plugin support
+ --disable-libquadmath-support
+ disable libquadmath support for Fortran
+@@ -27195,6 +27198,19 @@
+ fi
+
+
++# Check whether --enable-poison-system-directories was given.
++if test "${enable_poison_system_directories+set}" = set; then :
++ enableval=$enable_poison_system_directories;
++else
++ enable_poison_system_directories=no
++fi
++
++if test "x${enable_poison_system_directories}" = "xyes"; then
++
++$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
++
++fi
++
+ # Substitute configuration variables
+
+
+Index: b/gcc/configure.ac
+===================================================================
+--- a/gcc/configure.ac
++++ b/gcc/configure.ac
+@@ -5101,6 +5101,16 @@
+ [specify that runtime libraries should be
+ installed in a compiler-specific directory])])
+
++AC_ARG_ENABLE([poison-system-directories],
++ AS_HELP_STRING([--enable-poison-system-directories],
++ [warn for use of native system header directories]),,
++ [enable_poison_system_directories=no])
++if test "x${enable_poison_system_directories}" = "xyes"; then
++ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
++ [1],
++ [Define to warn for use of native system header directories])
++fi
++
+ # Substitute configuration variables
+ AC_SUBST(subdirs)
+ AC_SUBST(srcdir)
+Index: b/gcc/doc/invoke.texi
+===================================================================
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -258,6 +258,7 @@
+ -Woverlength-strings -Wpacked -Wpacked-bitfield-compat -Wpadded @gol
+ -Wparentheses -Wpedantic-ms-format -Wno-pedantic-ms-format @gol
+ -Wpointer-arith -Wno-pointer-to-int-cast @gol
++-Wno-poison-system-directories @gol
+ -Wredundant-decls -Wno-return-local-addr @gol
+ -Wreturn-type -Wsequence-point -Wshadow @gol
+ -Wsign-compare -Wsign-conversion -Wsizeof-pointer-memaccess @gol
+@@ -4020,6 +4021,14 @@
+ for most targets, it is made up of code and thus requires the stack
+ to be made executable in order for the program to work properly.
+
++ at item -Wno-poison-system-directories
++ at opindex Wno-poison-system-directories
++Do not warn for @option{-I} or @option{-L} options using system
++directories such as @file{/usr/include} when cross compiling. This
++option is intended for use in chroot environments when such
++directories contain the correct headers and libraries for the target
++system rather than the host.
++
+ @item -Wfloat-equal
+ @opindex Wfloat-equal
+ @opindex Wno-float-equal
+Index: b/gcc/gcc.c
+===================================================================
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -741,6 +741,8 @@
+ "%{fuse-ld=*:-fuse-ld=%*}\
+ %X %{o*} %{e*} %{N} %{n} %{r}\
+ %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}}\
++ %{Wno-poison-system-directories:--no-poison-system-directories}\
++ %{Werror=poison-system-directories:--error-poison-system-directories}\
+ %{static:} %{L*} %(mfwrap) %(link_libgcc) " SANITIZER_EARLY_SPEC " %o\
+ %{fopenmp|ftree-parallelize-loops=*:%:include(libgomp.spec)%(link_gomp)}\
+ %{fgnu-tm:%:include(libitm.spec)%(link_itm)}\
+@@ -3991,6 +3993,12 @@
+ gcc_assert (!compare_debug_opt);
+ }
+
++ temp = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
++ if (temp && strlen(temp) > 0)
++ {
++ save_switch("-Werror=poison-system-directories", 0, NULL, false, true);
++ }
++
+ /* Set up the search paths. We add directories that we expect to
+ contain GNU Toolchain components before directories specified by
+ the machine description so that we will find GNU components (like
+Index: b/gcc/incpath.c
+===================================================================
+--- a/gcc/incpath.c
++++ b/gcc/incpath.c
+@@ -28,6 +28,7 @@
+ #include "intl.h"
+ #include "incpath.h"
+ #include "cppdefault.h"
++#include "diagnostic-core.h"
+
+ /* Microsoft Windows does not natively support inodes.
+ VMS has non-numeric inodes. */
+@@ -382,6 +383,24 @@
+ }
+ fprintf (stderr, _("End of search list.\n"));
+ }
++
++#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
++ if (flag_poison_system_directories)
++ {
++ struct cpp_dir *p;
++
++ for (p = heads[QUOTE]; p; p = p->next)
++ {
++ if ((!strncmp (p->name, "/usr/include", 12))
++ || (!strncmp (p->name, "/usr/local/include", 18))
++ || (!strncmp (p->name, "/usr/X11R6/include", 18)))
++ warning (OPT_Wpoison_system_directories,
++ "include location \"%s\" is unsafe for "
++ "cross-compilation",
++ p->name);
++ }
++ }
++#endif
+ }
+
+ /* Use given -I paths for #include "..." but not #include <...>, and
--
2.1.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [Buildroot] [PATCHv2 07/12] gcc/4.8: add patch to warn about unsafe header paths
2014-12-01 21:55 ` [Buildroot] [PATCHv2 07/12] gcc/4.8: " Thomas Petazzoni
@ 2014-12-08 22:52 ` Romain Naour
0 siblings, 0 replies; 26+ messages in thread
From: Romain Naour @ 2014-12-08 22:52 UTC (permalink / raw)
To: buildroot
Hi Thomas,
Le 01/12/2014 22:55, Thomas Petazzoni a ?crit :
> This commit adds a patch to gcc borrowed from CodeSourcery/Yocto that
> warns about unsafe include paths (i.e /usr/include,
> /usr/local/include, etc.). The patch was adapted to gcc 4.8.3, and
> modified to support the BR_COMPILER_PARANOID_UNSAFE_PATH environment
> variable to error out instead of just warn when unsafe paths are
> used. Even though erroring out can be chosen by passing
