* [Buildroot] [PATCH 1/1] package/jitterentropy-library: fix build without stack-protector
@ 2021-12-19 15:32 Fabrice Fontaine
2021-12-19 15:36 ` Baruch Siach via buildroot
2021-12-20 22:39 ` Arnout Vandecappelle
0 siblings, 2 replies; 5+ messages in thread
From: Fabrice Fontaine @ 2021-12-19 15:32 UTC (permalink / raw)
To: buildroot; +Cc: Matt Weber, Fabrice Fontaine
Fix the following build failure without stack-protector raised since
bump to version 3.3.1 in commit 3965f09cb427af411055a783cd14b501b2b28285
and
https://github.com/smuellerDD/jitterentropy-library/commit/5b3cb7f35e41ba2f34a75d004cf095c965a1a0c4:
/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
Fixes:
- http://autobuild.buildroot.org/results/8de/8dee462d16d934dd173d58f17933c6911e4336bf/build-end.log
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...-Makefile-add-ENABLE_STACK_PROTECTOR.patch | 52 +++++++++++++++++++
.../jitterentropy-library.mk | 2 +-
2 files changed, 53 insertions(+), 1 deletion(-)
create mode 100644 package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
diff --git a/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch b/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
new file mode 100644
index 0000000000..c4388663b0
--- /dev/null
+++ b/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
@@ -0,0 +1,52 @@
+From 272ee47892563e849f6b1bf59b0173f8aa33b631 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sun, 19 Dec 2021 11:36:13 +0100
+Subject: [PATCH] Makefile: add ENABLE_STACK_PROTECTOR
+
+Add ENABLE_STACK_PROTECTOR as build on embedded toolchains without
+stack-protector is again broken since
+https://github.com/smuellerDD/jitterentropy-library/commit/5b3cb7f35e41ba2f34a75d004cf095c965a1a0c4:
+
+/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
+jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
+
+Fixes:
+ - http://autobuild.buildroot.org/results/8dee462d16d934dd173d58f17933c6911e4336bf
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Signed-off-by: Stephan Mueller <smueller@chronox.de>
+[Retrieved from:
+https://github.com/smuellerDD/jitterentropy-library/commit/272ee47892563e849f6b1bf59b0173f8aa33b631]
+---
+ Makefile | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index dfb96a8..c999ef5 100644
+--- a/Makefile
++++ b/Makefile
+@@ -2,6 +2,7 @@
+
+ CC ?= gcc
+ #Hardening
++ENABLE_STACK_PROTECTOR ?= 1
+ CFLAGS ?= -fwrapv --param ssp-buffer-size=4 -fvisibility=hidden -fPIE -Wcast-align -Wmissing-field-initializers -Wshadow -Wswitch-enum
+ CFLAGS +=-Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
+ LDFLAGS +=-Wl,-z,relro,-z,now -lpthread
+@@ -13,10 +14,12 @@ else
+ GCC_GTEQ_490 := $(shell expr `$(CC) -dumpfullversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/'` \>= 40900)
+ endif
+
+-ifeq "$(GCC_GTEQ_490)" "1"
+- CFLAGS += -fstack-protector-strong
+-else
+- CFLAGS += -fstack-protector-all
++ifeq "$(ENABLE_STACK_PROTECTOR)" "1"
++ ifeq "$(GCC_GTEQ_490)" "1"
++ CFLAGS += -fstack-protector-strong
++ else
++ CFLAGS += -fstack-protector-all
++ endif
+ endif
+
+ # Change as necessary
diff --git a/package/jitterentropy-library/jitterentropy-library.mk b/package/jitterentropy-library/jitterentropy-library.mk
index 830da0e065..4cdebf46a3 100644
--- a/package/jitterentropy-library/jitterentropy-library.mk
+++ b/package/jitterentropy-library/jitterentropy-library.mk
@@ -26,7 +26,7 @@ endif
define JITTERENTROPY_LIBRARY_BUILD_CMDS
$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
- $(JITTERENTROPY_LIBRARY_BUILD_TARGETS)
+ ENABLE_STACK_PROTECTOR=0 $(JITTERENTROPY_LIBRARY_BUILD_TARGETS)
endef
define JITTERENTROPY_LIBRARY_INSTALL_STAGING_CMDS
--
2.33.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/jitterentropy-library: fix build without stack-protector
2021-12-19 15:32 [Buildroot] [PATCH 1/1] package/jitterentropy-library: fix build without stack-protector Fabrice Fontaine
@ 2021-12-19 15:36 ` Baruch Siach via buildroot
