Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

extern/decNumber/Makefile does not use CFLAGS #7986

Open
loqs opened this issue Jan 30, 2024 · 3 comments · May be fixed by #7988
Open

extern/decNumber/Makefile does not use CFLAGS #7986

loqs opened this issue Jan 30, 2024 · 3 comments · May be fixed by #7988

Comments

@loqs
Copy link

loqs commented Jan 30, 2024

Versions:
firebird 5.0.0.1306
gcc 13.2.1

This means the resulting static library will be built without for example distribution hardening. This results in all the firebird binaries that link to that static library not supporting hardening such as CET which requires all units to be built with it enabled.
@aafemt
Copy link
Contributor

aafemt commented Jan 30, 2024

What's the problem with it?

@loqs
Copy link
Author

loqs commented Jan 30, 2024 

$ readelf -n ./extern/decNumber/libdecFloat.a

File: ./extern/decNumber/libdecFloat.a(decContext.o)

Displaying notes found in: .note.gnu.property
  Owner                Data size 	Description
  GNU                  0x00000020	NT_GNU_PROPERTY_TYPE_0
      Properties: x86 ISA used: x86-64-baseline
	x86 feature used: x86

File: ./extern/decNumber/libdecFloat.a(decDouble.o)

Displaying notes found in: .note.gnu.property
  Owner                Data size 	Description
  GNU                  0x00000020	NT_GNU_PROPERTY_TYPE_0
      Properties: x86 ISA used: x86-64-baseline
	x86 feature used: x86, XMM

File: ./extern/decNumber/libdecFloat.a(decNumber.o)

Displaying notes found in: .note.gnu.property
  Owner                Data size 	Description
  GNU                  0x00000020	NT_GNU_PROPERTY_TYPE_0
      Properties: x86 ISA used: x86-64-baseline
	x86 feature used: x86, XMM

File: ./extern/decNumber/libdecFloat.a(decPacked.o)

Displaying notes found in: .note.gnu.property
  Owner                Data size 	Description
  GNU                  0x00000020	NT_GNU_PROPERTY_TYPE_0
      Properties: x86 ISA used: 
	x86 feature used: x86

File: ./extern/decNumber/libdecFloat.a(decQuad.o)

Displaying notes found in: .note.gnu.property
  Owner                Data size 	Description
  GNU                  0x00000020	NT_GNU_PROPERTY_TYPE_0
      Properties: x86 ISA used: x86-64-baseline
	x86 feature used: x86, XMM

File: ./extern/decNumber/libdecFloat.a(decSingle.o)

Displaying notes found in: .note.gnu.property
  Owner                Data size 	Description
  GNU                  0x00000020	NT_GNU_PROPERTY_TYPE_0
      Properties: x86 ISA used: x86-64-baseline
	x86 feature used: x86, XMM

File: ./extern/decNumber/libdecFloat.a(decimal128.o)

Displaying notes found in: .note.gnu.property
  Owner                Data size 	Description
  GNU                  0x00000020	NT_GNU_PROPERTY_TYPE_0
      Properties: x86 ISA used: x86-64-baseline
	x86 feature used: x86, XMM

File: ./extern/decNumber/libdecFloat.a(decimal32.o)

Displaying notes found in: .note.gnu.property
  Owner                Data size 	Description
  GNU                  0x00000020	NT_GNU_PROPERTY_TYPE_0
      Properties: x86 ISA used: x86-64-baseline
	x86 feature used: x86

File: ./extern/decNumber/libdecFloat.a(decimal64.o)

Displaying notes found in: .note.gnu.property
  Owner                Data size 	Description
  GNU                  0x00000020	NT_GNU_PROPERTY_TYPE_0
      Properties: x86 ISA used: x86-64-baseline
	x86 feature used: x86, XMM

