subject:"SSP"

Re: ffmpeg6 and SSP?

2023-11-15 Thread Patrick Welche

On Wed, Nov 15, 2023 at 01:48:19PM +0200, Vitaly Shevtsov wrote:
> Even arcticfox cannot be built due to the same reason.

Christos fixed it - cvs update and rebuild, and check you have

# nm -g /lib/libc.so | grep ssp
00055136 T __ssp_protected_getcwd
0005512c T __ssp_protected_read
00055131 T __ssp_protected_readlink
0007cc3a T _getfsspec
0007cc3a W getfsspec
0019822f T isspace
00198245 T isspace_l
0004afb7 T wcsspn


Cheers,

Patrick

Re: ffmpeg6 and SSP?

2023-11-15 Thread Patrick Welche

On Tue, Nov 14, 2023 at 11:30:27AM +, Patrick Welche wrote:
> On Tue, Nov 14, 2023 at 10:32:01AM +, Patrick Welche wrote:
> > On Mon, Nov 13, 2023 at 11:22:55AM +, Patrick Welche wrote:
> > > I'm pretty sure ffmpeg6 compiled recently, but on today's NetBSD-current
> > > with HAVE_GCC=12 and pkgsrc-current I'm seeing
> > > 
> > > => Bootstrap dependency digest>=20211023: found digest-20220214
> > > ===> Checking for vulnerabilities in ffmpeg6-6.0nb6
> > > ===> Building for ffmpeg6-6.0nb6
> > > LD  ffmpeg6_g
> > > LD  ffprobe6_g
> > > ld: /usr/lib/crt0.o and /usr/lib/crt0.o: warning: multiple common of 
> > > `environ'
> > > ld: /usr/lib/crt0.o and /usr/lib/crt0.o: warning: multiple common of 
> > > `environ'
> > > ld: libavdevice/libavdevice.so: undefined reference to 
> > > `__ssp_protected_read'
> > > ld: libavdevice/libavdevice.so: undefined reference to 
> > > `__ssp_protected_read'
> > > gmake: *** [Makefile:131: ffprobe6_g] Error 1
> > > gmake: *** Waiting for unfinished jobs
> > > gmake: *** [Makefile:131: ffmpeg6_g] Error 1
> > > *** Error code 2
> > > 
> > > 
> > > Suggestions? Try no FORTIFY?
> > 
> > I tried "no FORTIFY" on ffmpeg6 as
> > 
> >   CONFIGURE_ENV+="CPPFLAGS=\"-D_FORTIFY_SOURCE=0\""
> > 
> > which didn't help.
> > 
> > I tried a NetBSD-current box with gcc 10.5.0 (i.e., without HAVE_GCC=12)
> > which didn't help.
> > 
> > I also see the problem with the simpler lang/gawk package:
> > 
> > ld: awkgram.o: in function `get_src_buf':
> > awkgram.c:(.text+0x2d8c): undefined reference to `__ssp_protected_read'
> > ld: io.o: in function `iop_alloc':
> > io.c:(.text+0xf03): undefined reference to `__ssp_protected_read'
> > ld: io.o: in function `get_a_record':
> > io.c:(.text+0x22d6): undefined reference to `__ssp_protected_read'
> > ld: io.o: in function `after_beginfile':
> > io.c:(.text+0x27c7): undefined reference to `__ssp_protected_read'
> > ld: io.o: in function `redirect_string':
> > io.c:(.text+0x55e7): undefined reference to `__ssp_protected_read'
> > ld: io.o:io.c:(.text+0x5606): more undefined references to 
> > `__ssp_protected_read' follow
> > 
> > If I simply edit /usr/include/ssp/ssp.h to remove the __gnu_inline__ from
> > the definition of__ssp_inline and make it static again, then gawk builds,
> > 
> > i.e., reverting
> > 
> > -/* $NetBSD: ssp.h,v 1.14 2023/03/29 13:37:10 christos Exp $*/
> > +/* $NetBSD: ssp.h,v 1.15 2023/11/10 23:03:37 christos Exp $*/
> > 
> > allows gawk to build.
> 
> Userland was built with MKUPDATE=yes - maybe I didn't rebuild whichever
> library should contain the extern definition of __ssp_protected_read ?
> 
> git grep ssp_protected_read
> 
> on https://github.com/NetBSD/src.git returned nothing - where should
> the __ssp_protected_read symbol live?


