net-libs/libnet:1.1 fails during linking with the following error: make[1]: Entering directory `/var/tmp/portage/net-libs/libnet-1.1.2.1-r1/work/libnet/sample' /bin/sh ../libtool --tag=CC --mode=link x86_64-pc-linux-gnu-gcc -march=amdfam10 -pipe -fomit-frame-pointer -O2 -fforce-addr -mno-tls-direct-seg-refs -Wall -Wl,-O1 -o gre gre.o ../src/libnet.la libtool: link: x86_64-pc-linux-gnu-gcc -march=amdfam10 -pipe -fomit-frame-pointer -O2 -fforce-addr -mno-tls-direct-seg-refs -Wall -Wl,-O1 -o .libs/gre gre.o ../src/.libs/libnet.so /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.2/../../../../x86_64-pc-linux-gnu/bin/ld: gre.o: relocation R_X86_64_PC32 against undefined symbol `libnet_getgre_length' can not be used when making a shared object; recompile with -fPIC /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.2/../../../../x86_64-pc-linux-gnu/bin/ld: final link failed: Bad value collect2: ld returned 1 exit status make[1]: *** [gre] Error 1 make[1]: Leaving directory `/var/tmp/portage/net-libs/libnet-1.1.2.1-r1/work/libnet/sample' make: *** [all-recursive] Error 1 It does not exhibit on x86/hardened (gcc-3.4.6-r2) or amd64/desktop (gcc-4.3.2-r2). Modifying the ebuild to add '-fPIC' to the CFLAGS works. Patch to follow.
Created attachment 177910 [details, diff] patch to libnet-1.1.2.1-r1.ebuild Approaches varied, but this seemed the most common approach in portage to adding -fPIC.
emerge --info: Portage 2.1.6.4 (hardened/linux/amd64/2008.0/server, gcc-4.3.2, glibc-2.9_p20081201-r1, 2.6.27-hardened-r3 x86_64) ================================================================= System uname: Linux-2.6.27-hardened-r3-x86_64-AMD_Phenom-tm-_9850_Quad-Core_Processor-with-glibc2.2.5 Timestamp of tree: Thu, 08 Jan 2009 14:05:01 +0000 app-shells/bash: 3.2_p48 dev-lang/python: 2.4.4-r6, 2.5.2-r8 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 0.4.1-r1 sys-apps/sandbox: 1.3.2 sys-devel/autoconf: 2.63 sys-devel/automake: 1.10.2 sys-devel/binutils: 2.19 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.28-r1 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=amdfam10 -pipe -fomit-frame-pointer -O2 -fforce-addr -mno-tls-direct-seg-refs" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/init.d/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=amdfam10 -pipe -fomit-frame-pointer -O2 -fforce-addr -mno-tls-direct-seg-refs" DISTDIR="/usr/portage/distfiles" FEATURES="buildpkg collision-protect distlocks fakeroot fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LDFLAGS="-Wl,-O1" MAKEOPTS="-j6" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_EXTRA_OPTS="-P" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl amd64 apache2 audit berkdb bzip2 caps cli cracklib crypt cups dbus dri gd gdbm glibc-omitfp gmp gpm hardened hpn iconv idn ipv6 iscsi isdnlog ithreads justify keyscrub kqemu kvm libedit lvm lzma lzo mailwrapper midi mktemp mmx mudflap multilib mysql ncurses nls nptl nptlonly openmp pam passwdqc pcre perl pic pppd python qemu readline reflection screen session snmp socks5 spl sse sse2 sse3 ssh ssl sysfs tcpd threads truetype unicode urandom utils vde vim-syntax xattr xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="fbdev glint i810 intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTDIR_OVERLAY
Have that to but i would add a patch for Makefile.in gre.o: CFLAGS += -fPIC But we need to check way gcc 4.3.2 need -fPIC instead of -fPIE on that. http://hardened.gentooexperimental.org/trac/secure/ticket/50 emerge --info Portage 2.1.6.4 (hardened/linux/amd64/2008.0/server, gcc-4.3.2, glibc-2.8_p20080602-r1, 2.6.25-hardened-r4 x86_64) ================================================================= System uname: Linux-2.6.25-hardened-r4-x86_64-Intel-R-_Xeon-R-_CPU_E5420_@_2.50GHz-with-glibc2.4 Timestamp of tree: Sat, 17 Jan 2009 23:00:02 +0000 app-shells/bash: 3.2_p48 dev-lang/python: 2.5.2-r8 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 0.4.1-r1 sys-apps/sandbox: 1.3.2 sys-devel/autoconf: 2.63 sys-devel/automake: 1.10.2 sys-devel/binutils: 2.18-r4 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.28-r1 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe" CHOST="x86_64-pc-linux-gnu"
Created attachment 178949 [details] readelf -a of the gre.o file compile with -fPIE
Created attachment 178951 [details] readelf -a of the gre.o file compile with -fPIC This object file is okey and works. It have R_X86_64_PLT32 0000000000000000 libnet_getgre_length + fffffffffffffffc instead of R_X86_64_PC32 0000000000000000 libnet_getgre_length + fffffffffffffffc
On gcc 4.1 vanilla with -fPIE on gre.c it works fine but not on gcc 4.3
Created attachment 179456 [details] gre compile with gcc 4.1 and -fPIE readelf -a
Created attachment 179458 [details] gre compile with gcc 4.3 and -fPIE readelf -a gre.o: CFLAGS += -fPIE gre: LDFLAGS += -pie added in the Makefile.in