> -Werror=poison-system-directories, we are not sure this option in
> CFLAGS will always be passed, so having an environment variable
> guarantees it will always be passed, and also allows to have an
> identical behavior to the external toolchain wrapper.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> ---
Tested-by: Romain Naour <romain.naour@openwide.fr>
Tested with the following internal toolchain
BR2_i386=y
BR2_ARCH="i686"
BR2_ENDIAN="LITTLE"
BR2_GCC_TARGET_ARCH="i686"
BR2_ARCH_HAS_ATOMICS=y
BR2_x86_i686=y
BR2_COMPILER_PARANOID_UNSAFE_PATH=y
BR2_TOOLCHAIN=y
BR2_TOOLCHAIN_USES_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT=y
BR2_KERNEL_HEADERS_3_17=y
BR2_DEFAULT_KERNEL_HEADERS="3.17.4"
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT_LIBC="glibc"
BR2_PACKAGE_GLIBC=y
BR2_GLIBC_VERSION_2_20=y
BR2_GLIBC_VERSION_STRING="2.20"
BR2_BINUTILS_VERSION_2_23_2=y
BR2_BINUTILS_VERSION="2.23.2"
BR2_GCC_VERSION_4_8_X=y
BR2_GCC_VERSION="4.8.3"
$ make O=test/paranoid-3/ iprutils
/home/naourr/git/buildroot/test/paranoid-3/host/usr/bin/i686-buildroot-linux-gnu-gcc
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -pipe -Os
-Wall -DIPR_MAJOR_RELEASE=2 -DIPR_MINOR_RELEASE=4 -DIPR_FIX_LEVEL=2
-DIPR_FIX_DATE='"(June 10, 2014)"' -DIPR_VERSION_STR='"2.4.2 (June 10, 2014)"'
-DIPR_RELEASE=1 -I. -I/usr/include/ncurses -o iprlib.o -c iprlib.c
cc1: erreur: include location "/usr/include/ncurses" is unsafe for
cross-compilation [-Werror=poison-system-directories]
cc1: some warnings being treated as errors
make[1]: *** [iprlib.o] Erreur 1
Thanks
--
Romain Naour
OPEN WIDE Ing?nierie - Paris
23/25, rue Daviel| 75013 PARIS
http://ingenierie.openwide.fr
Le blog des technologies libres et embarqu?es :
http://www.linuxembedded.fr
^ permalink raw reply [flat|nested] 26+ messages in thread
* [Buildroot] [PATCHv2 08/12] gcc/arc-4.8-R3: add patch to warn about unsafe header paths
2014-12-01 21:55 [Buildroot] [PATCHv2 00/12] Paranoid header and library path checking Thomas Petazzoni
` (6 preceding siblings ...)
2014-12-01 21:55 ` [Buildroot] [PATCHv2 07/12] gcc/4.8: " Thomas Petazzoni
@ 2014-12-01 21:55 ` Thomas Petazzoni
2014-12-08 22:59 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 09/12] gcc/4.7: " Thomas Petazzoni
` (3 subsequent siblings)
11 siblings, 1 reply; 26+ messages in thread
From: Thomas Petazzoni @ 2014-12-01 21:55 UTC (permalink / raw)
To: buildroot
This commit adds a patch to gcc borrowed from CodeSourcery/Yocto that
warns about unsafe include paths (i.e /usr/include,
/usr/local/include, etc.). The patch was adapted to gcc arc-4.8-R3,
and modified to support the BR_COMPILER_PARANOID_UNSAFE_PATH
environment variable to error out instead of just warn when unsafe
paths are used. Even though erroring out can be chosen by passing
-Werror=poison-system-directories, we are not sure this option in
CFLAGS will always be passed, so having an environment variable
guarantees it will always be passed, and also allows to have an
identical behavior to the external toolchain wrapper.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
.../910-gcc-poison-system-directories.patch | 221 +++++++++++++++++++++
1 file changed, 221 insertions(+)
create mode 100644 package/gcc/arc-4.8-R3/910-gcc-poison-system-directories.patch
diff --git a/package/gcc/arc-4.8-R3/910-gcc-poison-system-directories.patch b/package/gcc/arc-4.8-R3/910-gcc-poison-system-directories.patch
new file mode 100644
index 0000000..67b3799
--- /dev/null
+++ b/package/gcc/arc-4.8-R3/910-gcc-poison-system-directories.patch
@@ -0,0 +1,221 @@
+From 160397ef3c3331099af028f1b8d3e085b07d88ad Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 29 Mar 2013 08:59:00 +0400
+Subject: [PATCH 16/35] gcc: poison-system-directories
+
+Adapted to Buildroot and gcc arc-4.8-R3 by Thomas Petazzoni,
+especially the addition of the BR_COMPILER_PARANOID_UNSAFE_PATH
+environment variable.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+
+Upstream-Status: Inappropriate [distribution: codesourcery]
+---
+ gcc/Makefile.in | 2 +-
+ gcc/common.opt | 4 ++++
+ gcc/config.in | 6 ++++++
+ gcc/configure | 20 ++++++++++++++++++--
+ gcc/configure.ac | 10 ++++++++++
+ gcc/doc/invoke.texi | 9 +++++++++
+ gcc/gcc.c | 2 ++
+ gcc/incpath.c | 19 +++++++++++++++++++
+ 8 files changed, 69 insertions(+), 3 deletions(-)
+
+Index: b/gcc/common.opt
+===================================================================
+--- a/gcc/common.opt
++++ b/gcc/common.opt
+@@ -595,6 +595,10 @@
+ Common Var(pedantic) Warning
+ Issue warnings needed for strict compliance to the standard
+
++Wpoison-system-directories
++Common Var(flag_poison_system_directories) Init(1) Warning
++Warn for -I and -L options using system directories if cross compiling
++
+ Wshadow
+ Common Var(warn_shadow) Warning
+ Warn when one local variable shadows another
+Index: b/gcc/config.in
+===================================================================
+--- a/gcc/config.in
++++ b/gcc/config.in
+@@ -138,6 +138,12 @@
+ #endif
+
+
++/* Define to warn for use of native system header directories */
++#ifndef USED_FOR_TARGET
++#undef ENABLE_POISON_SYSTEM_DIRECTORIES
++#endif
++
++
+ /* Define if you want all operations on RTL (the basic data structure of the
+ optimizer and back end) to be checked for dynamic type safety at runtime.