Thank you to Christos for putting the symbol in libc today with
the addition of ssp_redirect.c!

Before:
$ nm -g libc.so.12.221 | grep ssp
0007bb8a T _getfsspec
0007bb8a W getfsspec
0019717f T isspace
00197195 T isspace_l
00049f67 T wcsspn

After:
$ nm -g libc.so.12.221 | grep ssp
00055136 T __ssp_protected_getcwd
0005512c T __ssp_protected_read
00055131 T __ssp_protected_readlink
0007cc3a T _getfsspec
0007cc3a W getfsspec
0019822f T isspace
00198245 T isspace_l
0004afb7 T wcsspn


Cheers,

Patrick

Re: ffmpeg6 and SSP?

2023-11-15 Thread Vitaly Shevtsov

Even arcticfox cannot be built due to the same reason.

-- 
Vitaly

SSP

2023-11-15 Thread Patrick Welche

Talking of SSP, what can you do once a detection happens?

I see in /var/log/messages:

Nov 15 06:59:32 mail -: mail.example.com exim - - - stack overflow detected; 
terminated

I have:

kern.coredump.setid.dump = 1
kern.coredump.setid.path = /var/crash/%n.core
proc.curproc.rlimit.coredumpsize.soft = unlimited
proc.curproc.rlimit.coredumpsize.hard = unlimited

but /var/crash is empty.

How do you make use of SSP?


Cheers,

Patrick

Re: ffmpeg6 and SSP?

2023-11-14 Thread Tobias Nygren

On Tue, 14 Nov 2023 11:30:27 +
Patrick Welche  wrote:

> Userland was built with MKUPDATE=yes - maybe I didn't rebuild whichever
> library should contain the extern definition of __ssp_protected_read ?

Same problem with a clean userland build. I'll also note it doesn't
work to override _FORTIFY_SOURCE with CFLAGS in pkgsrc, because SSP is
enforced through wrappers. Minimal reproducer:

#define _FORTIFY_SOURCE 2
#include 
ssize_t (*myread)(int d, void *buf, size_t nbytes);
int main(void) {
char c;
myread = 
return myread(STDIN_FILENO, , sizeof(c));
}

Re: ffmpeg6 and SSP?

2023-11-14 Thread Patrick Welche

On Tue, Nov 14, 2023 at 10:32:01AM +, Patrick Welche wrote:
> On Mon, Nov 13, 2023 at 11:22:55AM +, Patrick Welche wrote:
> > I'm pretty sure ffmpeg6 compiled recently, but on today's NetBSD-current
> > with HAVE_GCC=12 and pkgsrc-current I'm seeing
> > 
> > => Bootstrap dependency digest>=20211023: found digest-20220214
> > ===> Checking for vulnerabilities in ffmpeg6-6.0nb6
> > ===> Building for ffmpeg6-6.0nb6
> > LD  ffmpeg6_g
> > LD  ffprobe6_g
> > ld: /usr/lib/crt0.o and /usr/lib/crt0.o: warning: multiple common of 
> > `environ'
> > ld: /usr/lib/crt0.o and /usr/lib/crt0.o: warning: multiple common of 
> > `environ'
> > ld: libavdevice/libavdevice.so: undefined reference to 
> > `__ssp_protected_read'
> > ld: libavdevice/libavdevice.so: undefined reference to 
> > `__ssp_protected_read'
> > gmake: *** [Makefile:131: ffprobe6_g] Error 1
> > gmake: *** Waiting for unfinished jobs
> > gmake: *** [Makefile:131: ffmpeg6_g] Error 1
> > *** Error code 2
> > 
> > 
> > Suggestions? Try no FORTIFY?
> 
> I tried "no FORTIFY" on ffmpeg6 as
> 
>   CONFIGURE_ENV+="CPPFLAGS=\"-D_FORTIFY_SOURCE=0\""
> 
> which didn't help.
> 
> I tried a NetBSD-current box with gcc 10.5.0 (i.e., without HAVE_GCC=12)
> which didn't help.
> 
> I also see the problem with the simpler lang/gawk package:
> 
> ld: awkgram.o: in function `get_src_buf':
> awkgram.c:(.text+0x2d8c): undefined reference to `__ssp_protected_read'
> ld: io.o: in function `iop_alloc':
> io.c:(.text+0xf03): undefined reference to `__ssp_protected_read'
> ld: io.o: in function `get_a_record':
> io.c:(.text+0x22d6): undefined reference to `__ssp_protected_read'
> ld: io.o: in function `after_beginfile':
> io.c:(.text+0x27c7): undefined reference to `__ssp_protected_read'
> ld: io.o: in function `redirect_string':
> io.c:(.text+0x55e7): undefined reference to `__ssp_protected_read'
> ld: io.o:io.c:(.text+0x5606): more undefined references to 
> `__ssp_protected_read' follow
> 
> If I simply edit /usr/include/ssp/ssp.h to remove the __gnu_inline__ from
> the definition of__ssp_inline and make it static again, then gawk builds,
> 
> i.e., reverting
> 
> -/* $NetBSD: ssp.h,v 1.14 2023/03/29 13:37:10 christos Exp $*/
> +/* $NetBSD: ssp.h,v 1.15 2023/11/10 23:03:37 christos Exp $*/
> 
> allows gawk to build.

