[opensuse-packaging] Base:System: PIE
Hi, AFAIR Base:System had some project settings to compile all binaries with -fPIE for security reasons since some time, right? It seems that this setting is gone: E.g. https://build.opensuse.org/package/live_build_log/Base:System/coreutils/open... ... [ 183s] coreutils.x86_64: W: position-independent-executable-suggested /usr/bin/whoami [ 183s] coreutils.x86_64: W: position-independent-executable-suggested /usr/bin/yes [ 183s] coreutils.x86_64: W: position-independent-executable-suggested /usr/lib64/coreutils/libstdbuf.so [ 183s] This executable should be position independent (all binaries should). Check [ 183s] that it is built with -fPIE/-fpie in compiler flags and -pie in linker flags. [ 183s] [ 183s] coreutils.x86_64: E: non-position-independent-executable (Badness: 10000) /usr/bin/timeout [ 183s] This executable must be position independent. Check that it is built with [ 183s] -fPIE/-fpie in compiler flags and -pie in linker flags. [ 183s] [ 183s] (none): E: badness 10000 exceeds threshold 1000, aborting. [ 183s] 3 packages and 0 specfiles checked; 1 errors, 106 warnings. [ 183s] [ 183s] [ 183s] wildcard2 failed "build coreutils.spec" at Tue Jul 3 08:23:33 UTC 2018. [ 183s] [ 183s] ### VM INTERACTION START ### [ 186s] [ 177.710765] sysrq: SysRq : Power Off [ 186s] [ 177.712977] reboot: Power down [ 186s] ### VM INTERACTION END ### [ 186s] [ 186s] wildcard2 failed "build coreutils.spec" at Tue Jul 3 08:23:37 UTC 2018. [ 186s] Who ate all the pie? ;-) Have a nice day, Berny -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Tue, 3 Jul 2018, Bernhard Voelker wrote:
Hi,
AFAIR Base:System had some project settings to compile all binaries with -fPIE for security reasons since some time, right?
It seems that this setting is gone:
E.g. https://build.opensuse.org/package/live_build_log/Base:System/coreutils/open...
... [ 183s] coreutils.x86_64: W: position-independent-executable-suggested /usr/bin/whoami [ 183s] coreutils.x86_64: W: position-independent-executable-suggested /usr/bin/yes [ 183s] coreutils.x86_64: W: position-independent-executable-suggested /usr/lib64/coreutils/libstdbuf.so [ 183s] This executable should be position independent (all binaries should). Check [ 183s] that it is built with -fPIE/-fpie in compiler flags and -pie in linker flags. [ 183s] [ 183s] coreutils.x86_64: E: non-position-independent-executable (Badness: 10000) /usr/bin/timeout [ 183s] This executable must be position independent. Check that it is built with [ 183s] -fPIE/-fpie in compiler flags and -pie in linker flags. [ 183s] [ 183s] (none): E: badness 10000 exceeds threshold 1000, aborting. [ 183s] 3 packages and 0 specfiles checked; 1 errors, 106 warnings. [ 183s] [ 183s] [ 183s] wildcard2 failed "build coreutils.spec" at Tue Jul 3 08:23:33 UTC 2018. [ 183s] [ 183s] ### VM INTERACTION START ### [ 186s] [ 177.710765] sysrq: SysRq : Power Off [ 186s] [ 177.712977] reboot: Power down [ 186s] ### VM INTERACTION END ### [ 186s] [ 186s] wildcard2 failed "build coreutils.spec" at Tue Jul 3 08:23:37 UTC 2018. [ 186s]
Who ate all the pie? ;-)
[ 13s] [128/139] cumulate gcc-PIE-8-2.1 nothing. I think Thomas updated coreutils but didn't make sure it still builds OK. Richard. -- Richard Biener <rguenther@suse.de> SUSE LINUX GmbH, GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Tue, Jul 03, 2018 at 02:00:52PM +0000, Bernhard Voelker wrote:
Hi,
AFAIR Base:System had some project settings to compile all binaries with -fPIE for security reasons since some time, right?
No its not, but rpmlint/rpmlint-mini do not know that new file 5.33 now identifies PIE executable not as shared objects but as PIE executable. New rpmlint is on the way, compare bug #1097339 Werner
It seems that this setting is gone:
E.g. https://build.opensuse.org/package/live_build_log/Base:System/coreutils/open...
... [ 183s] coreutils.x86_64: W: position-independent-executable-suggested /usr/bin/whoami [ 183s] coreutils.x86_64: W: position-independent-executable-suggested /usr/bin/yes [ 183s] coreutils.x86_64: W: position-independent-executable-suggested /usr/lib64/coreutils/libstdbuf.so [ 183s] This executable should be position independent (all binaries should). Check [ 183s] that it is built with -fPIE/-fpie in compiler flags and -pie in linker flags. [ 183s] [ 183s] coreutils.x86_64: E: non-position-independent-executable (Badness: 10000) /usr/bin/timeout [ 183s] This executable must be position independent. Check that it is built with [ 183s] -fPIE/-fpie in compiler flags and -pie in linker flags. [ 183s] [ 183s] (none): E: badness 10000 exceeds threshold 1000, aborting. [ 183s] 3 packages and 0 specfiles checked; 1 errors, 106 warnings. [ 183s] [ 183s] [ 183s] wildcard2 failed "build coreutils.spec" at Tue Jul 3 08:23:33 UTC 2018. [ 183s] [ 183s] ### VM INTERACTION START ### [ 186s] [ 177.710765] sysrq: SysRq : Power Off [ 186s] [ 177.712977] reboot: Power down [ 186s] ### VM INTERACTION END ### [ 186s] [ 186s] wildcard2 failed "build coreutils.spec" at Tue Jul 3 08:23:37 UTC 2018. [ 186s]
Who ate all the pie? ;-)
Have a nice day, Berny
-- "Having a smoking section in a restaurant is like having a peeing section in a swimming pool." -- Edward Burr
On 07/03/2018 04:21 PM, Dr. Werner Fink wrote:
No its not, but rpmlint/rpmlint-mini do not know that new file 5.33 now identifies PIE executable not as shared objects but as PIE executable.
New rpmlint is on the way, compare bug #1097339
I see, thanks! Have a nice day, Berny -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
participants (3)
-
Bernhard Voelker -
Dr. Werner Fink -
Richard Biener