Bug 237273 - Mk/bsd.ssp.mk: switch to -fstack-protector-strong and enable on more architectures
Summary: Mk/bsd.ssp.mk: switch to -fstack-protector-strong and enable on more architec...
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Ports Framework (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Jan Beich
URL:
Keywords: needs-qa, patch
Depends on: 233707 237783
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-14 08:25 UTC by Jan Beich
Modified: 2019-05-08 17:41 UTC (History)
5 users (show)

See Also:
antoine: exp-run+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Beich freebsd_committer 2019-04-14 08:25:37 UTC
In base r288669 src/ got -fstack-proctector-strong but because ports/ overrode SSP_CFLAGS the value didn't propagate. Let's do the same, drop i386 cruft and enable on arm* + powerpc*.

See review D19907 for the patch.
Comment 1 Jan Beich freebsd_committer 2019-04-14 08:36:00 UTC
Can you check all ports on 11.2 i386/amd64 and 12.0 i386/amd64? I did test test a few (key) ports on aarch64/armv6/armv7 myself.
Comment 2 Antoine Brodin freebsd_committer 2019-04-19 16:49:52 UTC
Exp-run results on 11.2 amd64:

http://package22.nyi.freebsd.org/build.html?mastername=112amd64-default-PR237273&build=2019-04-17_21h25m29s

New failures on 11.2 amd64:

+ {"origin"=>"audio/linux-skype_oss_wrapper", "phase"=>"build", "errortype"=>"new_compiler_error"}
+ {"origin"=>"devel/linux_libusb", "phase"=>"build", "errortype"=>"new_compiler_error"}
+ {"origin"=>"devel/mingw32-libyaml", "phase"=>"configure", "errortype"=>"configure_error"}
+ {"origin"=>"devel/psptoolchain-gcc-stage1", "phase"=>"build", "errortype"=>"configure_error"}
+ {"origin"=>"lang/gnu-cobol", "phase"=>"build", "errortype"=>"clang-bug"}
+ {"origin"=>"math/mingw32-libgmp", "phase"=>"configure", "errortype"=>"configure_error"}
Comment 3 Antoine Brodin freebsd_committer 2019-04-19 16:53:28 UTC
Exp-run results on 11.2 i386:

http://package23.nyi.freebsd.org/build.html?mastername=112i386-default-PR237273&build=2019-04-17_21h25m26s

New failures on 11.2 i386:

+ {"origin"=>"audio/linux-skype_oss_wrapper", "phase"=>"build", "errortype"=>"new_compiler_error"}
+ {"origin"=>"devel/linux_libusb", "phase"=>"build", "errortype"=>"new_compiler_error"}
+ {"origin"=>"devel/mingw32-libyaml", "phase"=>"configure", "errortype"=>"configure_error"}
+ {"origin"=>"devel/psptoolchain-gcc-stage1", "phase"=>"build", "errortype"=>"configure_error"}
+ {"origin"=>"lang/gnu-cobol", "phase"=>"build", "errortype"=>"clang-bug"}
+ {"origin"=>"math/mingw32-libgmp", "phase"=>"configure", "errortype"=>"configure_error"}
Comment 4 Antoine Brodin freebsd_committer 2019-04-19 16:56:47 UTC
Exp-run results on 12.0 i386:

http://pb2.nyi.freebsd.org/build.html?mastername=120i386-default-PR237273&build=2019-04-17_21h25m24s

New failures:

+ {"origin"=>"audio/linux-skype_oss_wrapper", "phase"=>"build", "errortype"=>"new_compiler_error"}
+ {"origin"=>"devel/linux_libusb", "phase"=>"build", "errortype"=>"new_compiler_error"}
+ {"origin"=>"devel/mingw32-libyaml", "phase"=>"configure", "errortype"=>"configure_error"}
+ {"origin"=>"devel/psptoolchain-gcc-stage1", "phase"=>"build", "errortype"=>"configure_error"}
+ {"origin"=>"lang/gnu-cobol", "phase"=>"build", "errortype"=>"clang-bug"}
+ {"origin"=>"math/gretl", "phase"=>"build", "errortype"=>"coredump"}
+ {"origin"=>"math/mingw32-libgmp", "phase"=>"configure", "errortype"=>"configure_error"}
Comment 5 Antoine Brodin freebsd_committer 2019-04-19 17:01:07 UTC
Exp-run results on 12.0 amd64:

http://package18.nyi.freebsd.org/build.html?mastername=120amd64-default-PR237273&build=2019-04-17_21h25m21s

New failures:

+ {"origin"=>"audio/linux-skype_oss_wrapper", "phase"=>"build", "errortype"=>"new_compiler_error"}
+ {"origin"=>"devel/linux_libusb", "phase"=>"build", "errortype"=>"new_compiler_error"}
+ {"origin"=>"devel/mingw32-libyaml", "phase"=>"configure", "errortype"=>"configure_error"}
+ {"origin"=>"devel/psptoolchain-gcc-stage1", "phase"=>"build", "errortype"=>"configure_error"}
+ {"origin"=>"lang/gnu-cobol", "phase"=>"build", "errortype"=>"clang-bug"}
+ {"origin"=>"math/mingw32-libgmp", "phase"=>"configure", "errortype"=>"configure_error"}
+ {"origin"=>"www/cliqz", "phase"=>"build", "errortype"=>"checksum"}
Comment 6 Jan Beich freebsd_committer 2019-04-21 15:06:31 UTC
Patch updated. Can you try again?