Created attachment 179666 [details] gre compile with gcc 4.3 hardened and -fPIC gre.s the s file from gcc -save-temps
Created attachment 179668 [details] gre compile with gcc 4.3 hardened and -fPIE gre.s the s file from gcc -save-temps
Created attachment 179669 [details] gre compile with gcc 4.1 vanilla and -fPIE gre.s the s file from gcc -save-temps
Fails in the same manner here: Portage 2.1.6.7 (hardened/linux/amd64/2008.0/no-multilib, gcc-4.3.2, glibc-2.9_p20081201-r1, 2.6.28-hardened x86_64) ================================================================= System uname: Linux-2.6.28-hardened-x86_64-Intel-R-_Xeon-TM-_CPU_3.20GHz-with-glibc2.3.2 Timestamp of tree: Sun, 25 Jan 2009 23:45:01 +0000 app-shells/bash: 3.2_p48 dev-lang/python: 2.4.4-r6, 2.5.2-r8 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 0.4.2 sys-apps/sandbox: 1.3.2 sys-devel/autoconf: 2.63 sys-devel/automake: 1.10.2 sys-devel/binutils: 2.19 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.28-r1 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -O2 -pipe -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=nocona -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LDFLAGS="-Wl,-O1" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/srv/gentoo/overlay /usr/local/portage" SYNC="rsync://red.linx.net/gentoo-portage" USE="acl amd64 animgif bash-completion berkdb bzip2 calendar cgi cli cracklib crypt cups dahdi device-mapper diskio dri elf expat fastcgi gd gdbm gif gnutls gpm hardened iconv ipv6 isdnlog jpeg justify md5sum midi mmx mpm-prefork mudflap ncurses no-old-linux nptl nptlonly openmp pam pcre perl pic png pppd python readline reflection rss session snmp spl sqlite sse sse2 ssl sysfs syslog truetype unicode urandom vhosts xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="fbdev glint i810 intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 179778 [details] compile sample/gre with -fPIC quick fix This is only a quick fix for gre It is a bug in the compiler that need to be fixed. The compiler don't add @PLT to the symbol libnet_getgre_length in the object file. gre.o Works fine in gcc <4.2
eautoreconf + # Quick fix for #254355 + if gcc-specs-pie && gcc-version > 4.3 ; then + epatch "${FILESDIR}"/compile-gre-with-pic.patch + fi } Fix for the ebuild
Just to confirm, the newly released GCC 4.3.3 ebuild does not resolve this build error.
(In reply to comment #15) > Just to confirm, the newly released GCC 4.3.3 ebuild does not resolve this > build error. > Thay did change some stuff for the check of @PLT in gcc 4.3 and it is okey in 4.2.4 Need to track the chenge down.
Comment on attachment 179668 [details] gre compile with gcc 4.3 hardened and -fPIE gre.s wrong file
Comment on attachment 179669 [details] gre compile with gcc 4.1 vanilla and -fPIE gre.s wrong file
Added the bug on gcc's bugzilla http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39013
patch from comment #13 is good. comment #14 is wrong . This most likely should be applied unconditionally. Removing hardened@ due to the high traffic of the bug. Please add us back if you require any further input.
Created attachment 180327 [details, diff] Patch from gcc bugzilla #39013 fixed for gcc 4.3.3 This patch fix the missing @PLT when -fpie is used and inline
thanks, queued for the 4.3.3 patchset http://sources.gentoo.org/gentoo/src/patchsets/gcc/4.3.3/gentoo/69_all_gcc43-pr39013.patch?rev=1.1
*** Bug 259970 has been marked as a duplicate of this bug. ***
unfortunately, this patch seems to break other things ... see Bug 262567
the backport wasnt entirely correct ... the pedwarn() func has a diff decl in trunk than gcc-4.3. so this change is needed: -+ pedwarn (input_location, 0, -+ "inline function %q+D declared but never defined", p); ++ pedwarn ("inline function %q+D declared but never defined", p);
(In reply to comment #25) > the backport wasnt entirely correct ... the pedwarn() func has a diff decl in > trunk than gcc-4.3. so this change is needed: > > -+ pedwarn (input_location, 0, > -+ "inline function %q+D declared but never defined", p); > ++ pedwarn ("inline function %q+D declared but never defined", p); > okey
Created attachment 185178 [details, diff] fix the bug in the patch with this Hope this works :)
(In reply to comment #27) > Created an attachment (id=185178) [edit] > fix the bug in the patch with this > > Hope this works :) > It did'd :(
Created attachment 185179 [details] fix a typo in tha last patch It was a typo in the last patch sorry.
This patch is needed for gcc 4.3.2 too so hardened gcc 4.3.2 can get stable.
fixed 4.3.3 patchset: http://sources.gentoo.org/gentoo/src/patchsets/gcc/4.3.3/gentoo/69_all_gcc43-pr39013.patch?r1=1.1&r2=1.2 added to 4.3.2 patchset: http://sources.gentoo.org/gentoo/src/patchsets/gcc/4.3.2/gentoo/69_all_gcc43-pr39013.patch?rev=1.1
