[Buildroot] [PATCH v1] package/ntpsec: fix Stack Smashing Protection detection
Peter Seiderer
ps.report at gmx.net
Sat Feb 11 17:55:47 UTC 2023
Hello Yann, *,
On Sat, 11 Feb 2023 17:49:26 +0100, "Yann E. MORIN" <yann.morin.1998 at free.fr> wrote:
> Peter, All,
>
> On 2023-02-11 17:32 +0100, Peter Seiderer spake thusly:
> > Fix SSP missdetection (compiler supports '-fstack-protector-all' command
> > line argument but selected libc/toolchain does not support SSP,
> > e.g. i686-musl.
> >
> > Fixes:
> >
> > - http://autobuild.buildroot.net/results/ded9ad5badbcfa6552443d3ce0866722becfefbd
> >
> > [...]
> > Checking if C compiler supports -fstack-protector-all : yes
> > [...]
> > Checking for type struct timex : no
> > The configuration failed
> > (complete log in .../build/ntpsec-1_2_2/build/config.log)
> >
> > And from build/ntpsec-1_2_2/build/config.log:
> >
> > err: .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: test.c.1.o: in function `main':
> > test.c:(.text.startup+0x2a): undefined reference to `__stack_chk_fail_local'
> > .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: .../build/ntpsec-1_2_2/build/.conf_check_01f3f794d5b6ffb7add7ce130581ae04/testbuild/main/testprog: hidden symbol `__stack_chk_fail_local' isn't defined
> > .../host/lib/gcc/i686-buildroot-linux-musl/12.2.0/../../../../i686-buildroot-linux-musl/bin/ld: final link failed: bad value
> > collect2: error: ld returned 1 exit status
> >
> > Signed-off-by: Peter Seiderer <ps.report at gmx.net>
> > ---
> > package/ntpsec/ntpsec.mk | 9 +++++++++
> > 1 file changed, 9 insertions(+)
> >
> > diff --git a/package/ntpsec/ntpsec.mk b/package/ntpsec/ntpsec.mk
> > index c7fa2f85a8..18a8353900 100644
> > --- a/package/ntpsec/ntpsec.mk
> > +++ b/package/ntpsec/ntpsec.mk
> > @@ -30,6 +30,15 @@ NTPSEC_DEPENDENCIES = \
> > libcap \
> > openssl
> >
> > +# prevent '-fstack-protector-all' compiler flag detection without
> > +# ssp support (e.g. i686-musl)
> > +ifeq ($(BR2_TOOLCHAIN_HAS_SSP),)
> > +define NTPSEC_FORCE_DISABLE_SSP
> > + $(SED) s/fstack-protector-all/fstack-protector-all-disabled/g $(@D)/wscript
> > +endef
> > +endif
> > +NTPSEC_PRE_CONFIGURE_HOOKS += NTPSEC_FORCE_DISABLE_SSP
>
> Assigning to hooks should be done in the conditional if-block, not
> outside.
>
> But in Buildroot, the SSP flags are automatically handled by the
> wrapper, so we should just unconditionally remove said flags as set by
> the package, like was done in 50cbac5099b1 (package/sysvinit: add patch
> to fix compile without stack-protector support) for example (and no,
> that commit was not chosen totally at random ;-) ).
Nice reference ;-), do you prefer the above sed hack unconditionally
(not sure if the wscript will add additional -lssp/-lssp_nonshared if
available) or a patch removing the whole -fstack-protector-all/-lssp/-lssp_nonshared
handling?
Regards,
Peter
>
> Regards,
> Yann E. MORIN.
>
> > # CC="$(HOSTCC)" is strange but needed to build some host tools, the
> > # cross-compiler will properly be used to build target code thanks to
> > # --cross-compiler
> > --
> > 2.39.1
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot at buildroot.org
> > https://lists.buildroot.org/mailman/listinfo/buildroot
>
More information about the buildroot
mailing list