Do not use -Wp to disable fortify (BZ 31928)

The -Wp does not work properly if the compiler is configured to enable
fortify by default, since it bypasses the compiler driver (which defines
the fortify flags in this case).

This patch is similar to the one used on Ubuntu [1].

I checked with a build for x86_64-linux-gnu, i686-linux-gnu,
aarch64-linux-gnu, s390x-linux-gnu, and riscv64-linux-gnu with
gcc-13 that enables the fortify by default.

Co-authored-by: Matthias Klose <matthias.klose@canonical.com>
[1] https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/glibc/tree/debian/patches/ubuntu/fix-fortify-source.patch
Reviewed-by: DJ Delorie <dj@redhat.com>

diff --git a/configure b/configure
index ec0b62db3664c9ecb69e073866b59027d9f21a09..58bfb2917f9c122a427e110769cec56bb39a7490 100755 (executable)
--- a/configure
+++ b/configure
@@ -7718,7 +7718,7 @@ printf "%s\n" "#define HAVE_LIBCAP 1" >>confdefs.h
 fi
 
 
-no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
+no_fortify_source="-U_FORTIFY_SOURCE"
 fortify_source="${no_fortify_source}"
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for maximum supported _FORTIFY_SOURCE level" >&5
@@ -7773,7 +7773,7 @@ esac
 
 if test "$libc_cv_fortify_source" = yes
 then :
-  fortify_source="${fortify_source},-D_FORTIFY_SOURCE=${enable_fortify_source}"
+  fortify_source="${fortify_source} -D_FORTIFY_SOURCE=${enable_fortify_source}"
 
 fi
 

diff --git a/configure.ac b/configure.ac
index 7c9b57789e8f3262946f018606aa368d43ef8551..5af742ce41366464a3e104369615853d36e4d763 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1536,7 +1536,7 @@ dnl If not, then don't use it.
 dnl Note that _FORTIFY_SOURCE may have been set through FLAGS too.
 dnl _FORTIFY_SOURCE value will be selectively disabled for function that can't
 dnl support it
-no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
+no_fortify_source="-U_FORTIFY_SOURCE"
 fortify_source="${no_fortify_source}"
 
 AC_CACHE_CHECK([for maximum supported _FORTIFY_SOURCE level],
@@ -1555,7 +1555,7 @@ AS_CASE([$enable_fortify_source],
         [libc_cv_fortify_source=no])
 
 AS_IF([test "$libc_cv_fortify_source" = yes],
-      [fortify_source="${fortify_source},-D_FORTIFY_SOURCE=${enable_fortify_source}"]
+      [fortify_source="${fortify_source} -D_FORTIFY_SOURCE=${enable_fortify_source}"]
       )
 
 AC_SUBST(enable_fortify_source)

diff --git a/debug/Makefile b/debug/Makefile
index 3903cc97a37063541e1fbf0d294b510865ca811b..89ee80bf4d8a1100ede3e35cbeb5d7dc5018a770 100644 (file)
--- a/debug/Makefile
+++ b/debug/Makefile
@@ -171,16 +171,16 @@ CFLAGS-recvfrom_chk.c += -fexceptions -fasynchronous-unwind-tables
 # set up for us, so keep the CFLAGS/CPPFLAGS split logical as the order is:
 # <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
 CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source) -D_FORTIFY_SOURCE=1
 CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source) -D_FORTIFY_SOURCE=1
 CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
-CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
-CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
-CFLAGS-tst-sprintf-fortify-rdonly.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
-CFLAGS-tst-fortify-syslog.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
-CFLAGS-tst-fortify-wide.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source) -D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2
+CFLAGS-tst-sprintf-fortify-rdonly.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2
+CFLAGS-tst-fortify-syslog.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2
+CFLAGS-tst-fortify-wide.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2
 
 # _FORTIFY_SOURCE tests.
 # Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and
@@ -218,7 +218,8 @@ src-chk-nongnu = \#undef _GNU_SOURCE
 # cannot be disabled via pragmas, so require -Wno-error to be used.
 define gen-chk-test
 tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
-CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \
+CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += $(no-fortify-source) -D_FORTIFY_SOURCE=$(3) \
+                                         -Wno-format \
                                          -Wno-deprecated-declarations \
                                          -Wno-error
 $(eval $(call cflags-$(2),$(1),$(3),$(4)))

diff --git a/io/Makefile b/io/Makefile
index a401ec414e6185fde46fe630727e011ee79f522e..a8d575e9cead4c53cbb94e88f992a065f95284fc 100644 (file)
--- a/io/Makefile
+++ b/io/Makefile
@@ -295,7 +295,7 @@ CFLAGS-read.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-i
 CFLAGS-write.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-ignored-attributes)
 CFLAGS-close.c += -fexceptions -fasynchronous-unwind-tables
 CFLAGS-lseek64.c += $(config-cflags-wno-ignored-attributes)
-CFLAGS-tst-read-zero.c += $(no-fortify-source),-D_FORTIFY_SOURCE=$(supported-fortify)
+CFLAGS-tst-read-zero.c += $(no-fortify-source) -D_FORTIFY_SOURCE=$(supported-fortify)
 
 CFLAGS-test-stat.c += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
 CFLAGS-test-lfs.c += -D_LARGEFILE64_SOURCE

diff --git a/stdio-common/Makefile b/stdio-common/Makefile
index a1db859684d30018b952bd525ba448b0343bdd09..44165a9c5952d5a2b57f4459549d9bb40b831732 100644 (file)
--- a/stdio-common/Makefile
+++ b/stdio-common/Makefile
@@ -598,7 +598,7 @@ CFLAGS-tst-gets.c += -Wno-deprecated-declarations
 
 # BZ #11319 was first fixed for regular vdprintf, then reopened because
 # the fortified version had the same bug.
-CFLAGS-tst-bz11319-fortify2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
+CFLAGS-tst-bz11319-fortify2.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2
 
 CFLAGS-tst-memstream-string.c += -fno-builtin-fprintf
 

diff --git a/wcsmbs/Makefile b/wcsmbs/Makefile
index 63adf0e8efecd1bfe150e71182f87f06cce6b018..37a44e62c3fb567e9118772c9d849231e844cf73 100644 (file)
--- a/wcsmbs/Makefile
+++ b/wcsmbs/Makefile
@@ -264,7 +264,7 @@ CFLAGS-wcstod_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
 CFLAGS-wcstold_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
 CFLAGS-wcstof128_l.c += $(strtox-CFLAGS)
 CFLAGS-wcstof_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
-CPPFLAGS-tst-wchar-h.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-wchar-h.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2
 
 CFLAGS-wcschr.c += $(config-cflags-wno-ignored-attributes)
 CFLAGS-wmemchr.c += $(config-cflags-wno-ignored-attributes)