The resulting libfbclient.so.5.0.0' lacks GNU_PROPERTY_X86_FEATURE_1_SHSTK as libdecFloat.a lacks it and the linker requires all compilation units / libraries to support it to use CET. This can be demonstrated by using LDFLAGS=' -Wl,-z,cet-report=error' to have the linker fail when it can not use CET. So using:

export CXXFLAGS=-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions         -Wp,-D_FORTIFY_SOURCE=2 -fstack-clash-protection -fcf-protection  -Wformat -Werror=format-security -Wp,-D_GLIBCXX_ASSERTIONS -g -ffile-prefix-map=/build/libfbclient/src=/usr/src/debug/libfbclient -flto=auto
export LDFLAGS=-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -flto=auto -Wl,-z,cet-report=error
export CFLAGS=-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions         -Wp,-D_FORTIFY_SOURCE=2 -fstack-clash-protection -fcf-protection  -Wformat -Werror=format-security -g -ffile-prefix-map=/build/libfbclient/src=/usr/src/debug/libfbclient -flto=auto
./configure --prefix=/usr --without-fbsbin --without-fbconf --without-fbdoc --without-fbsample --without-fbsample-db --without-fbintl --without-fbmisc --without-fbsecure-db --with-fbmsg=/usr/share/firebird --without-fblog --without-fbglock --without-fbplugins --without-fbtzdata --without-tomcrypt --enable-client-only
make

Fails in the final link with:

g++  -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions         -Wp,-D_FORTIFY_SOURCE=2 -fstack-clash-protection -fcf-protection  -Wformat -Werror=format-security -Wp,-D_GLIBCXX_ASSERTIONS -g -ffile-prefix-map=/build/libfbclient/src=/usr/src/debug/libfbclient -flto=auto -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -flto=auto -Wl,-z,cet-report=error -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -flto=auto -Wl,-z,cet-report=error -static-libstdc++ -Wl,--version-script,firebird.vers -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -flto=auto -Wl,-z,cet-report=error  -shared   -Wl,-soname,libfbclient.so.2 -Wl,-rpath,/lib  -o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/gen/Release/firebird/lib/libfbclient.so.5.0.0 /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/DistributedTransaction.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/MasterImplementation.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/PluginManager.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/alt.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/array.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/blob.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/gds.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/keywordsStub.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/perf.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/preparse.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/user_dsql.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/utl.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/why.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/config/os/posix/binreloc.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/yvalve/config/os/posix/config_root.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/remote/inet.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/remote/merge.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/remote/parser.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/remote/protocol.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/remote/remote.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/auth/SecureRemotePassword/srp.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/remote/client/BlrFromMessage.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/remote/client/interface.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/auth/SecureRemotePassword/client/SrpClient.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/auth/SecurityDatabase/LegacyClient.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/plugins/crypt/arc4/Arc4.o /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/common.a -L/build/libfbclient/src/Firebird-5.0.0.1306-0-source/gen/Release/firebird/lib -L/build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release  -latomic -lm   -ldecFloat  -ltommath 
/usr/bin/ld: /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/libdecFloat.a(decContext.o): error: missing IBT and SHSTK properties
/usr/bin/ld: /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/libdecFloat.a(decDouble.o): error: missing IBT and SHSTK properties
/usr/bin/ld: /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/libdecFloat.a(decNumber.o): error: missing IBT and SHSTK properties
/usr/bin/ld: /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/libdecFloat.a(decQuad.o): error: missing IBT and SHSTK properties
/usr/bin/ld: /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/libdecFloat.a(decimal128.o): error: missing IBT and SHSTK properties
/usr/bin/ld: /build/libfbclient/src/Firebird-5.0.0.1306-0-source/temp/Release/libdecFloat.a(decimal64.o): error: missing IBT and SHSTK properties

@AlexPeshkoff
Copy link
Member

AlexPeshkoff commented Jan 30, 2024 via email

@loqs loqs linked a pull request Jan 30, 2024 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use CFLAGS/CPPFLAGS in extern/decNumber/Makefile loqs/firebird
3 participants
@AlexPeshkoff @loqs @aafemt