* [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS
@ 2024-02-02 16:13 Christian Franke
2024-02-04 15:43 ` Jon Turney
2024-04-28 10:21 ` ASSI
0 siblings, 2 replies; 7+ messages in thread
From: Christian Franke @ 2024-02-02 16:13 UTC (permalink / raw)
To: cygwin-apps
[-- Attachment #1: Type: text/plain, Size: 249 bytes --]
_FORTIFY_SOURCE=3 is supported by Cygwin 3.5.0 headers and Cygwin gcc
13.2.1 test release.
Silently falls back to level 2 if level 3 is unsupported (older headers
or gcc) or to level 0 if unsupported at all (C++, clang).
--
Regards,
Christian
[-- Attachment #2: 0001-Increase-_FORTIFY_SOURCE-level-from-2-to-3-in-CFLAGS.patch --]
[-- Type: text/plain, Size: 1398 bytes --]
From 1a32375682d0e5ff6b80a47de70d3d9cfe0f0780 Mon Sep 17 00:00:00 2001
From: Christian Franke <christian.franke@t-online.de>
Date: Fri, 2 Feb 2024 17:00:18 +0100
Subject: [PATCH] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS
This enables buffer overflow checks if the buffer size is non-const
but known during runtime and GCC 12.0 or later is used.
---
lib/compilers.cygpart | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/compilers.cygpart b/lib/compilers.cygpart
index 35e6fe28..52df5304 100644
--- a/lib/compilers.cygpart
+++ b/lib/compilers.cygpart
@@ -34,9 +34,9 @@ declare -x CC="gcc";
# Flags passed to CC when compiling C code. Individual packages may append
# or override this value if they will not build correctly without it.
# DEFAULT VALUE
-# -ggdb -O2 -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector-strong --param=ssp-buffer-size=4
+# -ggdb -O2 -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=3 -fstack-protector-strong --param=ssp-buffer-size=4
#****
-declare -x CFLAGS="-ggdb -O2 -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector-strong --param=ssp-buffer-size=4";
+declare -x CFLAGS="-ggdb -O2 -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=3 -fstack-protector-strong --param=ssp-buffer-size=4";
#****v* Compiling/CPPFLAGS
# DESCRIPTION
--
2.43.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS
2024-02-02 16:13 [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS Christian Franke
@ 2024-02-04 15:43 ` Jon Turney
2024-02-04 16:30 ` Christian Franke
2024-04-28 10:21 ` ASSI
1 sibling, 1 reply; 7+ messages in thread
From: Jon Turney @ 2024-02-04 15:43 UTC (permalink / raw)
To: Christian Franke; +Cc: cygwin-apps
On 02/02/2024 16:13, Christian Franke via Cygwin-apps wrote:
> _FORTIFY_SOURCE=3 is supported by Cygwin 3.5.0 headers and Cygwin gcc
> 13.2.1 test release.
>
> Silently falls back to level 2 if level 3 is unsupported (older headers
> or gcc) or to level 0 if unsupported at all (C++, clang).
Thanks. I applied this.
I'm thinking I want to try to do another cygport release fairly soonish,
so please feel free to remind me about any other patches by you (or
others) which I need to look at before then.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS
2024-02-04 15:43 ` Jon Turney
@ 2024-02-04 16:30 ` Christian Franke
2024-02-11 17:04 ` Jon Turney
0 siblings, 1 reply; 7+ messages in thread
From: Christian Franke @ 2024-02-04 16:30 UTC (permalink / raw)
Cc: cygwin-apps
Jon Turney wrote:
> On 02/02/2024 16:13, Christian Franke via Cygwin-apps wrote:
>> _FORTIFY_SOURCE=3 is supported by Cygwin 3.5.0 headers and Cygwin gcc
>> 13.2.1 test release.
>>
>> Silently falls back to level 2 if level 3 is unsupported (older
>> headers or gcc) or to level 0 if unsupported at all (C++, clang).
>
> Thanks. I applied this.