Userland was built with MKUPDATE=yes - maybe I didn't rebuild whichever
library should contain the extern definition of __ssp_protected_read ?

git grep ssp_protected_read

on https://github.com/NetBSD/src.git returned nothing - where should
the __ssp_protected_read symbol live?


Cheers,

Patrick

Re: ffmpeg6 and SSP?

2023-11-14 Thread Patrick Welche

On Mon, Nov 13, 2023 at 11:22:55AM +, Patrick Welche wrote:
> I'm pretty sure ffmpeg6 compiled recently, but on today's NetBSD-current
> with HAVE_GCC=12 and pkgsrc-current I'm seeing
> 
> => Bootstrap dependency digest>=20211023: found digest-20220214
> ===> Checking for vulnerabilities in ffmpeg6-6.0nb6
> ===> Building for ffmpeg6-6.0nb6
> LD  ffmpeg6_g
> LD  ffprobe6_g
> ld: /usr/lib/crt0.o and /usr/lib/crt0.o: warning: multiple common of `environ'
> ld: /usr/lib/crt0.o and /usr/lib/crt0.o: warning: multiple common of `environ'
> ld: libavdevice/libavdevice.so: undefined reference to `__ssp_protected_read'
> ld: libavdevice/libavdevice.so: undefined reference to `__ssp_protected_read'
> gmake: *** [Makefile:131: ffprobe6_g] Error 1
> gmake: *** Waiting for unfinished jobs
> gmake: *** [Makefile:131: ffmpeg6_g] Error 1
> *** Error code 2
> 
> 
> Suggestions? Try no FORTIFY?

I tried "no FORTIFY" on ffmpeg6 as

  CONFIGURE_ENV+="CPPFLAGS=\"-D_FORTIFY_SOURCE=0\""

which didn't help.

I tried a NetBSD-current box with gcc 10.5.0 (i.e., without HAVE_GCC=12)
which didn't help.

I also see the problem with the simpler lang/gawk package:

ld: awkgram.o: in function `get_src_buf':
awkgram.c:(.text+0x2d8c): undefined reference to `__ssp_protected_read'
ld: io.o: in function `iop_alloc':
io.c:(.text+0xf03): undefined reference to `__ssp_protected_read'
ld: io.o: in function `get_a_record':
io.c:(.text+0x22d6): undefined reference to `__ssp_protected_read'
ld: io.o: in function `after_beginfile':
io.c:(.text+0x27c7): undefined reference to `__ssp_protected_read'
ld: io.o: in function `redirect_string':
io.c:(.text+0x55e7): undefined reference to `__ssp_protected_read'
ld: io.o:io.c:(.text+0x5606): more undefined references to 
`__ssp_protected_read' follow

If I simply edit /usr/include/ssp/ssp.h to remove the __gnu_inline__ from
the definition of__ssp_inline and make it static again, then gawk builds,

i.e., reverting

-/* $NetBSD: ssp.h,v 1.14 2023/03/29 13:37:10 christos Exp $*/
+/* $NetBSD: ssp.h,v 1.15 2023/11/10 23:03:37 christos Exp $*/

allows gawk to build.


Cheers,

Patrick

Re: ffmpeg6 and SSP?

2023-11-14 Thread pin

On Tuesday, November 14th, 2023 at 8:48 AM, Vitaly Shevtsov  
wrote:

> Hello!
> 
> What if you put -D_FORTIFY_SOURCE=0 into Makefile, will it help?

