Re: ffmpeg6 and SSP?
On Wed, Nov 15, 2023 at 01:48:19PM +0200, Vitaly Shevtsov wrote: > Even arcticfox cannot be built due to the same reason. Christos fixed it - cvs update and rebuild, and check you have # nm -g /lib/libc.so | grep ssp 00055136 T __ssp_protected_getcwd 0005512c T __ssp_protected_read 00055131 T __ssp_protected_readlink 0007cc3a T _getfsspec 0007cc3a W getfsspec 0019822f T isspace 00198245 T isspace_l 0004afb7 T wcsspn Cheers, Patrick
Re: ffmpeg6 and SSP?
On Tue, Nov 14, 2023 at 11:30:27AM +, Patrick Welche wrote: > On Tue, Nov 14, 2023 at 10:32:01AM +, Patrick Welche wrote: > > On Mon, Nov 13, 2023 at 11:22:55AM +, Patrick Welche wrote: > > > I'm pretty sure ffmpeg6 compiled recently, but on today's NetBSD-current > > > with HAVE_GCC=12 and pkgsrc-current I'm seeing > > > > > > => Bootstrap dependency digest>=20211023: found digest-20220214 > > > ===> Checking for vulnerabilities in ffmpeg6-6.0nb6 > > > ===> Building for ffmpeg6-6.0nb6 > > > LD ffmpeg6_g > > > LD ffprobe6_g > > > ld: /usr/lib/crt0.o and /usr/lib/crt0.o: warning: multiple common of > > > `environ' > > > ld: /usr/lib/crt0.o and /usr/lib/crt0.o: warning: multiple common of > > > `environ' > > > ld: libavdevice/libavdevice.so: undefined reference to > > > `__ssp_protected_read' > > > ld: libavdevice/libavdevice.so: undefined reference to > > > `__ssp_protected_read' > > > gmake: *** [Makefile:131: ffprobe6_g] Error 1 > > > gmake: *** Waiting for unfinished jobs > > > gmake: *** [Makefile:131: ffmpeg6_g] Error 1 > > > *** Error code 2 > > > > > > > > > Suggestions? Try no FORTIFY? > > > > I tried "no FORTIFY" on ffmpeg6 as > > > > CONFIGURE_ENV+="CPPFLAGS=\"-D_FORTIFY_SOURCE=0\"" > > > > which didn't help. > > > > I tried a NetBSD-current box with gcc 10.5.0 (i.e., without HAVE_GCC=12) > > which didn't help. > > > > I also see the problem with the simpler lang/gawk package: > > > > ld: awkgram.o: in function `get_src_buf': > > awkgram.c:(.text+0x2d8c): undefined reference to `__ssp_protected_read' > > ld: io.o: in function `iop_alloc': > > io.c:(.text+0xf03): undefined reference to `__ssp_protected_read' > > ld: io.o: in function `get_a_record': > > io.c:(.text+0x22d6): undefined reference to `__ssp_protected_read' > > ld: io.o: in function `after_beginfile': > > io.c:(.text+0x27c7): undefined reference to `__ssp_protected_read' > > ld: io.o: in function `redirect_string': > > io.c:(.text+0x55e7): undefined reference to `__ssp_protected_read' > > ld: io.o:io.c:(.text+0x5606): more undefined references to > > `__ssp_protected_read' follow > > > > If I simply edit /usr/include/ssp/ssp.h to remove the __gnu_inline__ from > > the definition of__ssp_inline and make it static again, then gawk builds, > > > > i.e., reverting > > > > -/* $NetBSD: ssp.h,v 1.14 2023/03/29 13:37:10 christos Exp $*/ > > +/* $NetBSD: ssp.h,v 1.15 2023/11/10 23:03:37 christos Exp $*/ > > > > allows gawk to build. > > Userland was built with MKUPDATE=yes - maybe I didn't rebuild whichever > library should contain the extern definition of __ssp_protected_read ? > > git grep ssp_protected_read > > on https://github.com/NetBSD/src.git returned nothing - where should > the __ssp_protected_read symbol live? Thank you to Christos for putting the symbol in libc today with the addition of ssp_redirect.c! Before: $ nm -g libc.so.12.221 | grep ssp 0007bb8a T _getfsspec 0007bb8a W getfsspec 0019717f T isspace 00197195 T isspace_l 00049f67 T wcsspn After: $ nm -g libc.so.12.221 | grep ssp 00055136 T __ssp_protected_getcwd 0005512c T __ssp_protected_read 00055131 T __ssp_protected_readlink 0007cc3a T _getfsspec 0007cc3a W getfsspec 0019822f T isspace 00198245 T isspace_l 0004afb7 T wcsspn Cheers, Patrick
Re: ffmpeg6 and SSP?