2021-12-19 15:59 ` Fabrice Fontaine
2021-12-20 22:39 ` Arnout Vandecappelle
1 sibling, 1 reply; 5+ messages in thread
From: Baruch Siach via buildroot @ 2021-12-19 15:36 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Matt Weber, buildroot
Hi Fabrice,
On Sun, Dec 19 2021, Fabrice Fontaine wrote:
> Fix the following build failure without stack-protector raised since
> bump to version 3.3.1 in commit 3965f09cb427af411055a783cd14b501b2b28285
> and
> https://github.com/smuellerDD/jitterentropy-library/commit/5b3cb7f35e41ba2f34a75d004cf095c965a1a0c4:
>
> /home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
> jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
>
> Fixes:
> - http://autobuild.buildroot.org/results/8de/8dee462d16d934dd173d58f17933c6911e4336bf/build-end.log
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> ...-Makefile-add-ENABLE_STACK_PROTECTOR.patch | 52 +++++++++++++++++++
> .../jitterentropy-library.mk | 2 +-
> 2 files changed, 53 insertions(+), 1 deletion(-)
> create mode 100644 package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
>
> diff --git a/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch b/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
> new file mode 100644
> index 0000000000..c4388663b0
> --- /dev/null
> +++ b/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
> @@ -0,0 +1,52 @@
> +From 272ee47892563e849f6b1bf59b0173f8aa33b631 Mon Sep 17 00:00:00 2001
> +From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +Date: Sun, 19 Dec 2021 11:36:13 +0100
> +Subject: [PATCH] Makefile: add ENABLE_STACK_PROTECTOR
> +
> +Add ENABLE_STACK_PROTECTOR as build on embedded toolchains without
> +stack-protector is again broken since
> +https://github.com/smuellerDD/jitterentropy-library/commit/5b3cb7f35e41ba2f34a75d004cf095c965a1a0c4:
> +
> +/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
> +jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
> +
> +Fixes:
> + - http://autobuild.buildroot.org/results/8dee462d16d934dd173d58f17933c6911e4336bf
> +
> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +Signed-off-by: Stephan Mueller <smueller@chronox.de>
> +[Retrieved from:
> +https://github.com/smuellerDD/jitterentropy-library/commit/272ee47892563e849f6b1bf59b0173f8aa33b631]
> +---
> + Makefile | 11 +++++++----
> + 1 file changed, 7 insertions(+), 4 deletions(-)
> +
> +diff --git a/Makefile b/Makefile
> +index dfb96a8..c999ef5 100644
> +--- a/Makefile
> ++++ b/Makefile
> +@@ -2,6 +2,7 @@
> +
> + CC ?= gcc
> + #Hardening
> ++ENABLE_STACK_PROTECTOR ?= 1
> + CFLAGS ?= -fwrapv --param ssp-buffer-size=4 -fvisibility=hidden -fPIE -Wcast-align -Wmissing-field-initializers -Wshadow -Wswitch-enum
> + CFLAGS +=-Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
> + LDFLAGS +=-Wl,-z,relro,-z,now -lpthread
> +@@ -13,10 +14,12 @@ else
> + GCC_GTEQ_490 := $(shell expr `$(CC) -dumpfullversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/'` \>= 40900)
> + endif
> +
> +-ifeq "$(GCC_GTEQ_490)" "1"
> +- CFLAGS += -fstack-protector-strong
> +-else
> +- CFLAGS += -fstack-protector-all
> ++ifeq "$(ENABLE_STACK_PROTECTOR)" "1"
> ++ ifeq "$(GCC_GTEQ_490)" "1"
> ++ CFLAGS += -fstack-protector-strong
> ++ else
> ++ CFLAGS += -fstack-protector-all
> ++ endif
> + endif
> +
> + # Change as necessary
> diff --git a/package/jitterentropy-library/jitterentropy-library.mk b/package/jitterentropy-library/jitterentropy-library.mk
> index 830da0e065..4cdebf46a3 100644
> --- a/package/jitterentropy-library/jitterentropy-library.mk
> +++ b/package/jitterentropy-library/jitterentropy-library.mk
> @@ -26,7 +26,7 @@ endif
>
> define JITTERENTROPY_LIBRARY_BUILD_CMDS
> $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
> - $(JITTERENTROPY_LIBRARY_BUILD_TARGETS)
> + ENABLE_STACK_PROTECTOR=0 $(JITTERENTROPY_LIBRARY_BUILD_TARGETS)
Why disable stack protector unconditionally instead of making it depend
on BR2_TOOLCHAIN_HAS_SSP?