+ This is quite expensive. */
+Index: b/gcc/configure
+===================================================================
+--- a/gcc/configure
++++ b/gcc/configure
+@@ -917,6 +917,7 @@
+ with_system_zlib
+ enable_maintainer_mode
+ enable_version_specific_runtime_libs
++enable_poison_system_directories
+ enable_plugin
+ enable_libquadmath_support
+ with_linker_hash_style
+@@ -1630,6 +1631,8 @@
+ --enable-version-specific-runtime-libs
+ specify that runtime libraries should be installed
+ in a compiler-specific directory
++ --enable-poison-system-directories
++ warn for use of native system header directories
+ --enable-plugin enable plugin support
+ --disable-libquadmath-support
+ disable libquadmath support for Fortran
+@@ -27103,6 +27106,19 @@
+ fi
+
+
++# Check whether --enable-poison-system-directories was given.
++if test "${enable_poison_system_directories+set}" = set; then :
++ enableval=$enable_poison_system_directories;
++else
++ enable_poison_system_directories=no
++fi
++
++if test "x${enable_poison_system_directories}" = "xyes"; then
++
++$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
++
++fi
++
+ # Substitute configuration variables
+
+
+Index: b/gcc/configure.ac
+===================================================================
+--- a/gcc/configure.ac
++++ b/gcc/configure.ac
+@@ -5063,6 +5063,16 @@
+ [specify that runtime libraries should be
+ installed in a compiler-specific directory])])
+
++AC_ARG_ENABLE([poison-system-directories],
++ AS_HELP_STRING([--enable-poison-system-directories],
++ [warn for use of native system header directories]),,
++ [enable_poison_system_directories=no])
++if test "x${enable_poison_system_directories}" = "xyes"; then
++ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
++ [1],
++ [Define to warn for use of native system header directories])
++fi
++
+ # Substitute configuration variables
+ AC_SUBST(subdirs)
+ AC_SUBST(srcdir)
+Index: b/gcc/doc/invoke.texi
+===================================================================
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -258,6 +258,7 @@
+ -Woverlength-strings -Wpacked -Wpacked-bitfield-compat -Wpadded @gol
+ -Wparentheses -Wpedantic-ms-format -Wno-pedantic-ms-format @gol
+ -Wpointer-arith -Wno-pointer-to-int-cast @gol
++-Wno-poison-system-directories @gol
+ -Wredundant-decls -Wno-return-local-addr @gol
+ -Wreturn-type -Wsequence-point -Wshadow @gol
+ -Wsign-compare -Wsign-conversion -Wsizeof-pointer-memaccess @gol
+@@ -4025,6 +4026,14 @@
+ for most targets, it is made up of code and thus requires the stack
+ to be made executable in order for the program to work properly.
+
++ at item -Wno-poison-system-directories
++ at opindex Wno-poison-system-directories
++Do not warn for @option{-I} or @option{-L} options using system
++directories such as @file{/usr/include} when cross compiling. This
++option is intended for use in chroot environments when such
++directories contain the correct headers and libraries for the target
++system rather than the host.
++
+ @item -Wfloat-equal
+ @opindex Wfloat-equal
+ @opindex Wno-float-equal
+Index: b/gcc/gcc.c
+===================================================================
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -740,6 +740,8 @@
+ "%{fuse-ld=*:-fuse-ld=%*}\
+ %X %{o*} %{e*} %{N} %{n} %{r}\
+ %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}}\
++ %{Wno-poison-system-directories:--no-poison-system-directories}\
++ %{Werror=poison-system-directories:--error-poison-system-directories}\
+ %{static:} %{L*} %(mfwrap) %(link_libgcc) " SANITIZER_EARLY_SPEC " %o\
+ %{fopenmp|ftree-parallelize-loops=*:%:include(libgomp.spec)%(link_gomp)}\
+ %{fgnu-tm:%:include(libitm.spec)%(link_itm)}\
+@@ -3990,6 +3992,12 @@
+ gcc_assert (!compare_debug_opt);
+ }
+
++ temp = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
++ if (temp && strlen(temp) > 0)
++ {
++ save_switch("-Werror=poison-system-directories", 0, NULL, false, true);
++ }
++
+ /* Set up the search paths. We add directories that we expect to
+ contain GNU Toolchain components before directories specified by
+ the machine description so that we will find GNU components (like
+Index: b/gcc/incpath.c
+===================================================================
+--- a/gcc/incpath.c
++++ b/gcc/incpath.c
+@@ -28,6 +28,7 @@
+ #include "intl.h"
+ #include "incpath.h"
+ #include "cppdefault.h"
++#include "diagnostic-core.h"
+
+ /* Microsoft Windows does not natively support inodes.