>
> I'm thinking I want to try to do another cygport release fairly
> soonish, so please feel free to remind me about any other patches by
> you (or others) which I need to look at before then.
>
Possibly some initial SOURCE_DATE_EPOCH support:
https://sourceware.org/pipermail/cygwin-apps/2023-August/043108.html
Related:
https://cygwin.com/git/?p=newlib-cygwin.git;a=commit;h=f5e37b9
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS
2024-02-04 16:30 ` Christian Franke
@ 2024-02-11 17:04 ` Jon Turney
0 siblings, 0 replies; 7+ messages in thread
From: Jon Turney @ 2024-02-11 17:04 UTC (permalink / raw)
Cc: cygwin-apps
On 04/02/2024 16:30, Christian Franke via Cygwin-apps wrote:
> Jon Turney wrote:
>> On 02/02/2024 16:13, Christian Franke via Cygwin-apps wrote:
>>> _FORTIFY_SOURCE=3 is supported by Cygwin 3.5.0 headers and Cygwin gcc
>>> 13.2.1 test release.
>>>
>>> Silently falls back to level 2 if level 3 is unsupported (older
>>> headers or gcc) or to level 0 if unsupported at all (C++, clang).
>>
>> Thanks. I applied this.
>>
>> I'm thinking I want to try to do another cygport release fairly
>> soonish, so please feel free to remind me about any other patches by
>> you (or others) which I need to look at before then.
>>
>
> Possibly some initial SOURCE_DATE_EPOCH support:
> https://sourceware.org/pipermail/cygwin-apps/2023-August/043108.html
I've applied this (and I think I might have caught up on most of the
pending patches...)
It would be nice to have some sort of test, since there's no coverage
with SOURCE_DATE_EPOCH defined at the moment.
Even if we just verify that an existing test continues to build without
problems with it defined, that would be a good start, let alone
verifying that it actually sets timestamps as expected...
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS
2024-02-02 16:13 [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS Christian Franke
2024-02-04 15:43 ` Jon Turney
@ 2024-04-28 10:21 ` ASSI
2024-04-28 12:21 ` Christian Franke
1 sibling, 1 reply; 7+ messages in thread
From: ASSI @ 2024-04-28 10:21 UTC (permalink / raw)
To: cygwin-apps
Christian Franke via Cygwin-apps writes:
> _FORTIFY_SOURCE=3 is supported by Cygwin 3.5.0 headers and Cygwin gcc
> 13.2.1 test release.
>
> Silently falls back to level 2 if level 3 is unsupported (older
> headers or gcc) or to level 0 if unsupported at all (C++, clang).
Well, if only that was the case…
--8<---------------cut here---------------start------------->8---
from /usr/include/w32api/windows.h:9,
from /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/test_utils/test_common.h:88,
from /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/tar/test/test.h:38,
from /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/tar/test/test_extract_tar_lrz.c:25:
/usr/include/w32api/_mingw_mac.h:319:8: warning: #warning Using _FORTIFY_SOURCE=2 (level 3 requires __builtin_dynamic_object_size support) [-Wcpp]
319 | # warning Using _FORTIFY_SOURCE=2 (level 3 requires __builtin_dynamic_object_size support)
--8<---------------cut here---------------end--------------->8---
Can't we conditiohnalize this to depend on the actual compiler support?
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Wavetables for the Terratec KOMPLEXER:
http://Synth.Stromeko.net/Downloads.html#KomplexerWaves
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS
2024-04-28 10:21 ` ASSI
@ 2024-04-28 12:21 ` Christian Franke
2024-04-30 22:19 ` Jon Turney
0 siblings, 1 reply; 7+ messages in thread
From: Christian Franke @ 2024-04-28 12:21 UTC (permalink / raw)
To: cygwin-apps
ASSI via Cygwin-apps wrote:
> Christian Franke via Cygwin-apps writes:
>> _FORTIFY_SOURCE=3 is supported by Cygwin 3.5.0 headers and Cygwin gcc
>> 13.2.1 test release.
