Your message dated Tue, 25 Oct 2016 16:53:00 +0000
with message-id <af30c450-36e3-8ee9-d9c4-6418701ed...@thykier.net>
and subject line Re: check: Please build libcheck.a with -fPIC
has caused the Debian Bug report #837445,
regarding check needs PIE binNMU
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
837445: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837445
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: check
Version: 0.10.0-3
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: makes several packages FTBFS on amd64 with extra hardening
Affects: ettercap galera-3 gubbins netcfg vnstat
Dear Maintainers,
During a rebuild of all packages in sid, several packages
failed to build on amd64 with patched GCC and dpkg. The root
cause seems to be that libcheck.a is shipped as a non-PIC library.
The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.
For more information about the changes to sid's dpkg and GCC please
visit:
https://wiki.debian.org/Hardening/PIEByDefaultTransitio
Relevant part of ettercap's build log:
...
[100%] Linking C executable test_ec_decode
cd /<<PKGBUILDDIR>>/obj-text-only/tests && /usr/bin/cmake -E cmake_link_script
CMakeFiles/test_ec_deco
de.dir/link.txt --verbose=1
/usr/bin/cc -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=.
-fstack-protector-strong -Wformat -Werror=fo
rmat-security -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -g -DNDEBUG -Wl,-z,relro
-Wl,-z,now CMakeFiles/te
st_ec_decode.dir/test_ec_decode.c.o -o test_ec_decode -rdynamic
../src/libettercap.so.0.0.0 ../src/in
terfaces/libec_interfaces.a -Wl,-Bstatic -lcheck -Wl,-Bdynamic -lpthread
-lcheck_pic -lrt -lm -lsubuni
t -lssl -lcrypto -lz -ldl -lbsd -lpcap -lnet -lresolv -lpcre
../src/lua/libec_lua.a -lluajit-5.1 -lpth
read -Wl,-rpath,/<<PKGBUILDDIR>>/obj-text-only/src /usr/bin/ld:
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libcheck.a(check.o):
relocation
R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared
object; recompile with -fPI
C
/usr/bin/ld:
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libcheck.a(check_error.o):
relo
cation R_X86_64_32 against `.rodata.str1.1' can not be used when making a
shared object; recompile wit
h -fPIC
...
The full build log is available from:
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/ettercap_0.8.2-2_amd64.build.gz
I'm aware of the provided libcheck_pic.a file, but I think
there is little value in providing the non-PIC library
thus I suggest providing only one, libcheck.a with PIC.
Thanks,
Balint
--- End Message ---
--- Begin Message ---
On Sun, 11 Sep 2016 19:04:08 +0200 Balint Reczey
<bal...@balintreczey.hu> wrote:
> Source: check
> Version: 0.10.0-3
> Severity: important
> User: bal...@balintreczey.hu
> Usertags: pie-bindnow-20160906
> Justification: makes several packages FTBFS on amd64 with extra hardening
> Affects: ettercap galera-3 gubbins netcfg vnstat
>
> Dear Maintainers,
>
> During a rebuild of all packages in sid, several packages
> failed to build on amd64 with patched GCC and dpkg. The root
> cause seems to be that libcheck.a is shipped as a non-PIC library.
>
> The rebuild tested if packages are ready for a transition
> enabling PIE and bindnow for amd64.
>
> For more information about the changes to sid's dpkg and GCC please
> visit:
> https://wiki.debian.org/Hardening/PIEByDefaultTransitio
>
> Relevant part of ettercap's build log:
> [...]
>
> The full build log is available from:
> https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/ettercap_0.8.2-2_amd64.build.gz
>
> I'm aware of the provided libcheck_pic.a file, but I think
> there is little value in providing the non-PIC library
> thus I suggest providing only one, libcheck.a with PIC.
>
> Thanks,
> Balint
>
>
>
>
Rebuilt successfully.
--- End Message ---