baruch
> endef
>
> define JITTERENTROPY_LIBRARY_INSTALL_STAGING_CMDS
--
~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/jitterentropy-library: fix build without stack-protector
2021-12-19 15:36 ` Baruch Siach via buildroot
@ 2021-12-19 15:59 ` Fabrice Fontaine
2021-12-19 16:13 ` Baruch Siach via buildroot
0 siblings, 1 reply; 5+ messages in thread
From: Fabrice Fontaine @ 2021-12-19 15:59 UTC (permalink / raw)
To: Baruch Siach; +Cc: Matt Weber, Buildroot Mailing List
Hi Baruch,
Le dim. 19 déc. 2021 à 16:38, Baruch Siach <baruch@tkos.co.il> a écrit :
>
> Hi Fabrice,
>
> On Sun, Dec 19 2021, Fabrice Fontaine wrote:
> > Fix the following build failure without stack-protector raised since
> > bump to version 3.3.1 in commit 3965f09cb427af411055a783cd14b501b2b28285
> > and
> > https://github.com/smuellerDD/jitterentropy-library/commit/5b3cb7f35e41ba2f34a75d004cf095c965a1a0c4:
> >
> > /home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
> > jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
> >
> > Fixes:
> > - http://autobuild.buildroot.org/results/8de/8dee462d16d934dd173d58f17933c6911e4336bf/build-end.log
> >
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> > ---
> > ...-Makefile-add-ENABLE_STACK_PROTECTOR.patch | 52 +++++++++++++++++++
> > .../jitterentropy-library.mk | 2 +-
> > 2 files changed, 53 insertions(+), 1 deletion(-)
> > create mode 100644 package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
> >
> > diff --git a/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch b/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
> > new file mode 100644
> > index 0000000000..c4388663b0
> > --- /dev/null
> > +++ b/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
> > @@ -0,0 +1,52 @@
> > +From 272ee47892563e849f6b1bf59b0173f8aa33b631 Mon Sep 17 00:00:00 2001
> > +From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> > +Date: Sun, 19 Dec 2021 11:36:13 +0100
> > +Subject: [PATCH] Makefile: add ENABLE_STACK_PROTECTOR
> > +
> > +Add ENABLE_STACK_PROTECTOR as build on embedded toolchains without
> > +stack-protector is again broken since
> > +https://github.com/smuellerDD/jitterentropy-library/commit/5b3cb7f35e41ba2f34a75d004cf095c965a1a0c4:
> > +
> > +/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
> > +jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
> > +
> > +Fixes:
> > + - http://autobuild.buildroot.org/results/8dee462d16d934dd173d58f17933c6911e4336bf
> > +
> > +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> > +Signed-off-by: Stephan Mueller <smueller@chronox.de>
> > +[Retrieved from:
> > +https://github.com/smuellerDD/jitterentropy-library/commit/272ee47892563e849f6b1bf59b0173f8aa33b631]
> > +---
> > + Makefile | 11 +++++++----
> > + 1 file changed, 7 insertions(+), 4 deletions(-)
> > +
> > +diff --git a/Makefile b/Makefile
> > +index dfb96a8..c999ef5 100644
> > +--- a/Makefile
> > ++++ b/Makefile
> > +@@ -2,6 +2,7 @@
> > +
> > + CC ?= gcc
> > + #Hardening
> > ++ENABLE_STACK_PROTECTOR ?= 1
> > + CFLAGS ?= -fwrapv --param ssp-buffer-size=4 -fvisibility=hidden -fPIE -Wcast-align -Wmissing-field-initializers -Wshadow -Wswitch-enum
> > + CFLAGS +=-Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
> > + LDFLAGS +=-Wl,-z,relro,-z,now -lpthread
> > +@@ -13,10 +14,12 @@ else
> > + GCC_GTEQ_490 := $(shell expr `$(CC) -dumpfullversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/'` \>= 40900)
> > + endif
> > +
> > +-ifeq "$(GCC_GTEQ_490)" "1"
> > +- CFLAGS += -fstack-protector-strong
> > +-else
> > +- CFLAGS += -fstack-protector-all
> > ++ifeq "$(ENABLE_STACK_PROTECTOR)" "1"
> > ++ ifeq "$(GCC_GTEQ_490)" "1"
> > ++ CFLAGS += -fstack-protector-strong
> > ++ else
> > ++ CFLAGS += -fstack-protector-all
> > ++ endif
> > + endif
> > +
> > + # Change as necessary
> > diff --git a/package/jitterentropy-library/jitterentropy-library.mk b/package/jitterentropy-library/jitterentropy-library.mk
> > index 830da0e065..4cdebf46a3 100644
> > --- a/package/jitterentropy-library/jitterentropy-library.mk
> > +++ b/package/jitterentropy-library/jitterentropy-library.mk
> > @@ -26,7 +26,7 @@ endif
> >
> > define JITTERENTROPY_LIBRARY_BUILD_CMDS
> > $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
> > - $(JITTERENTROPY_LIBRARY_BUILD_TARGETS)
> > + ENABLE_STACK_PROTECTOR=0 $(JITTERENTROPY_LIBRARY_BUILD_TARGETS)
>
> Why disable stack protector unconditionally instead of making it depend
> on BR2_TOOLCHAIN_HAS_SSP?
