From bce208de5a9dc20aea02bbeaeb9a8ad2103b71ed Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Tue, 19 Mar 2024 00:24:50 -0300 Subject: [PATCH] build: fix "warning: "_FORTIFY_SOURCE" redefined" The warning is being produced on Arch since pacman 6.1, which changed `-D_FORTIFY_SOURCE=2` to `-D_FORTIFY_SOURCE=3` in CFLAGS in makepkg.conf: $ pacman -Q gcc pacman gcc 13.2.1-5 pacman 6.1.0-3 $ makepkg [...] make -C src/lib gcc [...] -D_FORTIFY_SOURCE=2 [...] -Wp,-D_FORTIFY_SOURCE=3 [...] -c ../../src/lib/common.c -o ../../src/lib/common.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition To fix this, only add `-D_FORTIFY_SOURCE` to EXTRA_CFLAGS if it does not cause any warnings with CFLAGS and CPPFLAGS during compilation. The effect remains the same: The build system still defines the macro by default (if there are no warnings) and the user/distribution can still override it through CFLAGS/CPPFLAGS. Fixes #6282. Reported-by: @glitsj16 --- config.mk.in | 2 +- configure | 43 +++++++++++++++++++++++++++++++++++++++++++ configure.ac | 4 ++++ 3 files changed, 48 insertions(+), 1 deletion(-) diff --git a/config.mk.in b/config.mk.in index 253b86435a5..a7f66fbb525 100644 --- a/config.mk.in +++ b/config.mk.in @@ -91,7 +91,7 @@ COMMON_CFLAGS = \ -ggdb -O2 -DVERSION='"$(VERSION)"' \ -Wall -Wextra $(HAVE_FATAL_WARNINGS) \ -Wformat -Wformat-security \ - -fstack-protector-all -D_FORTIFY_SOURCE=2 \ + -fstack-protector-all \ -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' \ -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' \ -DVARDIR='"/var/lib/firejail"' diff --git a/configure b/configure index 61c025a200b..348c02cbbb4 100755 --- a/configure +++ b/configure @@ -3506,6 +3506,49 @@ else $as_nop fi +as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags_$CFLAGS $CPPFLAGS -Werror_-D_FORTIFY_SOURCE=2" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -D_FORTIFY_SOURCE=2" >&5 +printf %s "checking whether C compiler accepts -D_FORTIFY_SOURCE=2... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS $CFLAGS $CPPFLAGS -Werror -D_FORTIFY_SOURCE=2" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + eval "$as_CACHEVAR=yes" +else $as_nop + eval "$as_CACHEVAR=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags +fi +eval ac_res=\$$as_CACHEVAR + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_CACHEVAR"\" = x"yes" +then : + + EXTRA_CFLAGS="$EXTRA_CFLAGS -D_FORTIFY_SOURCE=2" + +else $as_nop + : +fi + + HAVE_SPECTRE="no" { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mindirect-branch=thunk" >&5 printf %s "checking whether C compiler accepts -mindirect-branch=thunk... " >&6; } diff --git a/configure.ac b/configure.ac index 2762c2ef0d9..73bd334f8f3 100644 --- a/configure.ac +++ b/configure.ac @@ -30,6 +30,10 @@ AX_CHECK_COMPILE_FLAG([-MMD -MP], [ DEPS_CFLAGS="$DEPS_CFLAGS -MMD -MP" ]) +AX_CHECK_COMPILE_FLAG([-D_FORTIFY_SOURCE=2], [ + EXTRA_CFLAGS="$EXTRA_CFLAGS -D_FORTIFY_SOURCE=2" +], [], [$CFLAGS $CPPFLAGS -Werror]) + HAVE_SPECTRE="no" AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk], [ HAVE_SPECTRE="yes"