[PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS

[PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS

[Christian Franke]

[-- Attachment #1: Type: text/plain, Size: 249 bytes --]

_FORTIFY_SOURCE=3 is supported by Cygwin 3.5.0 headers and Cygwin gcc 
13.2.1 test release.

Silently falls back to level 2 if level 3 is unsupported (older headers 
or gcc) or to level 0 if unsupported at all (C++, clang).

-- 
Regards,
Christian


[-- Attachment #2: 0001-Increase-_FORTIFY_SOURCE-level-from-2-to-3-in-CFLAGS.patch --]
[-- Type: text/plain, Size: 1398 bytes --]

From 1a32375682d0e5ff6b80a47de70d3d9cfe0f0780 Mon Sep 17 00:00:00 2001
From: Christian Franke <christian.franke@t-online.de>
Date: Fri, 2 Feb 2024 17:00:18 +0100
Subject: [PATCH] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS

This enables buffer overflow checks if the buffer size is non-const
but known during runtime and GCC 12.0 or later is used.
---
 lib/compilers.cygpart | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/compilers.cygpart b/lib/compilers.cygpart
index 35e6fe28..52df5304 100644
--- a/lib/compilers.cygpart
+++ b/lib/compilers.cygpart
@@ -34,9 +34,9 @@ declare -x CC="gcc";
 #  Flags passed to CC when compiling C code.  Individual packages may append
 #  or override this value if they will not build correctly without it.
 #  DEFAULT VALUE
-#  -ggdb -O2 -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector-strong --param=ssp-buffer-size=4
+#  -ggdb -O2 -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=3 -fstack-protector-strong --param=ssp-buffer-size=4
 #****
-declare -x CFLAGS="-ggdb -O2 -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector-strong --param=ssp-buffer-size=4";
+declare -x CFLAGS="-ggdb -O2 -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=3 -fstack-protector-strong --param=ssp-buffer-size=4";
 
 #****v* Compiling/CPPFLAGS
 #  DESCRIPTION
-- 
2.43.0

Re: [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS

[Jon Turney]

On 02/02/2024 16:13, Christian Franke via Cygwin-apps wrote:
> _FORTIFY_SOURCE=3 is supported by Cygwin 3.5.0 headers and Cygwin gcc 
> 13.2.1 test release.
> 
> Silently falls back to level 2 if level 3 is unsupported (older headers 
> or gcc) or to level 0 if unsupported at all (C++, clang).

Thanks. I applied this.

I'm thinking I want to try to do another cygport release fairly soonish, 
so please feel free to remind me about any other patches by you (or 
others) which I need to look at before then.

Re: [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS

[Christian Franke]

Jon Turney wrote:
> On 02/02/2024 16:13, Christian Franke via Cygwin-apps wrote:
>> _FORTIFY_SOURCE=3 is supported by Cygwin 3.5.0 headers and Cygwin gcc 
>> 13.2.1 test release.
>>
>> Silently falls back to level 2 if level 3 is unsupported (older 
>> headers or gcc) or to level 0 if unsupported at all (C++, clang).
>
> Thanks. I applied this.
>
> I'm thinking I want to try to do another cygport release fairly 
> soonish, so please feel free to remind me about any other patches by 
> you (or others) which I need to look at before then.
>

Possibly some initial SOURCE_DATE_EPOCH support:
https://sourceware.org/pipermail/cygwin-apps/2023-August/043108.html

Related:
https://cygwin.com/git/?p=newlib-cygwin.git;a=commit;h=f5e37b9

Re: [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS

[Jon Turney]

On 04/02/2024 16:30, Christian Franke via Cygwin-apps wrote:
> Jon Turney wrote:
>> On 02/02/2024 16:13, Christian Franke via Cygwin-apps wrote:
>>> _FORTIFY_SOURCE=3 is supported by Cygwin 3.5.0 headers and Cygwin gcc 
>>> 13.2.1 test release.
>>>
>>> Silently falls back to level 2 if level 3 is unsupported (older 
>>> headers or gcc) or to level 0 if unsupported at all (C++, clang).
>>
>> Thanks. I applied this.
>>
>> I'm thinking I want to try to do another cygport release fairly 
>> soonish, so please feel free to remind me about any other patches by 
>> you (or others) which I need to look at before then.
>>
> 
> Possibly some initial SOURCE_DATE_EPOCH support:
> https://sourceware.org/pipermail/cygwin-apps/2023-August/043108.html

I've applied this (and I think I might have caught up on most of the 
pending patches...)

It would be nice to have some sort of test, since there's no coverage 
with SOURCE_DATE_EPOCH defined at the moment.

Even if we just verify that an existing test continues to build without 
problems with it defined, that would be a good start, let alone 
verifying that it actually sets timestamps as expected...