From my understanding, passing -fstack-protector-strong or
-fstack-protector-all will be made by the toolchain wrapper.
So there is no need to make it conditional on BR2_SSP_STRONG or BR2_SSP_ALL
>
> baruch
>
> > endef
> >
> > define JITTERENTROPY_LIBRARY_INSTALL_STAGING_CMDS
>
>
> --
> ~. .~ Tk Open Systems
> =}------------------------------------------------ooO--U--Ooo------------{=
> - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
Best Regards,
Fabrice
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/jitterentropy-library: fix build without stack-protector
2021-12-19 15:59 ` Fabrice Fontaine
@ 2021-12-19 16:13 ` Baruch Siach via buildroot
0 siblings, 0 replies; 5+ messages in thread
From: Baruch Siach via buildroot @ 2021-12-19 16:13 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Matt Weber, Buildroot Mailing List
Hi Fabrice,
On Sun, Dec 19 2021, Fabrice Fontaine wrote:
> Le dim. 19 déc. 2021 à 16:38, Baruch Siach <baruch@tkos.co.il> a écrit :
>> On Sun, Dec 19 2021, Fabrice Fontaine wrote:
>> > Fix the following build failure without stack-protector raised since
>> > bump to version 3.3.1 in commit 3965f09cb427af411055a783cd14b501b2b28285
>> > and
>> > https://github.com/smuellerDD/jitterentropy-library/commit/5b3cb7f35e41ba2f34a75d004cf095c965a1a0c4:
>> >
>> > /home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
>> > jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
>> >
>> > Fixes:
>> > - http://autobuild.buildroot.org/results/8de/8dee462d16d934dd173d58f17933c6911e4336bf/build-end.log
>> >
>> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>> > ---
>> > ...-Makefile-add-ENABLE_STACK_PROTECTOR.patch | 52 +++++++++++++++++++
>> > .../jitterentropy-library.mk | 2 +-
>> > 2 files changed, 53 insertions(+), 1 deletion(-)
>> > create mode 100644 package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
>> >
>> > diff --git a/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch b/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
>> > new file mode 100644
>> > index 0000000000..c4388663b0
>> > --- /dev/null
>> > +++ b/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
>> > @@ -0,0 +1,52 @@
>> > +From 272ee47892563e849f6b1bf59b0173f8aa33b631 Mon Sep 17 00:00:00 2001
>> > +From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>> > +Date: Sun, 19 Dec 2021 11:36:13 +0100
>> > +Subject: [PATCH] Makefile: add ENABLE_STACK_PROTECTOR
>> > +
>> > +Add ENABLE_STACK_PROTECTOR as build on embedded toolchains without
>> > +stack-protector is again broken since
>> > +https://github.com/smuellerDD/jitterentropy-library/commit/5b3cb7f35e41ba2f34a75d004cf095c965a1a0c4:
>> > +
>> > +/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
>> > +jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
>> > +
>> > +Fixes:
>> > + - http://autobuild.buildroot.org/results/8dee462d16d934dd173d58f17933c6911e4336bf
>> > +
>> > +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>> > +Signed-off-by: Stephan Mueller <smueller@chronox.de>
>> > +[Retrieved from:
>> > +https://github.com/smuellerDD/jitterentropy-library/commit/272ee47892563e849f6b1bf59b0173f8aa33b631]
>> > +---
>> > + Makefile | 11 +++++++----
>> > + 1 file changed, 7 insertions(+), 4 deletions(-)
>> > +
>> > +diff --git a/Makefile b/Makefile