+ VMS has non-numeric inodes. */
+@@ -382,6 +383,24 @@
+ }
+ fprintf (stderr, _("End of search list.\n"));
+ }
++
++#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
++ if (flag_poison_system_directories)
++ {
++ struct cpp_dir *p;
++
++ for (p = heads[QUOTE]; p; p = p->next)
++ {
++ if ((!strncmp (p->name, "/usr/include", 12))
++ || (!strncmp (p->name, "/usr/local/include", 18))
++ || (!strncmp (p->name, "/usr/X11R6/include", 18)))
++ warning (OPT_Wpoison_system_directories,
++ "include location \"%s\" is unsafe for "
++ "cross-compilation",
++ p->name);
++ }
++ }
++#endif
+ }
+
+ /* Use given -I paths for #include "..." but not #include <...>, and
+Index: b/gcc/config/arc/arc.h
+===================================================================
+--- a/gcc/config/arc/arc.h
++++ b/gcc/config/arc/arc.h
+@@ -205,6 +205,8 @@
+ %{!fsyntax-only:%{!c:%{!M:%{!MM:%{!E:%{!S:\
+ %(linker) %l " LINK_PIE_SPEC "%X %{o*} %{A} %{d} %{e*} %{m} %{N} %{n} %{r}\
+ %{s} %{t} %{u*} %{x} %{z} %{Z} %{!A:%{!nostdlib:%{!nostartfiles:%S}}}\
++ %{Wno-poison-system-directories:--no-poison-system-directories}\
++ %{Werror=poison-system-directories:--error-poison-system-directories}\
+ %{static:} %{L*} %(mfwrap) %(link_libgcc) %o\
+ %{fopenmp:%:include(libgomp.spec)%(link_gomp)} %(mflib)\
+ %{fprofile-arcs|fprofile-generate|coverage:-lgcov}\
--
2.1.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [Buildroot] [PATCHv2 08/12] gcc/arc-4.8-R3: add patch to warn about unsafe header paths
2014-12-01 21:55 ` [Buildroot] [PATCHv2 08/12] gcc/arc-4.8-R3: " Thomas Petazzoni
@ 2014-12-08 22:59 ` Romain Naour
0 siblings, 0 replies; 26+ messages in thread
From: Romain Naour @ 2014-12-08 22:59 UTC (permalink / raw)
To: buildroot
Hi Thomas,
Le 01/12/2014 22:55, Thomas Petazzoni a ?crit :
> This commit adds a patch to gcc borrowed from CodeSourcery/Yocto that
> warns about unsafe include paths (i.e /usr/include,
> /usr/local/include, etc.). The patch was adapted to gcc arc-4.8-R3,
> and modified to support the BR_COMPILER_PARANOID_UNSAFE_PATH
> environment variable to error out instead of just warn when unsafe
> paths are used. Even though erroring out can be chosen by passing
> -Werror=poison-system-directories, we are not sure this option in
> CFLAGS will always be passed, so having an environment variable
> guarantees it will always be passed, and also allows to have an
> identical behavior to the external toolchain wrapper.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> ---
> .../910-gcc-poison-system-directories.patch | 221 +++++++++++++++++++++
> 1 file changed, 221 insertions(+)
> create mode 100644 package/gcc/arc-4.8-R3/910-gcc-poison-system-directories.patch
>
Same here, the arc toolchain has been updated to arc-2014.08 by Alexey Brodkin.
Best regards,
--
Romain Naour
OPEN WIDE Ing?nierie - Paris
23/25, rue Daviel| 75013 PARIS
http://ingenierie.openwide.fr
Le blog des technologies libres et embarqu?es :
http://www.linuxembedded.fr
^ permalink raw reply [flat|nested] 26+ messages in thread
* [Buildroot] [PATCHv2 09/12] gcc/4.7: add patch to warn about unsafe header paths
2014-12-01 21:55 [Buildroot] [PATCHv2 00/12] Paranoid header and library path checking Thomas Petazzoni
` (7 preceding siblings ...)
2014-12-01 21:55 ` [Buildroot] [PATCHv2 08/12] gcc/arc-4.8-R3: " Thomas Petazzoni
@ 2014-12-01 21:55 ` Thomas Petazzoni
2014-12-08 22:52 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 10/12] gcc: enable poison system directories option Thomas Petazzoni
` (2 subsequent siblings)
11 siblings, 1 reply; 26+ messages in thread
From: Thomas Petazzoni @ 2014-12-01 21:55 UTC (permalink / raw)
To: buildroot
This commit adds a patch to gcc borrowed from CodeSourcery/Yocto that
warns about unsafe include paths (i.e /usr/include,
/usr/local/include, etc.). The patch was adapted to gcc 4.7.4, and
modified to support the BR_COMPILER_PARANOID_UNSAFE_PATH environment
variable to error out instead of just warn when unsafe paths are
used. Even though erroring out can be chosen by passing
-Werror=poison-system-directories, we are not sure this option in
CFLAGS will always be passed, so having an environment variable
guarantees it will always be passed, and also allows to have an
identical behavior to the external toolchain wrapper.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
.../4.7.4/910-gcc-poison-system-directories.patch | 207 +++++++++++++++++++++
1 file changed, 207 insertions(+)
create mode 100644 package/gcc/4.7.4/910-gcc-poison-system-directories.patch
diff --git a/package/gcc/4.7.4/910-gcc-poison-system-directories.patch b/package/gcc/4.7.4/910-gcc-poison-system-directories.patch
new file mode 100644
index 0000000..bc2d5c6
--- /dev/null
+++ b/package/gcc/4.7.4/910-gcc-poison-system-directories.patch
@@ -0,0 +1,207 @@
+From 160397ef3c3331099af028f1b8d3e085b07d88ad Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 29 Mar 2013 08:59:00 +0400
+Subject: [PATCH 16/35] gcc: poison-system-directories
+
+Adapted to Buildroot and gcc 4.7.4 by Thomas Petazzoni, especially the
+addition of the BR_COMPILER_PARANOID_UNSAFE_PATH environment variable.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+
+Upstream-Status: Inappropriate [distribution: codesourcery]
+---
+ gcc/Makefile.in | 2 +-
+ gcc/common.opt | 4 ++++
+ gcc/config.in | 6 ++++++
+ gcc/configure | 20 ++++++++++++++++++--
+ gcc/configure.ac | 10 ++++++++++
+ gcc/doc/invoke.texi | 9 +++++++++
+ gcc/gcc.c | 2 ++
+ gcc/incpath.c | 19 +++++++++++++++++++
+ 8 files changed, 69 insertions(+), 3 deletions(-)
+
+Index: b/gcc/common.opt
+===================================================================
+--- a/gcc/common.opt
++++ b/gcc/common.opt
+@@ -585,6 +585,10 @@
+ Common Var(warn_padded) Warning
+ Warn when padding is required to align structure members
+
++Wpoison-system-directories
++Common Var(flag_poison_system_directories) Init(1) Warning
++Warn for -I and -L options using system directories if cross compiling
++
+ Wshadow
+ Common Var(warn_shadow) Warning
+ Warn when one local variable shadows another
+Index: b/gcc/config.in
+===================================================================
+--- a/gcc/config.in
++++ b/gcc/config.in
+@@ -144,6 +144,12 @@
+ #endif
+
+
++/* Define to warn for use of native system header directories */
++#ifndef USED_FOR_TARGET
++#undef ENABLE_POISON_SYSTEM_DIRECTORIES
++#endif
++
++
+ /* Define if you want all operations on RTL (the basic data structure of the
+ optimizer and back end) to be checked for dynamic type safety at runtime.
