diff options
| author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2024-09-10 09:22:17 -0300 |
|---|---|---|
| committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2024-10-01 08:44:40 -0300 |
| commit | 127cefd84dc551a43d0ac58b4619503d04869042 (patch) | |
| tree | cf6d1e255d280933a84dece69b4020843ce49f8d | |
| parent | 9dfea3de7f690bff70e3c6eb346b9ad082bb2e35 (diff) | |
| download | glibc-127cefd84dc551a43d0ac58b4619503d04869042.zip glibc-127cefd84dc551a43d0ac58b4619503d04869042.tar.gz glibc-127cefd84dc551a43d0ac58b4619503d04869042.tar.bz2 | |
Do not use -Wp to disable fortify (BZ 31928)
The -Wp does not work properly if the compiler is configured to enable
fortify by default, since it bypasses the compiler driver (which defines
the fortify flags in this case).
This patch is similar to the one used on Ubuntu [1].
I checked with a build for x86_64-linux-gnu, i686-linux-gnu,
aarch64-linux-gnu, s390x-linux-gnu, and riscv64-linux-gnu with
gcc-13 that enables the fortify by default.
Co-authored-by: Matthias Klose <matthias.klose@canonical.com>
[1] https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/glibc/tree/debian/patches/ubuntu/fix-fortify-source.patch
Reviewed-by: DJ Delorie <dj@redhat.com>
| -rwxr-xr-x | configure | 4 | ||||
| -rw-r--r-- | configure.ac | 4 | ||||
| -rw-r--r-- | debug/Makefile | 19 | ||||
| -rw-r--r-- | io/Makefile | 2 | ||||
| -rw-r--r-- | stdio-common/Makefile | 2 | ||||
| -rw-r--r-- | wcsmbs/Makefile | 2 |
6 files changed, 17 insertions, 16 deletions
@@ -7718,7 +7718,7 @@ printf "%s\n" "#define HAVE_LIBCAP 1" >>confdefs.h fi -no_fortify_source="-Wp,-U_FORTIFY_SOURCE" +no_fortify_source="-U_FORTIFY_SOURCE" fortify_source="${no_fortify_source}" { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for maximum supported _FORTIFY_SOURCE level" >&5 @@ -7773,7 +7773,7 @@ esac if test "$libc_cv_fortify_source" = yes then : - fortify_source="${fortify_source},-D_FORTIFY_SOURCE=${enable_fortify_source}" + fortify_source="${fortify_source} -D_FORTIFY_SOURCE=${enable_fortify_source}" fi diff --git a/configure.ac b/configure.ac index 7c9b577..5af742c 100644 --- a/configure.ac +++ b/configure.ac @@ -1536,7 +1536,7 @@ dnl If not, then don't use it. dnl Note that _FORTIFY_SOURCE may have been set through FLAGS too. dnl _FORTIFY_SOURCE value will be selectively disabled for function that can't dnl support it -no_fortify_source="-Wp,-U_FORTIFY_SOURCE" +no_fortify_source="-U_FORTIFY_SOURCE" fortify_source="${no_fortify_source}" AC_CACHE_CHECK([for maximum supported _FORTIFY_SOURCE level], @@ -1555,7 +1555,7 @@ AS_CASE([$enable_fortify_source], [libc_cv_fortify_source=no]) AS_IF([test "$libc_cv_fortify_source" = yes], - [fortify_source="${fortify_source},-D_FORTIFY_SOURCE=${enable_fortify_source}"] + [fortify_source="${fortify_source} -D_FORTIFY_SOURCE=${enable_fortify_source}"] ) AC_SUBST(enable_fortify_source) diff --git a/debug/Makefile b/debug/Makefile index 3903cc9..89ee80b 100644 --- a/debug/Makefile +++ b/debug/Makefile @@ -171,16 +171,16 @@ CFLAGS-recvfrom_chk.c += -fexceptions -fasynchronous-unwind-tables # set up for us, so keep the CFLAGS/CPPFLAGS split logical as the order is: # <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS> CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables -CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1 +CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source) -D_FORTIFY_SOURCE=1 CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables -CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1 +CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source) -D_FORTIFY_SOURCE=1 CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables -CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1 -CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 -CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 -CFLAGS-tst-sprintf-fortify-rdonly.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 -CFLAGS-tst-fortify-syslog.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 -CFLAGS-tst-fortify-wide.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 +CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source) -D_FORTIFY_SOURCE=1 +CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2 +CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2 +CFLAGS-tst-sprintf-fortify-rdonly.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2 +CFLAGS-tst-fortify-syslog.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2 +CFLAGS-tst-fortify-wide.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2 # _FORTIFY_SOURCE tests. # Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and @@ -218,7 +218,8 @@ src-chk-nongnu = \#undef _GNU_SOURCE # cannot be disabled via pragmas, so require -Wno-error to be used. define gen-chk-test tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4) -CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \ +CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += $(no-fortify-source) -D_FORTIFY_SOURCE=$(3) \ + -Wno-format \ -Wno-deprecated-declarations \ -Wno-error $(eval $(call cflags-$(2),$(1),$(3),$(4))) diff --git a/io/Makefile b/io/Makefile index a401ec4..a8d575e 100644 --- a/io/Makefile +++ b/io/Makefile @@ -295,7 +295,7 @@ CFLAGS-read.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-i CFLAGS-write.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-ignored-attributes) CFLAGS-close.c += -fexceptions -fasynchronous-unwind-tables CFLAGS-lseek64.c += $(config-cflags-wno-ignored-attributes) -CFLAGS-tst-read-zero.c += $(no-fortify-source),-D_FORTIFY_SOURCE=$(supported-fortify) +CFLAGS-tst-read-zero.c += $(no-fortify-source) -D_FORTIFY_SOURCE=$(supported-fortify) CFLAGS-test-stat.c += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE CFLAGS-test-lfs.c += -D_LARGEFILE64_SOURCE diff --git a/stdio-common/Makefile b/stdio-common/Makefile index a1db859..44165a9 100644 --- a/stdio-common/Makefile +++ b/stdio-common/Makefile @@ -598,7 +598,7 @@ CFLAGS-tst-gets.c += -Wno-deprecated-declarations # BZ #11319 was first fixed for regular vdprintf, then reopened because # the fortified version had the same bug. -CFLAGS-tst-bz11319-fortify2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 +CFLAGS-tst-bz11319-fortify2.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2 CFLAGS-tst-memstream-string.c += -fno-builtin-fprintf diff --git a/wcsmbs/Makefile b/wcsmbs/Makefile index 63adf0e..37a44e6 100644 --- a/wcsmbs/Makefile +++ b/wcsmbs/Makefile @@ -264,7 +264,7 @@ CFLAGS-wcstod_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes) CFLAGS-wcstold_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes) CFLAGS-wcstof128_l.c += $(strtox-CFLAGS) CFLAGS-wcstof_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes) -CPPFLAGS-tst-wchar-h.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 +CPPFLAGS-tst-wchar-h.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2 CFLAGS-wcschr.c += $(config-cflags-wno-ignored-attributes) CFLAGS-wmemchr.c += $(config-cflags-wno-ignored-attributes) |