>> > +index dfb96a8..c999ef5 100644
>> > +--- a/Makefile
>> > ++++ b/Makefile
>> > +@@ -2,6 +2,7 @@
>> > +
>> > + CC ?= gcc
>> > + #Hardening
>> > ++ENABLE_STACK_PROTECTOR ?= 1
>> > + CFLAGS ?= -fwrapv --param ssp-buffer-size=4 -fvisibility=hidden -fPIE -Wcast-align -Wmissing-field-initializers -Wshadow -Wswitch-enum
>> > + CFLAGS +=-Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
>> > + LDFLAGS +=-Wl,-z,relro,-z,now -lpthread
>> > +@@ -13,10 +14,12 @@ else
>> > + GCC_GTEQ_490 := $(shell expr `$(CC) -dumpfullversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/'` \>= 40900)
>> > + endif
>> > +
>> > +-ifeq "$(GCC_GTEQ_490)" "1"
>> > +- CFLAGS += -fstack-protector-strong
>> > +-else
>> > +- CFLAGS += -fstack-protector-all
>> > ++ifeq "$(ENABLE_STACK_PROTECTOR)" "1"
>> > ++ ifeq "$(GCC_GTEQ_490)" "1"
>> > ++ CFLAGS += -fstack-protector-strong
>> > ++ else
>> > ++ CFLAGS += -fstack-protector-all
>> > ++ endif
>> > + endif
>> > +
>> > + # Change as necessary
>> > diff --git a/package/jitterentropy-library/jitterentropy-library.mk b/package/jitterentropy-library/jitterentropy-library.mk
>> > index 830da0e065..4cdebf46a3 100644
>> > --- a/package/jitterentropy-library/jitterentropy-library.mk
>> > +++ b/package/jitterentropy-library/jitterentropy-library.mk
>> > @@ -26,7 +26,7 @@ endif
>> >
>> > define JITTERENTROPY_LIBRARY_BUILD_CMDS
>> > $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
>> > - $(JITTERENTROPY_LIBRARY_BUILD_TARGETS)
>> > + ENABLE_STACK_PROTECTOR=0 $(JITTERENTROPY_LIBRARY_BUILD_TARGETS)
>>
>> Why disable stack protector unconditionally instead of making it depend
>> on BR2_TOOLCHAIN_HAS_SSP?
> From my understanding, passing -fstack-protector-strong or
> -fstack-protector-all will be made by the toolchain wrapper.
> So there is no need to make it conditional on BR2_SSP_STRONG or BR2_SSP_ALL
Right. I forgot about the toolchain wrapper. But it might worth mention
in the commit log, since it looks as if this commit disables stack
protection.
baruch
>>
>> > endef
>> >
>> > define JITTERENTROPY_LIBRARY_INSTALL_STAGING_CMDS
--
~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/jitterentropy-library: fix build without stack-protector
2021-12-19 15:32 [Buildroot] [PATCH 1/1] package/jitterentropy-library: fix build without stack-protector Fabrice Fontaine
2021-12-19 15:36 ` Baruch Siach via buildroot
@ 2021-12-20 22:39 ` Arnout Vandecappelle
1 sibling, 0 replies; 5+ messages in thread
From: Arnout Vandecappelle @ 2021-12-20 22:39 UTC (permalink / raw)
To: Fabrice Fontaine, buildroot; +Cc: Matt Weber
On 19/12/2021 16:32, Fabrice Fontaine wrote:
> Fix the following build failure without stack-protector raised since
> bump to version 3.3.1 in commit 3965f09cb427af411055a783cd14b501b2b28285
> and
> https://github.com/smuellerDD/jitterentropy-library/commit/5b3cb7f35e41ba2f34a75d004cf095c965a1a0c4:
>
> /home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
> jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
>
> Fixes:
> - http://autobuild.buildroot.org/results/8de/8dee462d16d934dd173d58f17933c6911e4336bf/build-end.log
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Applied to master, after adding the explanation about the toolchain wrapper to
the commit message, thanks.
