netstat.c:(.text.ip_port_str+0xad): warning: Using 'getservbyport' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking networking/lib.a(arping.o): In function `catcher': arping.c:(.text.catcher+0xd3): undefined reference to `__mempcpy_chk' ----------------------------------------------------------------- This is an unstable amd64 chroot image (named hardened_20170217-144156) at a hardened host acting as a tinderbox. ----------------------------------------------------------------- gcc-config -l: [1] x86_64-pc-linux-gnu-5.4.0 * [2] x86_64-pc-linux-gnu-5.4.0-hardenednopie [3] x86_64-pc-linux-gnu-5.4.0-hardenednopiessp [4] x86_64-pc-linux-gnu-5.4.0-hardenednossp [5] x86_64-pc-linux-gnu-5.4.0-vanilla Available Python interpreters, in order of preference: [1] python3.4 [2] python2.7 (fallback)
Created attachment 464140 [details] emerge-info.txt
Created attachment 464142 [details] emerge-history.txt
Created attachment 464144 [details] environment
Created attachment 464146 [details] etc.portage.tbz2
Created attachment 464148 [details] sys-apps:busybox-1.26.0:20170217-185101.log
the well known glibc/locale issue I do think
This is an issue I fear. It happens after glibc was re-compiled with -fstack-check=no as requested in bug #608788 FWIW: ================================================================= Package Settings ================================================================= sys-libs/glibc-2.25::gentoo was built with the following: USE="hardened (multilib) rpc -audit -caps -debug -gd -nscd (-profile) (-selinux) -suid -systemtap -vanilla" ABI_X86="64" CFLAGS="-pipe -march=native -Wall -fstack-check=no -O2 -fno-strict-aliasing -fno-stack-protector" CXXFLAGS="-pipe -march=native -O2 -fno-strict-aliasing -fno-stack-protector"
__mempcpy_chk is provided by glibc. please verify the symbol exists in your glibc builds. $ readelf -sW /lib64/libc.so.6 | grep __mempcpy_chk 369: 00000000000f3440 186 IFUNC GLOBAL DEFAULT 12 __mempcpy_chk@@GLIBC_2.3.4 $ readelf -sW /usr/lib64/libc.a | grep __mempcpy_chk 10: 0000000000000000 14 FUNC GLOBAL DEFAULT 1 __mempcpy_chk
*** Bug 611676 has been marked as a duplicate of this bug. ***
Possibly related to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845521? Fixed upstream here http://sourceware.org/git/?p=glibc.git;a=commit;h=380ec16d62f459d5a28cfc25b7b20990c45e1cc9
(In reply to SpanKY from comment #8) tinderbox@mr-fox ~ $ scw img2/hardened_20170217-144156 mr-fox / # readelf -sW /lib64/libc.so.6 | grep __mempcpy_chk 371: 00000000000f61f0 186 IFUNC GLOBAL DEFAULT 11 __mempcpy_chk@@GLIBC_2.3.4 mr-fox / # readelf -sW /usr/lib64/libc.a | grep __mempcpy_chk mr-fox / # exit exit
(In reply to Peter Levine from comment #10) looks like it indeed!
(In reply to SpanKY from comment #12) hmm, that change is related, but doesn't fix this issue. that change is already in glibc-2.25. but the same fix can be applied to __mempcpy_chk. sent a fix upstream: https://sourceware.org/ml/libc-alpha/2017-03/msg00194.html
i've pushed my fix in upstream and added to the 2.25 branch/patchsets rebuild 2.25 to get it