If OK, please, explicitly grant approval unless feedback from another portmgr@ peer is required.
Comment 8 Antoine Brodin freebsd_committer 2019-04-24 08:19:06 UTC
(In reply to Antoine Brodin from comment #7)
Using this in math/gretl fixes the failure:
SSP_CFLAGS?= -fstack-protector # XXX -strong crashes mklang
Comment 9 Jan Beich freebsd_committer 2019-04-24 18:10:49 UTC
(In reply to Antoine Brodin from comment #7)
> http://pb2.nyi.freebsd.org/data/120i386-default-PR237273/2019-04-22_21h58m39s/logs/errors/gretl-2019.a_2.log

I can reproduce on 12.0 i386 but not on 12.0 amd64 or 11.2 amd64/i386.

> SSP_CFLAGS?= -fstack-protector # XXX -strong crashes mklang

"# XXX ... on 12.0+ i386". Before limiting the workaround to certain FreeBSD the issue needs to be investigated to better understand the scope of the regression.
Comment 10 commit-hook freebsd_committer 2019-04-24 19:15:40 UTC
A commit references this bug:

Author: jbeich
Date: Wed Apr 24 19:15:08 UTC 2019
New revision: 499897
URL: https://svnweb.freebsd.org/changeset/ports/499897

Log:
  Switch to -fstack-protector-strong and enable on more architectures

  PR:		237273
  Exp-run by:	antoine
  Approved by:	portmgr (antoine)
  Differential Revision:	https://reviews.freebsd.org/D19907

Changes:
  head/Mk/bsd.gecko.mk
  head/Mk/bsd.ssp.mk
  head/audio/linux-skype_oss_wrapper/Makefile
  head/devel/linux_libusb/Makefile
  head/devel/mingw32-libyaml/Makefile
  head/devel/psptoolchain-gcc-stage1/Makefile
  head/devel/psptoolchain-newlib/Makefile
  head/devel/psptoolchain-pspsdk-stage2/Makefile
  head/lang/gnu-cobol/Makefile
  head/lang/mlton/Makefile
  head/math/gretl/Makefile
  head/math/mingw32-libgmp/Makefile
Comment 11 mikael.urankar 2019-05-04 16:14:33 UTC
Some part of this commit breaks qemu-user-static:
https://github.com/seanbruno/qemu-bsd-user/issues/74

Is it possible to put an exception for glib20 (back to previous flag)? Before you ask, I don't plan to fix qemu-user.
Comment 12 commit-hook freebsd_committer 2019-05-04 18:09:48 UTC
A commit references this bug:

Author: jbeich
Date: Sat May  4 18:09:23 UTC 2019
New revision: 500819
URL: https://svnweb.freebsd.org/changeset/ports/500819

Log:
  devel/glib20: unbreak qemu-user-static after r499897

  PR:		237273
  Reported by:	Mika?l Urankar

Changes:
  head/devel/glib20/Makefile
  head/emulators/qemu-sbruno/Makefile
Comment 13 Jan Beich freebsd_committer 2019-05-08 02:50:54 UTC
Piotr, can you help fixing bustage on powerpc64? I can't use ref12-ppc64.freebsd.org to check fixes as poudriere requires root.
https://pkg-status.freebsd.org/builds/default:default:head-powerpc64:p500451_s346935:pylon#new_failed

Example workarounds:

  .if ${MACHINE} == powerpc
  SSP_CFLAGS?=	-fstack-protector # XXX -strong crashes during build
  .endif

or

  .if ${MACHINE} == powerpc
  SSP_UNSAFE=    yes # XXX crashes during build
  .endif

${MACHINE} (same as uname -m) and ${MACHINE_ARCH} (same as ${ARCH} or uname -p) are pre-defined by make(1), so no need to .include <bsd.port.{options,pre}.mk>. The above assumes issues that affect powerpc64 probably also affect powerpc (32-bit) and powerpcspe.

$ make targets -C/usr/src | fgrep powerpc
    powerpc/powerpc
    powerpc/powerpc64
    powerpc/powerpcspe
Comment 14 Piotr Kubaj freebsd_committer 2019-05-08 17:41:30 UTC
(In reply to Jan Beich from comment #13)
Can you clarify what doesn't build now on powerpc64 but had built before introducing -fstack-protector-strong? I'm doing bulk builds of the whole ports tree (current one: https://talos.anongoth.pl/build.html?mastername=powerpc64-default&build=2019-05-05_01h04m26s ) and haven't seen any new breakages.

Note that this server has ports tree with my patches, which I send to bugzilla, so much more ports build than on pylon.