diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2024-03-20 07:28:50 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-20 07:28:50 +0000 |
commit | 0da23da653c273874a3efa8b57db264ab2dadfea (patch) | |
tree | 4cbb94283e404f9b538628f5c6fceb2e07be0884 | |
parent | Rename etc/session-desktop.profile to etc/profile-m-z/session-desktop.profile (diff) | |
download | firejail-0da23da653c273874a3efa8b57db264ab2dadfea.tar.gz firejail-0da23da653c273874a3efa8b57db264ab2dadfea.tar.zst firejail-0da23da653c273874a3efa8b57db264ab2dadfea.zip |
build: fix "warning: "_FORTIFY_SOURCE" redefined" (#6283)
The warning is being produced on Arch since pacman 6.1, which changed
`-D_FORTIFY_SOURCE=2` to `-D_FORTIFY_SOURCE=3` in CFLAGS in
makepkg.conf:
$ pacman -Q gcc pacman
gcc 13.2.1-5
pacman 6.1.0-3
$ makepkg
[...]
make -C src/lib
gcc [...] -D_FORTIFY_SOURCE=2 [...] -Wp,-D_FORTIFY_SOURCE=3 [...] -c ../../src/lib/common.c -o ../../src/lib/common.o
<command-line>: warning: "_FORTIFY_SOURCE" redefined
<command-line>: note: this is the location of the previous definition
To fix this, only add `-D_FORTIFY_SOURCE` to EXTRA_CFLAGS if it does not
cause any warnings with CFLAGS and CPPFLAGS during compilation.
The effect remains the same: The build system still defines the macro by
default (if there are no warnings) and the user/distribution can still
override it through CFLAGS/CPPFLAGS.
Fixes #6282.
Reported-by: @glitsj16
-rw-r--r-- | config.mk.in | 2 | ||||
-rwxr-xr-x | configure | 43 | ||||
-rw-r--r-- | configure.ac | 4 |
3 files changed, 48 insertions, 1 deletions
diff --git a/config.mk.in b/config.mk.in index 253b86435..a7f66fbb5 100644 --- a/config.mk.in +++ b/config.mk.in | |||
@@ -91,7 +91,7 @@ COMMON_CFLAGS = \ | |||
91 | -ggdb -O2 -DVERSION='"$(VERSION)"' \ | 91 | -ggdb -O2 -DVERSION='"$(VERSION)"' \ |
92 | -Wall -Wextra $(HAVE_FATAL_WARNINGS) \ | 92 | -Wall -Wextra $(HAVE_FATAL_WARNINGS) \ |
93 | -Wformat -Wformat-security \ | 93 | -Wformat -Wformat-security \ |
94 | -fstack-protector-all -D_FORTIFY_SOURCE=2 \ | 94 | -fstack-protector-all \ |
95 | -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' \ | 95 | -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' \ |
96 | -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' \ | 96 | -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' \ |
97 | -DVARDIR='"/var/lib/firejail"' | 97 | -DVARDIR='"/var/lib/firejail"' |
@@ -3506,6 +3506,49 @@ else $as_nop | |||
3506 | fi | 3506 | fi |
3507 | 3507 | ||
3508 | 3508 | ||
3509 | as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags_$CFLAGS $CPPFLAGS -Werror_-D_FORTIFY_SOURCE=2" | $as_tr_sh` | ||
3510 | { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -D_FORTIFY_SOURCE=2" >&5 | ||
3511 | printf %s "checking whether C compiler accepts -D_FORTIFY_SOURCE=2... " >&6; } | ||
3512 | if eval test \${$as_CACHEVAR+y} | ||
3513 | then : | ||
3514 | printf %s "(cached) " >&6 | ||
3515 | else $as_nop | ||
3516 | |||
3517 | ax_check_save_flags=$CFLAGS | ||
3518 | CFLAGS="$CFLAGS $CFLAGS $CPPFLAGS -Werror -D_FORTIFY_SOURCE=2" | ||
3519 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3520 | /* end confdefs.h. */ | ||
3521 | |||
3522 | int | ||
3523 | main (void) | ||
3524 | { | ||
3525 | |||
3526 | ; | ||
3527 | return 0; | ||
3528 | } | ||
3529 | _ACEOF | ||
3530 | if ac_fn_c_try_compile "$LINENO" | ||
3531 | then : | ||
3532 | eval "$as_CACHEVAR=yes" | ||
3533 | else $as_nop | ||
3534 | eval "$as_CACHEVAR=no" | ||
3535 | fi | ||
3536 | rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
3537 | CFLAGS=$ax_check_save_flags | ||
3538 | fi | ||
3539 | eval ac_res=\$$as_CACHEVAR | ||
3540 | { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
3541 | printf "%s\n" "$ac_res" >&6; } | ||
3542 | if eval test \"x\$"$as_CACHEVAR"\" = x"yes" | ||
3543 | then : | ||
3544 | |||
3545 | EXTRA_CFLAGS="$EXTRA_CFLAGS -D_FORTIFY_SOURCE=2" | ||
3546 | |||
3547 | else $as_nop | ||
3548 | : | ||
3549 | fi | ||
3550 | |||
3551 | |||
3509 | HAVE_SPECTRE="no" | 3552 | HAVE_SPECTRE="no" |
3510 | { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mindirect-branch=thunk" >&5 | 3553 | { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mindirect-branch=thunk" >&5 |
3511 | printf %s "checking whether C compiler accepts -mindirect-branch=thunk... " >&6; } | 3554 | printf %s "checking whether C compiler accepts -mindirect-branch=thunk... " >&6; } |
diff --git a/configure.ac b/configure.ac index 2762c2ef0..73bd334f8 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -30,6 +30,10 @@ AX_CHECK_COMPILE_FLAG([-MMD -MP], [ | |||
30 | DEPS_CFLAGS="$DEPS_CFLAGS -MMD -MP" | 30 | DEPS_CFLAGS="$DEPS_CFLAGS -MMD -MP" |
31 | ]) | 31 | ]) |
32 | 32 | ||
33 | AX_CHECK_COMPILE_FLAG([-D_FORTIFY_SOURCE=2], [ | ||
34 | EXTRA_CFLAGS="$EXTRA_CFLAGS -D_FORTIFY_SOURCE=2" | ||
35 | ], [], [$CFLAGS $CPPFLAGS -Werror]) | ||
36 | |||
33 | HAVE_SPECTRE="no" | 37 | HAVE_SPECTRE="no" |
34 | AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk], [ | 38 | AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk], [ |
35 | HAVE_SPECTRE="yes" | 39 | HAVE_SPECTRE="yes" |