Regards,
Arnout
> ---
> ...-Makefile-add-ENABLE_STACK_PROTECTOR.patch | 52 +++++++++++++++++++
> .../jitterentropy-library.mk | 2 +-
> 2 files changed, 53 insertions(+), 1 deletion(-)
> create mode 100644 package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
>
> diff --git a/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch b/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
> new file mode 100644
> index 0000000000..c4388663b0
> --- /dev/null
> +++ b/package/jitterentropy-library/0001-Makefile-add-ENABLE_STACK_PROTECTOR.patch
> @@ -0,0 +1,52 @@
> +From 272ee47892563e849f6b1bf59b0173f8aa33b631 Mon Sep 17 00:00:00 2001
> +From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +Date: Sun, 19 Dec 2021 11:36:13 +0100
> +Subject: [PATCH] Makefile: add ENABLE_STACK_PROTECTOR
> +
> +Add ENABLE_STACK_PROTECTOR as build on embedded toolchains without
> +stack-protector is again broken since
> +https://github.com/smuellerDD/jitterentropy-library/commit/5b3cb7f35e41ba2f34a75d004cf095c965a1a0c4:
> +
> +/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/jitterentropy-base.o: in function `jent_fips_enabled':
> +jitterentropy-base.c:(.text+0x131): undefined reference to `__stack_chk_fail_local'
> +
> +Fixes:
> + - http://autobuild.buildroot.org/results/8dee462d16d934dd173d58f17933c6911e4336bf
> +
> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +Signed-off-by: Stephan Mueller <smueller@chronox.de>
> +[Retrieved from:
> +https://github.com/smuellerDD/jitterentropy-library/commit/272ee47892563e849f6b1bf59b0173f8aa33b631]
> +---
> + Makefile | 11 +++++++----
> + 1 file changed, 7 insertions(+), 4 deletions(-)
> +
> +diff --git a/Makefile b/Makefile
> +index dfb96a8..c999ef5 100644
> +--- a/Makefile
> ++++ b/Makefile
> +@@ -2,6 +2,7 @@
> +
> + CC ?= gcc
> + #Hardening
> ++ENABLE_STACK_PROTECTOR ?= 1
> + CFLAGS ?= -fwrapv --param ssp-buffer-size=4 -fvisibility=hidden -fPIE -Wcast-align -Wmissing-field-initializers -Wshadow -Wswitch-enum
> + CFLAGS +=-Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
> + LDFLAGS +=-Wl,-z,relro,-z,now -lpthread
> +@@ -13,10 +14,12 @@ else
> + GCC_GTEQ_490 := $(shell expr `$(CC) -dumpfullversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/'` \>= 40900)
> + endif
> +
> +-ifeq "$(GCC_GTEQ_490)" "1"
> +- CFLAGS += -fstack-protector-strong
> +-else
> +- CFLAGS += -fstack-protector-all
> ++ifeq "$(ENABLE_STACK_PROTECTOR)" "1"
> ++ ifeq "$(GCC_GTEQ_490)" "1"
> ++ CFLAGS += -fstack-protector-strong
> ++ else
> ++ CFLAGS += -fstack-protector-all
> ++ endif
> + endif
> +
> + # Change as necessary
> diff --git a/package/jitterentropy-library/jitterentropy-library.mk b/package/jitterentropy-library/jitterentropy-library.mk
> index 830da0e065..4cdebf46a3 100644
> --- a/package/jitterentropy-library/jitterentropy-library.mk
> +++ b/package/jitterentropy-library/jitterentropy-library.mk
> @@ -26,7 +26,7 @@ endif
>
> define JITTERENTROPY_LIBRARY_BUILD_CMDS
> $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
> - $(JITTERENTROPY_LIBRARY_BUILD_TARGETS)
> + ENABLE_STACK_PROTECTOR=0 $(JITTERENTROPY_LIBRARY_BUILD_TARGETS)
> endef
>
> define JITTERENTROPY_LIBRARY_INSTALL_STAGING_CMDS
>
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-12-20 22:39 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-12-19 15:32 [Buildroot] [PATCH 1/1] package/jitterentropy-library: fix build without stack-protector Fabrice Fontaine
2021-12-19 15:36 ` Baruch Siach via buildroot
2021-12-19 15:59 ` Fabrice Fontaine
2021-12-19 16:13 ` Baruch Siach via buildroot
2021-12-20 22:39 ` Arnout Vandecappelle
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox