[Oisf-users] Odd build error on hardened-gentoo

Victor Julien lists at inliniac.net
Wed Oct 16 08:05:36 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/16/2013 02:01 AM, Cooper F. Nelson wrote:
> Hi Victor,
> 
> I think I understand now what the problem is.  On hardened gentoo, 
> FORTIFY_SOURCE is enabled by default.  This apparently causes some 
> problems with software that explicitly tries to define it again.
> 
> What I needed to do was to remove "-D_FORTIFY_SOURCE" from the
> Makefiles in the libhtp hierarchy first to prevent the warnings
> about it being redefined.  I then just changed the block ifdef to
> print out the default gentoo setting of '2':
> 
>> #ifdef _FORTIFY_SOURCE printf("compiled with
>> _FORTIFY_SOURCE=%d\n", 2); #endif
> 
> Builds fine now.

I think you may actually run into the same if you pass
- --enable-gccprotect to suricata's configure. We then define
_FORTIFY_SOURCE in the same way libhtp does.

In this post
http://lists.gnu.org/archive/html/bug-coreutils/2012-10/msg00123.html
I found this way of defining _FORTIFY_SOURCE:

_FORTIFY_SOURCE=((defined __OPTIMIZE__ && __OPTIMIZE__ > 0) ? 2 : 0)

Maybe that is what we tried to print first, as it said something about
"defined" in the error you posted:

suricata.c:682:50: error: 'defined' undeclared (first use in this
function)

I would have expected cpp to have expanded this to just 0 or 2, but
maybe it didn't because it was inside a printf.

Cheers,
Victor

> 
> -Coop
> 
> On 10/14/2013 4:12 AM, Victor Julien wrote:
> 
>> That line looks like this:
> 
>> printf("compiled with _FORTIFY_SOURCE=%d\n", _FORTIFY_SOURCE);
> 
>> as part of a block:
> 
>> #ifdef _FORTIFY_SOURCE printf("compiled with
>> _FORTIFY_SOURCE=%d\n", _FORTIFY_SOURCE); #endif
> 
>> printf shouldn't be the problem, as it was called before this
>> line as well, so I think something happened to the definition of
>> _FORTIFY_SOURCE.
> 
>> It's expected to contain a simple int value, but maybe in this
>> case it's defined very differently.
> 
>> We can try to figure this out by invoking the C preprocessor
>> directly:
> 
>> $ cpp src/suricata.c -I/opt/htp-0.5.x/include/ -I.
>> -I/usr/include/nss/ -I/usr/include/nspr/|grep _FORTIFY_SOURCE In
>> file included from src/suricata.c:24:0: 
>> src/suricata-common.h:44:2: warning: #warning "L1 cache line size
>> not detected during build. Assuming 64 bytes." [-Wcpp] 
>> printf("compiled with _FORTIFY_SOURCE=%d\n", 2);
> 
>> So in my case _FORTIFY_SOURCE is defined as 2.
> 
>> Can you try this as well and post the results? You may have to
>> adapt the -I options to include your own "include" paths. cpp
>> will error out if you get them wrong.
> 
>> _______________________________________________ Suricata IDS
>> Users mailing list: oisf-users at openinfosecfoundation.org Site:
>> http://suricata-ids.org | Support:
>> http://suricata-ids.org/support/ List:
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>> 
OISF: http://www.openinfosecfoundation.org/
> 
> 
> 

- -- 
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJegQwACgkQiSMBBAuniMffQwCfZE22MN6srxvC0pA2bJ02mtqr
6UwAoIGHi/VQnTKPftAZAzq/jWDY6yyh
=d4/P
-----END PGP SIGNATURE-----


More information about the Oisf-users mailing list