[Oisf-users] Odd build error on hardened-gentoo
Cooper F. Nelson
cnelson at ucsd.edu
Wed Oct 16 00:01:23 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Victor,
I think I understand now what the problem is. On hardened gentoo,
FORTIFY_SOURCE is enabled by default. This apparently causes some
problems with software that explicitly tries to define it again.
What I needed to do was to remove "-D_FORTIFY_SOURCE" from the Makefiles
in the libhtp hierarchy first to prevent the warnings about it being
redefined. I then just changed the block ifdef to print out the default
gentoo setting of '2':
> #ifdef _FORTIFY_SOURCE
> printf("compiled with _FORTIFY_SOURCE=%d\n", 2);
> #endif
Builds fine now.
- -Coop
On 10/14/2013 4:12 AM, Victor Julien wrote:
>
> That line looks like this:
>
> printf("compiled with _FORTIFY_SOURCE=%d\n", _FORTIFY_SOURCE);
>
> as part of a block:
>
> #ifdef _FORTIFY_SOURCE
> printf("compiled with _FORTIFY_SOURCE=%d\n", _FORTIFY_SOURCE);
> #endif
>
> printf shouldn't be the problem, as it was called before this line as
> well, so I think something happened to the definition of _FORTIFY_SOURCE.
>
> It's expected to contain a simple int value, but maybe in this case
> it's defined very differently.
>
> We can try to figure this out by invoking the C preprocessor directly:
>
> $ cpp src/suricata.c -I/opt/htp-0.5.x/include/ -I. -I/usr/include/nss/
> -I/usr/include/nspr/|grep _FORTIFY_SOURCE
> In file included from src/suricata.c:24:0:
> src/suricata-common.h:44:2: warning: #warning "L1 cache line size not
> detected during build. Assuming 64 bytes." [-Wcpp]
> printf("compiled with _FORTIFY_SOURCE=%d\n", 2);
>
> So in my case _FORTIFY_SOURCE is defined as 2.
>
> Can you try this as well and post the results? You may have to adapt
> the -I options to include your own "include" paths. cpp will error out
> if you get them wrong.
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSXddTAAoJEKIFRYQsa8FWqHAH/Atspn9JMdumqO15cA9i2ZbV
OjmiZ8bWH+01nIm+50xktn7GlpHtRFAGZWAaPAHq+/69QBqM7j/waObS8HBUj4Un
arV0hjnWs0rltBheTowxfSJVQ0ggbtG+vuJsZyJF/5JMr8PHlLonJDliDpaasqWm
Mv+IfSEBYA8XDRX3VpPVaF0dXoIH1K/KPdrvlmejdIXhFjj3ohLTpr891W37T2kz
nF46+LJ0fTRSinID7Dgcfr9yPeN+91y1iadlsTTUJ40S5/rwYr1EW8KSJqr4ZlA0
CmKc24kwulo62r62+tIPg1aOyaV6x7X47rkndHtxwrkFqxPQlm9YKmrHCV5VOMM=
=IpLJ
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list