Re: [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS

[ASSI]

Christian Franke via Cygwin-apps writes:
> _FORTIFY_SOURCE=3 is supported by Cygwin 3.5.0 headers and Cygwin gcc
> 13.2.1 test release.
>
> Silently falls back to level 2 if level 3 is unsupported (older
> headers or gcc) or to level 0 if unsupported at all (C++, clang).

Well, if only that was the case…

--8<---------------cut here---------------start------------->8---
                 from /usr/include/w32api/windows.h:9,
                 from /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/test_utils/test_common.h:88,
                 from /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/tar/test/test.h:38,
                 from /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/tar/test/test_extract_tar_lrz.c:25:
/usr/include/w32api/_mingw_mac.h:319:8: warning: #warning Using _FORTIFY_SOURCE=2 (level 3 requires __builtin_dynamic_object_size support) [-Wcpp]
  319 | #      warning Using _FORTIFY_SOURCE=2 (level 3 requires __builtin_dynamic_object_size support)
--8<---------------cut here---------------end--------------->8---

Can't we conditiohnalize this to depend on the actual compiler support?


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Wavetables for the Terratec KOMPLEXER:
http://Synth.Stromeko.net/Downloads.html#KomplexerWaves

Re: [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS

[Christian Franke]

ASSI via Cygwin-apps wrote:
> Christian Franke via Cygwin-apps writes:
>> _FORTIFY_SOURCE=3 is supported by Cygwin 3.5.0 headers and Cygwin gcc
>> 13.2.1 test release.
>>
>> Silently falls back to level 2 if level 3 is unsupported (older
>> headers or gcc) or to level 0 if unsupported at all (C++, clang).
> Well, if only that was the case…
>
> --8<---------------cut here---------------start------------->8---
>                   from /usr/include/w32api/windows.h:9,
>                   from /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/test_utils/test_common.h:88,
>                   from /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/tar/test/test.h:38,
>                   from /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/tar/test/test_extract_tar_lrz.c:25:
> /usr/include/w32api/_mingw_mac.h:319:8: warning: #warning Using _FORTIFY_SOURCE=2 (level 3 requires __builtin_dynamic_object_size support) [-Wcpp]
>    319 | #      warning Using _FORTIFY_SOURCE=2 (level 3 requires __builtin_dynamic_object_size support)
> --8<---------------cut here---------------end--------------->8---
>
> Can't we conditiohnalize this to depend on the actual compiler support?

This is a bogus warning. Sorry, my bad.

In my contribution of _FORTIFY_SOURCE support to MinGW-w64 from 2019, I 
didn't realize that these warnings also appear if only Win32 API 
includes (windows.h, ...) are used. The related internal macros have 
only an effect if MinGW-w64 runtime includes (stdio.h, string.h, ...) 
are used.

Meantime this has been fixed upstream:
https://sourceforge.net/p/mingw-w64/mingw-w64/ci/f8e088e

-- 
Regards,
Christian

Re: [PATCH cygport] Increase _FORTIFY_SOURCE level from 2 to 3 in CFLAGS

[Jon Turney]

On 28/04/2024 13:21, Christian Franke via Cygwin-apps wrote:
> ASSI via Cygwin-apps wrote:
>> Christian Franke via Cygwin-apps writes:
>>> _FORTIFY_SOURCE=3 is supported by Cygwin 3.5.0 headers and Cygwin gcc
>>> 13.2.1 test release.
>>>
>>> Silently falls back to level 2 if level 3 is unsupported (older
>>> headers or gcc) or to level 0 if unsupported at all (C++, clang).
>> Well, if only that was the case…
>>
>> --8<---------------cut here---------------start------------->8---
>>                   from /usr/include/w32api/windows.h:9,
>>                   from 
>> /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/test_utils/test_common.h:88,
>>                   from 
>> /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/tar/test/test.h:38,
>>                   from 
>> /mnt/share/cygpkgs/libarchive/libarchive.x86_64/src/libarchive-3.7.4/tar/test/test_extract_tar_lrz.c:25:
>> /usr/include/w32api/_mingw_mac.h:319:8: warning: #warning Using 
>> _FORTIFY_SOURCE=2 (level 3 requires __builtin_dynamic_object_size 
>> support) [-Wcpp]
>>    319 | #      warning Using _FORTIFY_SOURCE=2 (level 3 requires 
>> __builtin_dynamic_object_size support)
>> --8<---------------cut here---------------end--------------->8---
>>
>> Can't we conditiohnalize this to depend on the actual compiler support?
> 
> This is a bogus warning. Sorry, my bad.
> 
> In my contribution of _FORTIFY_SOURCE support to MinGW-w64 from 2019, I 
> didn't realize that these warnings also appear if only Win32 API 
> includes (windows.h, ...) are used. The related internal macros have 
> only an effect if MinGW-w64 runtime includes (stdio.h, string.h, ...) 
> are used.
> 
> Meantime this has been fixed upstream:
> https://sourceforge.net/p/mingw-w64/mingw-w64/ci/f8e088e

I guess that means we need an updated w32api-header package, with this 
patch added, if it's not yet in a release...