Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use AX_ADD_FORTIFY_SOURCE to avoid redefining _FORTIFY_SOURCE #103

Merged
merged 1 commit into from Oct 8, 2023
Merged

Use AX_ADD_FORTIFY_SOURCE to avoid redefining _FORTIFY_SOURCE #103

merged 1 commit into from Oct 8, 2023

Conversation

thesamesam
Copy link
Contributor

Some distributions are now setting -D_FORTIFY_SOURCE=3 by default in their toolchains rather than _F_S=2. By forcing _F_S=2, this causes both a warning and a downgrade in the effective protection.

Use the autoconf-archive macro for this purpose (AX_ADD_FORTIFY_SOURCE) to add the fortification at the highest supported level if the compiler doesn't already default to it.

@legionus
Copy link
Owner

legionus commented Oct 5, 2023

@thesamesam This seems generally correct and useful. But your change breaks distcheck:

./configure: line 17217: syntax error near unexpected token `-Werror,CFLAGS="$CFLAGS -Werror"'
checking for library containing timer_create... none required
./configure: line 17217: `    AX_CHECK_COMPILE_FLAG(-Werror,CFLAGS="$CFLAGS -Werror")'

@thesamesam
Copy link
Contributor Author

Thanks. I can't seem to reproduce it locally yet, although I think I can see how it might happen with the -Werror mangling.

I'm going to switch to AS_IF as well given bare if is now recommended against. Let's see if that does the job...

@legionus
Copy link
Owner

legionus commented Oct 6, 2023

I found the problem. The problem is not that -Werror is used, but that the AX_CHECK_COMPILE_FLAG macro is not expanded. We must also copy /usr/share/aclocal/ax_check_compile_flag.m4 to the m4 directory.

@thesamesam
Use AX_ADD_FORTIFY_SOURCE to avoid redefining _FORTIFY_SOURCE
a642197 
Some distributions are now setting -D_FORTIFY_SOURCE=3 by default in their
toolchains rather than _F_S=2. By forcing _F_S=2, this causes both a warning
and a downgrade in the effective protection.

Use the autoconf-archive macro for this purpose (AX_ADD_FORTIFY_SOURCE)
to add the fortification at the highest supported level if the compiler doesn't
already default to it.

Bug: https://bugs.gentoo.org/892834
Signed-off-by: Sam James <sam@gentoo.org>
@thesamesam
Copy link
Contributor Author

Thanks for the help - sorry it wasn't as straightforward as it was supposed to be.

@legionus legionus merged commit fdb6fad into legionus:master Oct 8, 2023
5 checks passed
@legionus
Copy link
Owner

legionus commented Oct 8, 2023

Thank you! Applied.

@thesamesam thesamesam deleted the fortify branch October 8, 2023 12:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@thesamesam @legionus