+ This is quite expensive. */
+Index: b/gcc/configure
+===================================================================
+--- a/gcc/configure
++++ b/gcc/configure
+@@ -918,6 +918,7 @@
+ with_system_zlib
+ enable_maintainer_mode
+ enable_version_specific_runtime_libs
++enable_poison_system_directories
+ enable_plugin
+ enable_libquadmath_support
+ with_linker_hash_style
+@@ -1632,6 +1633,8 @@
+ --enable-version-specific-runtime-libs
+ specify that runtime libraries should be installed
+ in a compiler-specific directory
++ --enable-poison-system-directories
++ warn for use of native system header directories
+ --enable-plugin enable plugin support
+ --disable-libquadmath-support
+ disable libquadmath support for Fortran
+@@ -27186,6 +27189,19 @@
+ fi
+
+
++# Check whether --enable-poison-system-directories was given.
++if test "${enable_poison_system_directories+set}" = set; then :
++ enableval=$enable_poison_system_directories;
++else
++ enable_poison_system_directories=no
++fi
++
++if test "x${enable_poison_system_directories}" = "xyes"; then
++
++$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
++
++fi
++
+ # Substitute configuration variables
+
+
+Index: b/gcc/configure.ac
+===================================================================
+--- a/gcc/configure.ac
++++ b/gcc/configure.ac
+@@ -5037,6 +5037,16 @@
+ [specify that runtime libraries should be
+ installed in a compiler-specific directory])])
+
++AC_ARG_ENABLE([poison-system-directories],
++ AS_HELP_STRING([--enable-poison-system-directories],
++ [warn for use of native system header directories]),,
++ [enable_poison_system_directories=no])
++if test "x${enable_poison_system_directories}" = "xyes"; then
++ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
++ [1],
++ [Define to warn for use of native system header directories])
++fi
++
+ # Substitute configuration variables
+ AC_SUBST(subdirs)
+ AC_SUBST(srcdir)
+Index: b/gcc/doc/invoke.texi
+===================================================================
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -260,6 +260,7 @@
+ -Woverlength-strings -Wpacked -Wpacked-bitfield-compat -Wpadded @gol
+ -Wparentheses -Wpedantic-ms-format -Wno-pedantic-ms-format @gol
+ -Wpointer-arith -Wno-pointer-to-int-cast @gol
++-Wno-poison-system-directories @gol
+ -Wredundant-decls @gol
+ -Wreturn-type -Wsequence-point -Wshadow @gol
+ -Wsign-compare -Wsign-conversion -Wstack-protector @gol
+@@ -3880,6 +3881,14 @@
+ for most targets, it is made up of code and thus requires the stack
+ to be made executable in order for the program to work properly.
+
++ at item -Wno-poison-system-directories
++ at opindex Wno-poison-system-directories
++Do not warn for @option{-I} or @option{-L} options using system
++directories such as @file{/usr/include} when cross compiling. This
++option is intended for use in chroot environments when such
++directories contain the correct headers and libraries for the target
++system rather than the host.
++
+ @item -Wfloat-equal
+ @opindex Wfloat-equal
+ @opindex Wno-float-equal
+Index: b/gcc/gcc.c
+===================================================================
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -674,6 +674,8 @@
+ %{flto} %{flto=*} %l " LINK_PIE_SPEC \
+ "%X %{o*} %{e*} %{N} %{n} %{r}\
+ %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}}\
++ %{Wno-poison-system-directories:--no-poison-system-directories}\
++ %{Werror=poison-system-directories:--error-poison-system-directories}\
+ %{static:} %{L*} %(mfwrap) %(link_libgcc) %o\
+ %{fopenmp|ftree-parallelize-loops=*:%:include(libgomp.spec)%(link_gomp)}\
+ %{fgnu-tm:%:include(libitm.spec)%(link_itm)}\
+@@ -3907,6 +3909,12 @@
+ gcc_assert (!compare_debug_opt);
+ }
+
++ temp = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
++ if (temp && strlen(temp) > 0)
++ {
++ save_switch("-Werror=poison-system-directories", 0, NULL, false);
++ }
++
+ /* Set up the search paths. We add directories that we expect to
+ contain GNU Toolchain components before directories specified by
+ the machine description so that we will find GNU components (like
+Index: b/gcc/incpath.c
+===================================================================
+--- a/gcc/incpath.c
++++ b/gcc/incpath.c
+@@ -30,6 +30,7 @@
+ #include "intl.h"
+ #include "incpath.h"
+ #include "cppdefault.h"
++#include "diagnostic-core.h"
+
+ /* Microsoft Windows does not natively support inodes.
+ VMS has non-numeric inodes. */
+@@ -373,6 +374,24 @@
+ }
+ fprintf (stderr, _("End of search list.\n"));
+ }
++
++#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
++ if (flag_poison_system_directories)
++ {
++ struct cpp_dir *p;
++
++ for (p = heads[QUOTE]; p; p = p->next)
++ {
++ if ((!strncmp (p->name, "/usr/include", 12))
++ || (!strncmp (p->name, "/usr/local/include", 18))
++ || (!strncmp (p->name, "/usr/X11R6/include", 18)))
++ warning (OPT_Wpoison_system_directories,
++ "include location \"%s\" is unsafe for "
++ "cross-compilation",
++ p->name);
++ }
++ }
++#endif
+ }
+
+ /* Use given -I paths for #include "..." but not #include <...>, and
--
2.1.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [Buildroot] [PATCHv2 09/12] gcc/4.7: add patch to warn about unsafe header paths
2014-12-01 21:55 ` [Buildroot] [PATCHv2 09/12] gcc/4.7: " Thomas Petazzoni
@ 2014-12-08 22:52 ` Romain Naour
0 siblings, 0 replies; 26+ messages in thread
From: Romain Naour @ 2014-12-08 22:52 UTC (permalink / raw)
To: buildroot
Hi Thomas,
Le 01/12/2014 22:55, Thomas Petazzoni a ?crit :
> This commit adds a patch to gcc borrowed from CodeSourcery/Yocto that
> warns about unsafe include paths (i.e /usr/include,
> /usr/local/include, etc.). The patch was adapted to gcc 4.7.4, and
> modified to support the BR_COMPILER_PARANOID_UNSAFE_PATH environment
> variable to error out instead of just warn when unsafe paths are
> used. Even though erroring out can be chosen by passing
> -Werror=poison-system-directories, we are not sure this option in
> CFLAGS will always be passed, so having an environment variable
> guarantees it will always be passed, and also allows to have an
> identical behavior to the external toolchain wrapper.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> ---
Tested-by: Romain Naour <romain.naour@openwide.fr>
Tested with the following internal toolchain
BR2_i386=y
BR2_ARCH="i686"
BR2_ENDIAN="LITTLE"
BR2_GCC_TARGET_ARCH="i686"
BR2_ARCH_HAS_ATOMICS=y
BR2_x86_i686=y
BR2_COMPILER_PARANOID_UNSAFE_PATH=y
BR2_TOOLCHAIN=y
BR2_TOOLCHAIN_USES_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT=y
BR2_KERNEL_HEADERS_3_17=y
BR2_DEFAULT_KERNEL_HEADERS="3.17.4"
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT_LIBC="glibc"
BR2_PACKAGE_GLIBC=y
BR2_GLIBC_VERSION_2_20=y
BR2_GLIBC_VERSION_STRING="2.20"
BR2_BINUTILS_VERSION_2_22=y
BR2_BINUTILS_VERSION="2.22"
BR2_GCC_VERSION_4_7_X=y
BR2_GCC_VERSION="4.7.4"
$ make O=test/paranoid-4/ iprutils
/home/naourr/git/buildroot/test/paranoid-4/host/usr/bin/i686-buildroot-linux-gnu-gcc
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -pipe -Os
-Wall -DIPR_MAJOR_RELEASE=2 -DIPR_MINOR_RELEASE=4 -DIPR_FIX_LEVEL=2
-DIPR_FIX_DATE='"(June 10, 2014)"' -DIPR_VERSION_STR='"2.4.2 (June 10, 2014)"'
-DIPR_RELEASE=1 -I. -I/usr/include/ncurses -o iprlib.o -c iprlib.c
cc1: erreur: include location "/usr/include/ncurses" is unsafe for
cross-compilation [-Werror=poison-system-directories]
cc1: some warnings being treated as errors
gzip -f -c iprconfig.8 > iprconfig.8.gz
make[1]: *** [iprlib.o] Erreur 1
Thanks
--
Romain Naour
OPEN WIDE Ing?nierie - Paris
23/25, rue Daviel| 75013 PARIS
http://ingenierie.openwide.fr
Le blog des technologies libres et embarqu?es :
http://www.linuxembedded.fr
^ permalink raw reply [flat|nested] 26+ messages in thread
* [Buildroot] [PATCHv2 10/12] gcc: enable poison system directories option
2014-12-01 21:55 [Buildroot] [PATCHv2 00/12] Paranoid header and library path checking Thomas Petazzoni
` (8 preceding siblings ...)
2014-12-01 21:55 ` [Buildroot] [PATCHv2 09/12] gcc/4.7: " Thomas Petazzoni
@ 2014-12-01 21:55 ` Thomas Petazzoni
2014-12-01 21:55 ` [Buildroot] [PATCHv2 11/12] binutils: " Thomas Petazzoni
2014-12-01 21:55 ` [Buildroot] [PATCHv2 12/12] Add option for paranoid unsafe path checking Thomas Petazzoni
11 siblings, 0 replies; 26+ messages in thread
From: Thomas Petazzoni @ 2014-12-01 21:55 UTC (permalink / raw)
To: buildroot
This commit enables the poison system directories option, which is now
available thanks to the gcc patches that have been added.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
package/gcc/gcc-final/gcc-final.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/gcc/gcc-final/gcc-final.mk b/package/gcc/gcc-final/gcc-final.mk
index 46ef5c6..958b445 100644
--- a/package/gcc/gcc-final/gcc-final.mk
+++ b/package/gcc/gcc-final/gcc-final.mk
@@ -50,6 +50,7 @@ HOST_GCC_FINAL_CONF_OPTS = \
$(HOST_GCC_COMMON_CONF_OPTS) \
--enable-languages=$(GCC_FINAL_CROSS_LANGUAGES) \
$(DISABLE_LARGEFILE) \
+ --enable-poison-system-directories \
--with-build-time-tools=$(HOST_DIR)/usr/$(GNU_TARGET_NAME)/bin
# Disable shared libs like libstdc++ if we do static since it confuses linking
--
2.1.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [Buildroot] [PATCHv2 11/12] binutils: enable poison system directories option
2014-12-01 21:55 [Buildroot] [PATCHv2 00/12] Paranoid header and library path checking Thomas Petazzoni
` (9 preceding siblings ...)
