FS#70701 - [gcc] Trying to fix errors due to -Werror=format-security
Attached to Project:
Arch Linux
Opened by Joey Dumont (valandil) - Tuesday, 04 May 2021, 01:33 GMT
Last edited by freswa (frederik) - Thursday, 10 February 2022, 01:07 GMT
Opened by Joey Dumont (valandil) - Tuesday, 04 May 2021, 01:33 GMT
Last edited by freswa (frederik) - Thursday, 10 February 2022, 01:07 GMT
|
Details
Description: -Werror=format-security was recently added to
the default CFLAGS that makepkg uses when building software,
here:
https://gitlab.archlinux.org/archlinux/rfcs/-/blob/master/rfcs/0003-buildflags.rst#specification. This causes errors when trying to build gcc.
In this bug report, I've attached an attempt at a patch (there is patch within a patch to show the changes in the PKGBUILD, hopefully that's legible) that fixes some straightfoward -Werror=format-security errors. However, even with the patch, gcc fails to build later in the build with that error: ``` make[5]: Entering directory '/build/gcc/src/gcc-build/x86_64-pc-linux-gnu/32/libgcc' # If this is the top-level multilib, build all the other # multilibs. ln -s /build/gcc/src/gcc/libgcc/enable-execute-stack-empty.c enable-execute-stack.c ln -s /build/gcc/src/gcc/libgcc/unwind-generic.h unwind.h ln -s /build/gcc/src/gcc/libgcc/config/i386/linux-unwind.h md-unwind-support.h ln -s /build/gcc/src/gcc/libgcc/config/i386/sfp-machine.h sfp-machine.h ln -s /build/gcc/src/gcc/libgcc/gthr-posix.h gthr-default.h DEFINES='' HEADERS='/build/gcc/src/gcc/libgcc/config/i386/elf-lib.h /build/gcc/src/gcc/libgcc/config/i386/value-unwind.h' \ /build/gcc/src/gcc/libgcc/mkheader.sh > tmp-libgcc_tm.h /bin/sh /build/gcc/src/gcc/libgcc/../move-if-change tmp-libgcc_tm.h libgcc_tm.h echo timestamp > libgcc_tm.stamp /build/gcc/src/gcc-build/./gcc/xgcc -B/build/gcc/src/gcc-build/./gcc/ -B/usr/x86_64-pc-linux-gnu/bin/ -B/usr/x86_64-pc-linux-gnu/lib/ -isystem /usr/x86_64-pc-linux-gnu/include -isystem /usr/x86_64-pc-linux-gnu/sys-include -fno-checking -g -march=x86-64 -mtune=generic -O2 -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2,-D_GLIBCXX_ASSERTIONS -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -m32 -O2 -g -march=x86-64 -mtune=generic -O2 -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2,-D_GLIBCXX_ASSERTIONS -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -DIN_GCC -W -Wall -Wno-narrowing -Wwrite-strings -Wcast-qual -Wno-error=format-diag -Wno-format -Wstrict-prototypes -Wmissing-prototypes -Wno-error=format-diag -Wold-style-definition -isystem ./include -fpic -mlong-double-80 -DUSE_ELF_SYMVER -fcf-protection -mshstk -g -DIN_LIBGCC2 -fbuilding-libgcc -fno-stack-protector -fpic -mlong-double-80 -DUSE_ELF_SYMVER -fcf-protection -mshstk -I. -I. -I../../.././gcc -I/build/gcc/src/gcc/libgcc -I/build/gcc/src/gcc/libgcc/. -I/build/gcc/src/gcc/libgcc/../gcc -I/build/gcc/src/gcc/libgcc/../include -I/build/gcc/src/gcc/libgcc/config/libbid -DENABLE_DECIMAL_BID_FORMAT -DHAVE_CC_TLS -DUSE_TLS -o _muldi3.o -MT _muldi3.o -MD -MP -MF _muldi3.dep -DL_muldi3 -c /build/gcc/src/gcc/libgcc/libgcc2.c -fvisibility=hidden -DHIDE_EXPORTS cc1: error: ‘-Wformat-security’ ignored without ‘-Wformat’ [-Werror=format-security] ``` The resolution in mips64-elf-gcc (which is not yet published to AUR, but we have a PR in progress here: https://github.com/joeydumont/arch_linux_packages/pull/1) was to add --enable-build-format-warnings to the configure flags, but somehow it doesn't seem to get passed here. Do you know what controls these flags? Additional questions: * do you have additional guidance on how to fix errors related to -Werror=format-security? * in the process of updating this package to gcc/11.1.0, are you planning on opening a bug report with format-security patches upstream? If not, I can submit one with the patch that applies to the latest version of gcc. Additional info: * gcc/10.2.0 * attempted in a clean chroot Steps to reproduce: * try to build gcc with the latest makepkg.conf. |
build.log
This task depends upon
Closed by freswa (frederik)
Thursday, 10 February 2022, 01:07 GMT
Reason for closing: Fixed
Additional comments about closing: Build fixed with gcc-11.2.0-2 in [testing]
Thursday, 10 February 2022, 01:07 GMT
Reason for closing: Fixed
Additional comments about closing: Build fixed with gcc-11.2.0-2 in [testing]
So this build rule here disabled -Wformat explicitly, later on in the command line.
https://src.fedoraproject.org/rpms/gcc/blob/rawhide/f/gcc11-Wno-format-security.patch
cc1: error: ‘-Wformat-security’ ignored without ‘-Wformat’ [-Werror=format-security]
--I did add the --enable-build-format-warnings to the configure call, but it just failed later in the build process than without it. I'll test the Fedora patch.
> Martin Liška 2021-04-22 12:30:14 UTC
>
> You're using a non-default -Wformat-security which is something GCC cannot be built with.
Is this flag just trying to do something that isn't intended to be done while compiling GCC, so the patch already linked by Allan is the correct approach here?
In the upstream bug report, I added a second patch, which implements Allan's suggestion for the libgcc errors. The workaround is probably needed for libgcc, as some flags seem to be statically set during the bootstrap of libgcc, and I think Martin's comment applies there.
For the patch attached here, when properly fixed, would actually resolve Wformat-security warnings libcpp.
Given all that, this bug report probably aught to be closed, and progress tracked in the gcc bug report, as it doesn't really affect packaging.
Thanks for your patience!
To build, edit the PKGBUILD to adjust the strip to 1 and add the --disable-build-format-warnings option to the configure call (I'm not sure why it's not the default in gcc/c).
CFLAGS=${CFLAGS/-Werror=format-security/}
CXXFLAGS=${CXXFLAGS/-Werror=format-security/}