>>
>> Silently falls back to level 2 if level 3 is unsupported (older
>> headers or gcc) or to level 0 if unsupported at all (C++, clang).
> Well, if only that was the case…
>
> --8<---------------cut here---------------start------------->8---
> from /usr/include/w32api/windows.h:9,
> from /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/test_utils/test_common.h:88,
> from /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/tar/test/test.h:38,
> from /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/tar/test/test_extract_tar_lrz.c:25:
> /usr/include/w32api/_mingw_mac.h:319:8: warning: #warning Using _FORTIFY_SOURCE=2 (level 3 requires __builtin_dynamic_object_size support) [-Wcpp]
> 319 | # warning Using _FORTIFY_SOURCE=2 (level 3 requires __builtin_dynamic_object_size support)
> --8<---------------cut here---------------end--------------->8---
>
> Can't we conditiohnalize this to depend on the actual compiler support?
This is a bogus warning. Sorry, my bad.
In my contribution of _FORTIFY_SOURCE support to MinGW-w64 from 2019, I
didn't realize that these warnings also appear if only Win32 API
includes (windows.h, ...) are used. The related internal macros have
only an effect if MinGW-w64 runtime includes (stdio.h, string.h, ...)
are used.
Meantime this has been fixed upstream:
https://sourceforge.net/p/mingw-w64/mingw-w64/ci/f8e088e
--
Regards,
Christian
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS
2024-04-28 12:21 ` Christian Franke
@ 2024-04-30 22:19 ` Jon Turney
0 siblings, 0 replies; 7+ messages in thread
From: Jon Turney @ 2024-04-30 22:19 UTC (permalink / raw)
To: Christian Franke; +Cc: cygwin-apps
On 28/04/2024 13:21, Christian Franke via Cygwin-apps wrote:
> ASSI via Cygwin-apps wrote:
>> Christian Franke via Cygwin-apps writes:
>>> _FORTIFY_SOURCE=3 is supported by Cygwin 3.5.0 headers and Cygwin gcc
>>> 13.2.1 test release.
>>>
>>> Silently falls back to level 2 if level 3 is unsupported (older
>>> headers or gcc) or to level 0 if unsupported at all (C++, clang).
>> Well, if only that was the case…
>>
>> --8<---------------cut here---------------start------------->8---
>> from /usr/include/w32api/windows.h:9,
>> from
>> /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/test_utils/test_common.h:88,
>> from
>> /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/tar/test/test.h:38,
>> from
>> /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/tar/test/test_extract_tar_lrz.c:25:
>> /usr/include/w32api/_mingw_mac.h:319:8: warning: #warning Using
>> _FORTIFY_SOURCE=2 (level 3 requires __builtin_dynamic_object_size
>> support) [-Wcpp]
>> 319 | # warning Using _FORTIFY_SOURCE=2 (level 3 requires
>> __builtin_dynamic_object_size support)
>> --8<---------------cut here---------------end--------------->8---
>>
>> Can't we conditiohnalize this to depend on the actual compiler support?
>
> This is a bogus warning. Sorry, my bad.
>
> In my contribution of _FORTIFY_SOURCE support to MinGW-w64 from 2019, I
> didn't realize that these warnings also appear if only Win32 API
> includes (windows.h, ...) are used. The related internal macros have
> only an effect if MinGW-w64 runtime includes (stdio.h, string.h, ...)
> are used.
>
> Meantime this has been fixed upstream:
> https://sourceforge.net/p/mingw-w64/mingw-w64/ci/f8e088e
I guess that means we need an updated w32api-header package, with this
patch added, if it's not yet in a release...
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-04-30 22:19 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-02 16:13 [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS Christian Franke
2024-02-04 15:43 ` Jon Turney
2024-02-04 16:30 ` Christian Franke
2024-02-11 17:04 ` Jon Turney
2024-04-28 10:21 ` ASSI
2024-04-28 12:21 ` Christian Franke
2024-04-30 22:19 ` Jon Turney
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).