[Oisf-users] Odd build error on hardened-gentoo
Victor Julien
lists at inliniac.net
Wed Oct 16 08:05:36 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/16/2013 02:01 AM, Cooper F. Nelson wrote:
> Hi Victor,
>
> I think I understand now what the problem is. On hardened gentoo,
> FORTIFY_SOURCE is enabled by default. This apparently causes some
> problems with software that explicitly tries to define it again.
>
> What I needed to do was to remove "-D_FORTIFY_SOURCE" from the
> Makefiles in the libhtp hierarchy first to prevent the warnings
> about it being redefined. I then just changed the block ifdef to
> print out the default gentoo setting of '2':
>
>> #ifdef _FORTIFY_SOURCE printf("compiled with
>> _FORTIFY_SOURCE=%d\n", 2); #endif
>
> Builds fine now.
I think you may actually run into the same if you pass
- --enable-gccprotect to suricata's configure. We then define
_FORTIFY_SOURCE in the same way libhtp does.
In this post
http://lists.gnu.org/archive/html/bug-coreutils/2012-10/msg00123.html
I found this way of defining _FORTIFY_SOURCE:
_FORTIFY_SOURCE=((defined __OPTIMIZE__ && __OPTIMIZE__ > 0) ? 2 : 0)
Maybe that is what we tried to print first, as it said something about
"defined" in the error you posted:
suricata.c:682:50: error: 'defined' undeclared (first use in this
function)
I would have expected cpp to have expanded this to just 0 or 2, but
maybe it didn't because it was inside a printf.
Cheers,
Victor
>
> -Coop
>
> On 10/14/2013 4:12 AM, Victor Julien wrote:
>
>> That line looks like this:
>
>> printf("compiled with _FORTIFY_SOURCE=%d\n", _FORTIFY_SOURCE);
>
>> as part of a block:
>
>> #ifdef _FORTIFY_SOURCE printf("compiled with
>> _FORTIFY_SOURCE=%d\n", _FORTIFY_SOURCE); #endif
>
>> printf shouldn't be the problem, as it was called before this
>> line as well, so I think something happened to the definition of
>> _FORTIFY_SOURCE.
>
>> It's expected to contain a simple int value, but maybe in this
>> case it's defined very differently.
>
>> We can try to figure this out by invoking the C preprocessor
>> directly:
>
>> $ cpp src/suricata.c -I/opt/htp-0.5.x/include/ -I.
>> -I/usr/include/nss/ -I/usr/include/nspr/|grep _FORTIFY_SOURCE In
>> file included from src/suricata.c:24:0:
>> src/suricata-common.h:44:2: warning: #warning "L1 cache line size
>> not detected during build. Assuming 64 bytes." [-Wcpp]
>> printf("compiled with _FORTIFY_SOURCE=%d\n", 2);
>
>> So in my case _FORTIFY_SOURCE is defined as 2.
>
>> Can you try this as well and post the results? You may have to
>> adapt the -I options to include your own "include" paths. cpp
>> will error out if you get them wrong.
>
>> _______________________________________________ Suricata IDS
>> Users mailing list: oisf-users at openinfosecfoundation.org Site:
>> http://suricata-ids.org | Support:
>> http://suricata-ids.org/support/ List:
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>>
OISF: http://www.openinfosecfoundation.org/
>
>
>
- --
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJegQwACgkQiSMBBAuniMffQwCfZE22MN6srxvC0pA2bJ02mtqr
6UwAoIGHi/VQnTKPftAZAzq/jWDY6yyh
=d4/P
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list