From patchwork Tue Sep 15 18:49:13 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Brendan Heading <brendanheading@gmail.com>
X-Patchwork-Id: 518079
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	by ozlabs.org (Postfix) with ESMTP id A62521402D6
	for <incoming@patchwork.ozlabs.org>;
	Wed, 16 Sep 2015 04:49:21 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=XvoGa028;
	dkim-atps=neutral
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id 5DA5A32095;
	Tue, 15 Sep 2015 18:49:20 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 6+3AYmK67n55; Tue, 15 Sep 2015 18:49:19 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by silver.osuosl.org (Postfix) with ESMTP id D02D432BAF;
	Tue, 15 Sep 2015 18:49:18 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	by ash.osuosl.org (Postfix) with ESMTP id AE3AE1C2A02
	for <buildroot@lists.busybox.net>;
	Tue, 15 Sep 2015 18:49:17 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id A9D999686D
	for <buildroot@lists.busybox.net>;
	Tue, 15 Sep 2015 18:49:17 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id BTvwP3HayTN0 for <buildroot@lists.busybox.net>;
	Tue, 15 Sep 2015 18:49:17 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com
	[209.85.212.170])
	by hemlock.osuosl.org (Postfix) with ESMTPS id CD725951F1
	for <buildroot@buildroot.org>; Tue, 15 Sep 2015 18:49:16 +0000 (UTC)
Received: by wiclk2 with SMTP id lk2so40214977wic.1
	for <buildroot@buildroot.org>; Tue, 15 Sep 2015 11:49:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=FNhWWIkHl0N3/YKtxPPhNC572BL3CQ+uUH7S33PQEzY=;
	b=XvoGa028gDs/e6tW6aWE13kgGDoMjzBiWTlvwbfW+hcbKhDzdfn1OcTnVnvaX6ZRG7
	8TAnKeaY5+Uka173n9Fh8WRlotldF0FA+TjdF7lJR9Q/CE0Gzk+Z1ymg62ZGReSn3G+L
	1WgO8zZjA7D+cMEwJ/b3M2YbuGmIVp59wCjE66NjDIwp/GwoItkmNg2RTJWedLf5ySaM
	xAJGbZy7lX3HvpPiI5/6Ne6TsQmh224tl/Bn20SinsQv+hEsoP9ld92L2MYo/Pfm9Lg/
	bEqbI1zEhXts94ckLuuuZjId7MTYBaIvM6HuuU95SGfHznmE3FODi5GpQoWIxdmsa1WW
	QpQg==
X-Received: by 10.180.187.141 with SMTP id
	fs13mr10457645wic.13.1442342955446;
	Tue, 15 Sep 2015 11:49:15 -0700 (PDT)
Received: from bhfedora.members.unit1.farsetlabs.org.uk
	(members.unit1.farsetlabs.org.uk. [89.185.154.123])
	by smtp.gmail.com with ESMTPSA id
	s9sm22478612wjy.16.2015.09.15.11.49.14
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 15 Sep 2015 11:49:14 -0700 (PDT)
From: Brendan Heading <brendanheading@gmail.com>
To: buildroot@buildroot.org
Date: Tue, 15 Sep 2015 19:49:13 +0100
Message-Id: <1442342953-20312-1-git-send-email-brendanheading@gmail.com>
X-Mailer: git-send-email 2.4.3
Cc: Brendan Heading <brendanheading@gmail.com>
Subject: [Buildroot] [PATCH 1/1] package/sudo: disable use of stack
	protector when not available
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Fixes:
http://autobuild.buildroot.net/results/d93/d9390b929328e6253b883f000f6f09972df90f47/

sudo, by default, attempts to use the stack protector if configure detects
that it exists. The stack protector detection does not attempt to link
libssp, which can cause a false positive.

Instead, check if the stack protector is enabled in the buildroot
toolchain config, and pass --disable-hardening if it is not - similar to
psmisc and sox.

Signed-off-by: Brendan Heading <brendanheading@gmail.com>
---
 package/sudo/sudo.mk | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/package/sudo/sudo.mk b/package/sudo/sudo.mk
index 4327c8a..b839ee4 100644
--- a/package/sudo/sudo.mk
+++ b/package/sudo/sudo.mk
@@ -30,6 +30,11 @@ else
 SUDO_CONF_OPTS += --without-pam
 endif
 
+ifeq ($(BR2_TOOLCHAIN_HAS_SSP),)
+# Don't force -fstack-protector when SSP is not available in toolchain
+SUDO_CONF_OPTS += --disable-hardening
+endif
+
 # mksigname/mksiglist needs to run on build host to generate source files
 define SUDO_BUILD_MKSIGNAME_MKSIGLIST_HOST
 	$(MAKE) $(HOST_CONFIGURE_OPTS) \