Even arcticfox cannot be built due to the same reason. -- Vitaly
Re: ffmpeg6 and SSP?
On Tue, 14 Nov 2023 11:30:27 + Patrick Welche wrote: > Userland was built with MKUPDATE=yes - maybe I didn't rebuild whichever > library should contain the extern definition of __ssp_protected_read ? Same problem with a clean userland build. I'll also note it doesn't work to override _FORTIFY_SOURCE with CFLAGS in pkgsrc, because SSP is enforced through wrappers. Minimal reproducer: #define _FORTIFY_SOURCE 2 #include ssize_t (*myread)(int d, void *buf, size_t nbytes); int main(void) { char c; myread = &read; return myread(STDIN_FILENO, &c, sizeof(c)); }
Re: ffmpeg6 and SSP?
On Tue, Nov 14, 2023 at 10:32:01AM +, Patrick Welche wrote: > On Mon, Nov 13, 2023 at 11:22:55AM +, Patrick Welche wrote: > > I'm pretty sure ffmpeg6 compiled recently, but on today's NetBSD-current > > with HAVE_GCC=12 and pkgsrc-current I'm seeing > > > > => Bootstrap dependency digest>=20211023: found digest-20220214 > > ===> Checking for vulnerabilities in ffmpeg6-6.0nb6 > > ===> Building for ffmpeg6-6.0nb6 > > LD ffmpeg6_g > > LD ffprobe6_g > > ld: /usr/lib/crt0.o and /usr/lib/crt0.o: warning: multiple common of > > `environ' > > ld: /usr/lib/crt0.o and /usr/lib/crt0.o: warning: multiple common of > > `environ' > > ld: libavdevice/libavdevice.so: undefined reference to > > `__ssp_protected_read' > > ld: libavdevice/libavdevice.so: undefined reference to > > `__ssp_protected_read' > > gmake: *** [Makefile:131: ffprobe6_g] Error 1 > > gmake: *** Waiting for unfinished jobs > > gmake: *** [Makefile:131: ffmpeg6_g] Error 1 > > *** Error code 2 > > > > > > Suggestions? Try no FORTIFY? > > I tried "no FORTIFY" on ffmpeg6 as > > CONFIGURE_ENV+="CPPFLAGS=\"-D_FORTIFY_SOURCE=0\"" > > which didn't help. > > I tried a NetBSD-current box with gcc 10.5.0 (i.e., without HAVE_GCC=12) > which didn't help. > > I also see the problem with the simpler lang/gawk package: > > ld: awkgram.o: in function `get_src_buf': > awkgram.c:(.text+0x2d8c): undefined reference to `__ssp_protected_read' > ld: io.o: in function `iop_alloc': > io.c:(.text+0xf03): undefined reference to `__ssp_protected_read' > ld: io.o: in function `get_a_record': > io.c:(.text+0x22d6): undefined reference to `__ssp_protected_read' > ld: io.o: in function `after_beginfile': > io.c:(.text+0x27c7): undefined reference to `__ssp_protected_read' > ld: io.o: in function `redirect_string': > io.c:(.text+0x55e7): undefined reference to `__ssp_protected_read' > ld: io.o:io.c:(.text+0x5606): more undefined references to > `__ssp_protected_read' follow > > If I simply edit /usr/include/ssp/ssp.h to remove the __gnu_inline__ from > the definition of__ssp_inline and make it static again, then gawk builds, > > i.e., reverting > > -/* $NetBSD: ssp.h,v 1.14 2023/03/29 13:37:10 christos Exp $*/ > +/* $NetBSD: ssp.h,v 1.15 2023/11/10 23:03:37 christos Exp $*/ > > allows gawk to build. Userland was built with MKUPDATE=yes - maybe I didn't rebuild whichever library should contain the extern definition of __ssp_protected_read ? git grep ssp_protected_read on https://github.com/NetBSD/src.git returned nothing - where should the __ssp_protected_read symbol live? Cheers, Patrick
Re: ffmpeg6 and SSP?