2014-12-01 21:55 ` [Buildroot] [PATCHv2 10/12] gcc: enable poison system directories option Thomas Petazzoni
@ 2014-12-01 21:55 ` Thomas Petazzoni
2014-12-08 22:55 ` Romain Naour
2014-12-01 21:55 ` [Buildroot] [PATCHv2 12/12] Add option for paranoid unsafe path checking Thomas Petazzoni
11 siblings, 1 reply; 26+ messages in thread
From: Thomas Petazzoni @ 2014-12-01 21:55 UTC (permalink / raw)
To: buildroot
This commit enables the poison system directories option, which is now
available thanks to the binutils patches that have been added.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
package/binutils/binutils.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/binutils/binutils.mk b/package/binutils/binutils.mk
index b8dab5d..9a9bb94 100644
--- a/package/binutils/binutils.mk
+++ b/package/binutils/binutils.mk
@@ -68,6 +68,7 @@ HOST_BINUTILS_CONF_OPTS = --disable-multilib --disable-werror \
--target=$(GNU_TARGET_NAME) \
--disable-shared --enable-static \
--with-sysroot=$(STAGING_DIR) \
+ --enable-poison-system-directories \
$(BINUTILS_DISABLE_GDB_CONF_OPTS) \
$(BINUTILS_EXTRA_CONFIG_OPTIONS)
--
2.1.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [Buildroot] [PATCHv2 11/12] binutils: enable poison system directories option
2014-12-01 21:55 ` [Buildroot] [PATCHv2 11/12] binutils: " Thomas Petazzoni
@ 2014-12-08 22:55 ` Romain Naour
0 siblings, 0 replies; 26+ messages in thread
From: Romain Naour @ 2014-12-08 22:55 UTC (permalink / raw)
To: buildroot
Hi Thomas,
Le 01/12/2014 22:55, Thomas Petazzoni a ?crit :
> This commit enables the poison system directories option, which is now
> available thanks to the binutils patches that have been added.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
> ---
> package/binutils/binutils.mk | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/package/binutils/binutils.mk b/package/binutils/binutils.mk
> index b8dab5d..9a9bb94 100644
> --- a/package/binutils/binutils.mk
> +++ b/package/binutils/binutils.mk
> @@ -68,6 +68,7 @@ HOST_BINUTILS_CONF_OPTS = --disable-multilib --disable-werror \
> --target=$(GNU_TARGET_NAME) \
> --disable-shared --enable-static \
> --with-sysroot=$(STAGING_DIR) \
> + --enable-poison-system-directories \
> $(BINUTILS_DISABLE_GDB_CONF_OPTS) \
> $(BINUTILS_EXTRA_CONFIG_OPTIONS)
>
>
Acked-by: Romain Naour <romain.naour@openwide.fr>
Tested-by: Romain Naour <romain.naour@openwide.fr>
Thanks,
--
Romain Naour
OPEN WIDE Ing?nierie - Paris
23/25, rue Daviel| 75013 PARIS
http://ingenierie.openwide.fr
Le blog des technologies libres et embarqu?es :
http://www.linuxembedded.fr
^ permalink raw reply [flat|nested] 26+ messages in thread
* [Buildroot] [PATCHv2 12/12] Add option for paranoid unsafe path checking
2014-12-01 21:55 [Buildroot] [PATCHv2 00/12] Paranoid header and library path checking Thomas Petazzoni
` (10 preceding siblings ...)
2014-12-01 21:55 ` [Buildroot] [PATCHv2 11/12] binutils: " Thomas Petazzoni
@ 2014-12-01 21:55 ` Thomas Petazzoni
2014-12-06 17:08 ` Romain Naour
11 siblings, 1 reply; 26+ messages in thread
From: Thomas Petazzoni @ 2014-12-01 21:55 UTC (permalink / raw)
To: buildroot
This commit adds a Config.in option to the "Build options" submenu to
enable paranoid checking of unsafe paths. This mechanism is added as
an option so that when we'll enable it in the autobuilders, people
trying to reproduce the build failures will be able to do so by just
downloading the configuration file. If instead we were leaving this
feature as an environment variable, everyone would have to remember to
pass this environment variable to reproduce build issues. And certain
build issues triggered by paranoid unsafe patch checking may not be
visible in the build output, for example when they happen during the
execution of configure scripts.
Since this option is fairly advanced, a new submenu inside "Build
options" is created, for Advanced options.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
Config.in | 20 ++++++++++++++++++++
package/Makefile.in | 4 ++++
2 files changed, 24 insertions(+)
diff --git a/Config.in b/Config.in
index 1aa1080..3374e0f 100644
--- a/Config.in
+++ b/Config.in
@@ -569,6 +569,26 @@ config BR2_GLOBAL_PATCH_DIR
Otherwise, if the directory <global-patch-dir>/<packagename> exists,
then all *.patch files in the directory will be applied.
