[Oisf-users] Odd build error on hardened-gentoo

Cooper F. Nelson cnelson at ucsd.edu
Wed Oct 16 00:01:23 UTC 2013

Hash: SHA1

Hi Victor,

I think I understand now what the problem is.  On hardened gentoo,
FORTIFY_SOURCE is enabled by default.  This apparently causes some
problems with software that explicitly tries to define it again.

What I needed to do was to remove "-D_FORTIFY_SOURCE" from the Makefiles
in the libhtp hierarchy first to prevent the warnings about it being
redefined.  I then just changed the block ifdef to print out the default
gentoo setting of '2':

>     printf("compiled with _FORTIFY_SOURCE=%d\n", 2);
> #endif

Builds fine now.

- -Coop

On 10/14/2013 4:12 AM, Victor Julien wrote:
> That line looks like this:
>     printf("compiled with _FORTIFY_SOURCE=%d\n", _FORTIFY_SOURCE);
> as part of a block:
>     printf("compiled with _FORTIFY_SOURCE=%d\n", _FORTIFY_SOURCE);
> #endif
> printf shouldn't be the problem, as it was called before this line as
> well, so I think something happened to the definition of _FORTIFY_SOURCE.
> It's expected to contain a simple int value, but maybe in this case
> it's defined very differently.
> We can try to figure this out by invoking the C preprocessor directly:
> $ cpp src/suricata.c -I/opt/htp-0.5.x/include/ -I. -I/usr/include/nss/
> -I/usr/include/nspr/|grep _FORTIFY_SOURCE
> In file included from src/suricata.c:24:0:
> src/suricata-common.h:44:2: warning: #warning "L1 cache line size not
> detected during build. Assuming 64 bytes." [-Wcpp]
>     printf("compiled with _FORTIFY_SOURCE=%d\n", 2);
> So in my case _FORTIFY_SOURCE is defined as 2.
> Can you try this as well and post the results? You may have to adapt
> the -I options to include your own "include" paths. cpp will error out
> if you get them wrong.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/

- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


More information about the Oisf-users mailing list