Won't know until I try :)
Will have to wait a bit, though ... currently building firefox.

If someone else can try before tomorrow, it would be great.
Else, I can test it.

Re: ffmpeg6 and SSP?

2023-11-13 Thread Vitaly Shevtsov

Hello!

What if you put -D_FORTIFY_SOURCE=0 into Makefile, will it help?

On Tue, Nov 14, 2023 at 9:05 AM pin  wrote:
>
> Hi all,
>
> I've reported off-list to wiz@ that building ffmpeg6 on current from Saturday 
> Nov. 11 2023 failed for me.
>
> The error is/was the same as reported here, 
> https://mail-index.netbsd.org/pkgsrc-users/2023/11/13/msg038461.html
>
> I can now confirm that downgrading userland to Nov. 8 2023 allows the build 
> to complete successfully.
> It's highly likely the issue is related to the changes introduced to ssp on 
> Nov. 10 2023
>
> Regards,
>


-- 
Vitaly

Re: ffmpeg6 and SSP?

2023-11-13 Thread pin

Hi all,

I've reported off-list to wiz@ that building ffmpeg6 on current from Saturday 
Nov. 11 2023 failed for me.

The error is/was the same as reported here, 
https://mail-index.netbsd.org/pkgsrc-users/2023/11/13/msg038461.html

I can now confirm that downgrading userland to Nov. 8 2023 allows the build to 
complete successfully.
It's highly likely the issue is related to the changes introduced to ssp on 
Nov. 10 2023

Regards,

ssp(3) problem?

2015-12-03 Thread Thomas Klausner

Hi!

A user tried following the ssp man page and got unexpected results.
I'd like to know if the man page is wrong or implementation.

Here's his translated message:

Take any program using stdio.h, say

#include 
#include 

as the only lines, and use gcc as described in ssp(3):

gcc -I/usr/include/ssp -D_FORTIFY_SOURCE=2 file.c

On NetBSD 6 this gives

In file included from file.c:2:0:
/usr/include/ssp/stdio.h:49:40: error: expected declaration specifiers or ‘...’ 
before ‘FILE’

On NetBSD current this gives

In file included from file.c:2:0:
/usr/include/ssp/stdio.h:49:40: error: unknown type name ‘FILE’
 char *__fgets_chk(char *, int, size_t, FILE *);

 Thomas

Re: ssp(3) problem?

2015-12-03 Thread Christos Zoulas

In article <20151126114027.gw12...@danbala.tuwien.ac.at>,
Thomas Klausner  <w...@netbsd.org> wrote:
>Hi!
>
>A user tried following the ssp man page and got unexpected results.
>I'd like to know if the man page is wrong or implementation.
>
>Here's his translated message:
>
>Take any program using stdio.h, say
>
>#include 
>#include 
>
>as the only lines, and use gcc as described in ssp(3):
>
>gcc -I/usr/include/ssp -D_FORTIFY_SOURCE=2 file.c

The man page is wrong. Never do -I/usr/include/ssp. Definining
-D_FORTIFY_SOURCE=<0|1|2> is the only thing you need to do.

christos

lib/libc/ssp/h_stpncpy.c breaks multiple builds

2014-04-06 Thread Paul Goyette

With up-to-date sources, I'm seeing the following error on multiple 
ports (including evbcf, evbppc, mac68k, sun2, vax)


cc1: warnings being treated as errors
/build/netbsd-local/src/tests/lib/libc/ssp/h_stpncpy.c: In function 'main':
/build/netbsd-local/src/tests/lib/libc/ssp/h_stpncpy.c:44: warning: 
pointer/integer type mismatch in conditional expression

-
| Paul Goyette | PGP Key fingerprint: | E-mail addresses:   |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com|
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
| Kernel Developer |  | pgoyette at netbsd.org  |
-

Re: ffmpeg6 and SSP?

Re: ffmpeg6 and SSP?

Re: ffmpeg6 and SSP?

SSP

Re: ffmpeg6 and SSP?

Re: ffmpeg6 and SSP?

Re: ffmpeg6 and SSP?

Re: ffmpeg6 and SSP?

Re: ffmpeg6 and SSP?

Re: ffmpeg6 and SSP?

ssp(3) problem?

Re: ssp(3) problem?

lib/libc/ssp/h_stpncpy.c breaks multiple builds

13 matches

Site Navigation

Mail list logo

Footer information