+menu "Advanced"
+
+config BR2_COMPILER_PARANOID_UNSAFE_PATH
+ bool "paranoid check of library/header paths"
+ help
+ By default, when this option is disabled, when the Buildroot
+ cross-compiler will encounter an unsafe library or header
+ path (such as /usr/include, or /usr/lib), the compiler will
+ display a warning.
+
+ By enabling this option, this warning is turned into an
+ error, which will completely abort the build when such
+ unsafe paths are encountered.
+
+ Note that this mechanism is available for both the internal
+ toolchain (through gcc and binutils patches) and external
+ toolchain backends (through the external toolchain wrapper).
+
+endmenu
+
endmenu
source "toolchain/Config.in"
diff --git a/package/Makefile.in b/package/Makefile.in
index 36ecf0b..f60b08d 100644
--- a/package/Makefile.in
+++ b/package/Makefile.in
@@ -398,6 +398,10 @@ else
SHARED_STATIC_LIBS_OPTS = --enable-static --enable-shared
endif
+ifeq ($(BR2_COMPILER_PARANOID_UNSAFE_PATH),y)
+export BR_COMPILER_PARANOID_UNSAFE_PATH=enabled
+endif
+
include package/pkg-download.mk
include package/pkg-autotools.mk
include package/pkg-cmake.mk
--
2.1.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [Buildroot] [PATCHv2 12/12] Add option for paranoid unsafe path checking
2014-12-01 21:55 ` [Buildroot] [PATCHv2 12/12] Add option for paranoid unsafe path checking Thomas Petazzoni
@ 2014-12-06 17:08 ` Romain Naour
0 siblings, 0 replies; 26+ messages in thread
From: Romain Naour @ 2014-12-06 17:08 UTC (permalink / raw)
To: buildroot
Hi Thomas,
Le 01/12/2014 22:55, Thomas Petazzoni a ?crit :
> This commit adds a Config.in option to the "Build options" submenu to
> enable paranoid checking of unsafe paths. This mechanism is added as
> an option so that when we'll enable it in the autobuilders, people
> trying to reproduce the build failures will be able to do so by just
> downloading the configuration file. If instead we were leaving this
> feature as an environment variable, everyone would have to remember to
> pass this environment variable to reproduce build issues. And certain
> build issues triggered by paranoid unsafe patch checking may not be
> visible in the build output, for example when they happen during the
> execution of configure scripts.
>
> Since this option is fairly advanced, a new submenu inside "Build
> options" is created, for Advanced options.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
> ---
> Config.in | 20 ++++++++++++++++++++
> package/Makefile.in | 4 ++++
> 2 files changed, 24 insertions(+)
>
> diff --git a/Config.in b/Config.in
> index 1aa1080..3374e0f 100644
> --- a/Config.in
> +++ b/Config.in
> @@ -569,6 +569,26 @@ config BR2_GLOBAL_PATCH_DIR
> Otherwise, if the directory <global-patch-dir>/<packagename> exists,
> then all *.patch files in the directory will be applied.
>
> +menu "Advanced"
> +
> +config BR2_COMPILER_PARANOID_UNSAFE_PATH
> + bool "paranoid check of library/header paths"
> + help
> + By default, when this option is disabled, when the Buildroot
> + cross-compiler will encounter an unsafe library or header
> + path (such as /usr/include, or /usr/lib), the compiler will
> + display a warning.
> +
> + By enabling this option, this warning is turned into an
> + error, which will completely abort the build when such
> + unsafe paths are encountered.
> +
> + Note that this mechanism is available for both the internal
> + toolchain (through gcc and binutils patches) and external
> + toolchain backends (through the external toolchain wrapper).
> +
> +endmenu
> +
> endmenu
>
> source "toolchain/Config.in"
> diff --git a/package/Makefile.in b/package/Makefile.in
> index 36ecf0b..f60b08d 100644
> --- a/package/Makefile.in
> +++ b/package/Makefile.in
> @@ -398,6 +398,10 @@ else
> SHARED_STATIC_LIBS_OPTS = --enable-static --enable-shared
> endif
>
> +ifeq ($(BR2_COMPILER_PARANOID_UNSAFE_PATH),y)
> +export BR_COMPILER_PARANOID_UNSAFE_PATH=enabled
> +endif
> +
> include package/pkg-download.mk
> include package/pkg-autotools.mk
> include package/pkg-cmake.mk
>
Sorry, I haven't yet tested the others patches with an internal
toolchain.
Reviewed-by: Romain Naour <romain.naour@openwide.fr>
Tested-by: Romain Naour <romain.naour@openwide.fr>
Tested with an external x86 toolchain with iprutils package selected.
$ make O=test/paranoid iprutils-rebuild
The build stop if BR2_COMPILER_PARANOID_UNSAFE_PATH has been selected
in the Buildroot configuration. Otherwise the build continue with the
following warning:
/home/naourr/git/buildroot/test/paranoid/host/usr/bin/i686-pc-linux-gnu-gcc
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -pipe -Os
-Wall -DIPR_MAJOR_RELEASE=2 -DIPR_MINOR_RELEASE=4 -DIPR_FIX_LEVEL=2
-DIPR_FIX_DATE='"(June 10, 2014)"' -DIPR_VERSION_STR='"2.4.2 (June 10, 2014)"'
-DIPR_RELEASE=1 -I. -I/usr/include/ncurses -o iprlib.o -c iprlib.c
i686-pc-linux-gnu-gcc: WARNING: unsafe header/library path used in
cross-compilation: '/usr/include/ncurses'
Thanks,
--
Romain Naour
OPEN WIDE Ing?nierie - Paris
23/25, rue Daviel| 75013 PARIS
http://ingenierie.openwide.fr
Le blog des technologies libres et embarqu?es :
http://www.linuxembedded.fr
^ permalink raw reply [flat|nested] 26+ messages in thread