Emerging dosemu fails on Hardened Gentoo due to an invalid relocation when building with a PIE-enabled compiler profile. Switching the compiler to a nopie-Profile (or setting LDFLAGS="-nopie") fixes the issue. Reproducible: Always Steps to Reproduce: 1. Install Hardened Gentoo 2. emerge -av "=app-emulation/dosemu-1.4.1_pre20091009" Actual Results: x86_64-pc-linux-gnu-gcc -Wl,-O1 -Wl,--as-needed -Wl,-warn-common -rdynamic tools86.o -o tools86 /usr/lib/gcc/x86_64-pc-linux-gnu/4.4.5/../../../../x86_64-pc-linux-gnu/bin/ld: tools86.o: relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC tools86.o: could not read symbols: Bad value collect2: ld returned 1 exit status Expected Results: Build succeeds. Maybe just add -nopie to LDLAGS? Portage 2.1.10.11 (hardened/linux/amd64, gcc-4.4.5, glibc-2.12.2-r0, 2.6.37-hardened-r7 x86_64) ================================================================= System uname: Linux-2.6.37-hardened-r7-x86_64-AMD_Opteron-tm-_Processor_4122-with-gentoo-2.0.3 Timestamp of tree: Mon, 28 Nov 2011 10:45:01 +0000 app-shells/bash: 4.1_p9 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.6.6-r2, 2.7.1-r1, 3.1.3-r1 dev-util/cmake: 2.8.4-r1 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.8.3-r1 sys-apps/sandbox: 2.4 sys-devel/autoconf: 2.68 sys-devel/automake: 1.10.3, 1.11.1 sys-devel/binutils: 2.21.1-r1 sys-devel/gcc: 4.4.5 sys-devel/gcc-config: 1.4.1-r1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r1 sys-kernel/linux-headers: 2.6.39 (virtual/os-headers) sys-libs/glibc: 2.12.2 Repositories: gentoo Local-Overlay ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=opteron -O2 -pipe -mmmx -msse -msse2 -msse4a -m3dnow -mabm -mfpmath=sse" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=opteron -O2 -pipe -mmmx -msse -msse2 -msse4a -m3dnow -mabm -mfpmath=sse" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--keep-going" FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="" GENTOO_MIRRORS="http://distfiles.gentoo.org" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="3dnow acl acpi amd64 apache2 bash-completion berkdb bzip2 calendar caps cli cracklib crypt cups curl cxx dri gd gdbm gnutls gpm hardened icap-client iconv imap jpeg justify kerberos kolab ldap logrotate mmx modules mudflap multilib mysql mysqli ncurses nls nptl nptlonly openmp pam pax_kernel pcre pppd readline sasl session snmp sse sse2 ssl sysfs syslog tcpd unicode urandom vhosts xml xmlrpc xorg zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
I can confirme the issue, see attached log file "original.log". The package compiles with -nopie (append-ldflags -nopie), see attachement "with-nopie.log". But then it throws this: * QA Notice: Package triggers severe warnings which indicate that it * may exhibit random runtime failures. * /usr/include/bits/stdio2.h:285:2: warning: call to '__fread_chk_warn' declared with attribute warning: fread called with bigger size * nmemb than length of destination buffer This originates from the first 'fread' statement in src/tools/tools86.c. I think it should be: if (fread(&bsd,sizeof(bsd),1,f) != 1 ) { instead of: if (fread(&bsd,sizeof(gnu),1,f) != 1 ) { Attachement "with-nopie-and-fread-fix.log" contains the final log. Attachement "dosemu-1.4.1_pre20091009.ebuild.patch" contains my fix for the ebuild.
Created attachment 333148 [details, diff] Prposed fix for the ebuild
Created attachment 333150 [details] output of emerge --info dosemu
Created attachment 333152 [details] log of unmodified ebuild
Created attachment 333154 [details] log with -nopie
Created attachment 333156 [details] log with -nopie and my fix for the QA warning
Opened bug for the severe warning at upstream: https://sourceforge.net/p/dosemu/bugs/466/
It's a gentoo bug. Proper way to filter PIC flags is to use inherit flag-o-matic filter-flags -pic filter-flags has special meaning on hardend toolchains and should add proper flags. But current dosemu does not seem to need non-pic at all (at least here on amd64). Although needs MPROTECT and RANDMMAP PaX features disables. I've pushed the changes as: >*dosemu-1.4.1_pre20130107-r2 (05 Aug 2013) > > 05 Aug 2013; Sergei Trofimovich <slyfox@gentoo.org> > +dosemu-1.4.1_pre20130107-r2.ebuild, -dosemu-1.4.1_pre20130107-r1.ebuild: > Added basic hardened support (bug #392261 by Daniel Keyhani). Please, give it a try. Thanks!
*** Bug 426540 has been marked as a duplicate of this bug. ***