On Mon, Nov 13, 2023 at 11:22:55AM +, Patrick Welche wrote: > I'm pretty sure ffmpeg6 compiled recently, but on today's NetBSD-current > with HAVE_GCC=12 and pkgsrc-current I'm seeing > > => Bootstrap dependency digest>=20211023: found digest-20220214 > ===> Checking for vulnerabilities in ffmpeg6-6.0nb6 > ===> Building for ffmpeg6-6.0nb6 > LD ffmpeg6_g > LD ffprobe6_g > ld: /usr/lib/crt0.o and /usr/lib/crt0.o: warning: multiple common of `environ' > ld: /usr/lib/crt0.o and /usr/lib/crt0.o: warning: multiple common of `environ' > ld: libavdevice/libavdevice.so: undefined reference to `__ssp_protected_read' > ld: libavdevice/libavdevice.so: undefined reference to `__ssp_protected_read' > gmake: *** [Makefile:131: ffprobe6_g] Error 1 > gmake: *** Waiting for unfinished jobs > gmake: *** [Makefile:131: ffmpeg6_g] Error 1 > *** Error code 2 > > > Suggestions? Try no FORTIFY? I tried "no FORTIFY" on ffmpeg6 as CONFIGURE_ENV+="CPPFLAGS=\"-D_FORTIFY_SOURCE=0\"" which didn't help. I tried a NetBSD-current box with gcc 10.5.0 (i.e., without HAVE_GCC=12) which didn't help. I also see the problem with the simpler lang/gawk package: ld: awkgram.o: in function `get_src_buf': awkgram.c:(.text+0x2d8c): undefined reference to `__ssp_protected_read' ld: io.o: in function `iop_alloc': io.c:(.text+0xf03): undefined reference to `__ssp_protected_read' ld: io.o: in function `get_a_record': io.c:(.text+0x22d6): undefined reference to `__ssp_protected_read' ld: io.o: in function `after_beginfile': io.c:(.text+0x27c7): undefined reference to `__ssp_protected_read' ld: io.o: in function `redirect_string': io.c:(.text+0x55e7): undefined reference to `__ssp_protected_read' ld: io.o:io.c:(.text+0x5606): more undefined references to `__ssp_protected_read' follow If I simply edit /usr/include/ssp/ssp.h to remove the __gnu_inline__ from the definition of__ssp_inline and make it static again, then gawk builds, i.e., reverting -/* $NetBSD: ssp.h,v 1.14 2023/03/29 13:37:10 christos Exp $*/ +/* $NetBSD: ssp.h,v 1.15 2023/11/10 23:03:37 christos Exp $*/ allows gawk to build. Cheers, Patrick
Re: ffmpeg6 and SSP?
On Tuesday, November 14th, 2023 at 8:48 AM, Vitaly Shevtsov wrote: > Hello! > > What if you put -D_FORTIFY_SOURCE=0 into Makefile, will it help? Won't know until I try :) Will have to wait a bit, though ... currently building firefox. If someone else can try before tomorrow, it would be great. Else, I can test it.
Re: ffmpeg6 and SSP?
Hello! What if you put -D_FORTIFY_SOURCE=0 into Makefile, will it help? On Tue, Nov 14, 2023 at 9:05 AM pin wrote: > > Hi all, > > I've reported off-list to wiz@ that building ffmpeg6 on current from Saturday > Nov. 11 2023 failed for me. > > The error is/was the same as reported here, > https://mail-index.netbsd.org/pkgsrc-users/2023/11/13/msg038461.html > > I can now confirm that downgrading userland to Nov. 8 2023 allows the build > to complete successfully. > It's highly likely the issue is related to the changes introduced to ssp on > Nov. 10 2023 > > Regards, > -- Vitaly
Re: ffmpeg6 and SSP?
Hi all, I've reported off-list to wiz@ that building ffmpeg6 on current from Saturday Nov. 11 2023 failed for me. The error is/was the same as reported here, https://mail-index.netbsd.org/pkgsrc-users/2023/11/13/msg038461.html I can now confirm that downgrading userland to Nov. 8 2023 allows the build to complete successfully. It's highly likely the issue is related to the changes introduced to ssp on Nov. 10 2023 Regards,