Bug#1095522: catch2: not built using hardening=+pie -- causes problems when used by packages that use it

Sat, 08 Feb 2025 12:21:24 -0800 

source: catch2
version: 3.7.1-0.4
severity: important
Control: affects -1 + spdlog
Control: tags -1 + patch ftbfs

Debian uses the pie (position independent executable) compile option as
default for many, but not all, architectures.

Since catch2 only builds static libraries, this will on some
architecture contain position dependent code. Using these to build pie
executables will cause problems.

This happens e.g. on x32:

$ g++ -pie -o main -lCatch2Main -lCatch2
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-
gnux32/14/../../../../lib/libCatch2Main.a(catch_main.cpp.o): warning:
relocation in read-only section `.text.startup'
/usr/bin/ld: BFD (GNU Binutils for Debian) 2.44 assertion fail
../../bfd/elflink.c:15599
/usr/bin/ld: BFD (GNU Binutils for Debian) 2.44 assertion fail
../../bfd/elflink.c:15599
/usr/bin/ld: BFD (GNU Binutils for Debian) 2.44 assertion fail
../../bfd/elflink.c:15599
/usr/bin/ld: BFD (GNU Binutils for Debian) 2.44 assertion fail
../../bfd/elflink.c:15599
/usr/bin/ld: BFD (GNU Binutils for Debian) 2.44 assertion fail
../../bfd/elflink.c:15599
/usr/bin/ld: BFD (GNU Binutils for Debian) 2.44 assertion fail
../../bfd/elflink.c:15599
/usr/bin/ld: BFD (GNU Binutils for Debian) 2.44 assertion fail
../../bfd/elflink.c:15599
/usr/bin/ld: BFD (GNU Binutils for Debian) 2.44 assertion fail
../../bfd/elflink.c:15599
/usr/bin/ld: warning: creating DT_TEXTREL in a PIE
collect2: error: ld returned 1 exit status

This causes e.g. spdlog to ftbfs.

Rebuilding the catch2 package with hardening=+pie added to
DEB_BUILD_MAINT_OPTIONS solves the issue:

$ g++ -pie -o main -lCatch2Main -lCatch2
$ ./main 
Randomness seeded to: 39622299
=======================================================================
========
No tests ran

With this updated package spdlog also builds.

Debdiff attacthed.

        Mattias


diff -Nru catch2-3.7.1/debian/changelog catch2-3.7.1/debian/changelog
--- catch2-3.7.1/debian/changelog	2024-10-19 21:33:48.000000000 +0200
+++ catch2-3.7.1/debian/changelog	2025-02-08 18:38:12.000000000 +0100
@@ -1,3 +1,10 @@
+catch2 (3.7.1-0.5) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add hardening=+pie to DEB_BUILD_MAINT_OPTIONS
+
+ -- Mattias Ellert <mattias.ell...@physics.uu.se>  Sat, 08 Feb 2025 18:38:12 +0100
+
 catch2 (3.7.1-0.4) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru catch2-3.7.1/debian/rules catch2-3.7.1/debian/rules
--- catch2-3.7.1/debian/rules	2024-10-19 21:29:50.000000000 +0200
+++ catch2-3.7.1/debian/rules	2025-02-08 12:42:38.000000000 +0100
@@ -3,7 +3,7 @@
 include /usr/share/dpkg/architecture.mk
 
 # Disable fixfilepath, as it triggers build failures.
-export DEB_BUILD_MAINT_OPTIONS=reproducible=-fixfilepath
+export DEB_BUILD_MAINT_OPTIONS=reproducible=-fixfilepath hardening=+pie
 
 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
 ENABLE_SELFTEST = ON

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to