Source: libfl-dev Version: 2.6.1-1 Severity: important User: [email protected] Usertags: pie-bindnow-20160906 Justification: makes filters FTBFS with extra hardening Affects: filters motif
Dear Maintainers, During a rebuild of all packages in sid, filters failed to build on amd64 with patched GCC and dpkg. The root cause seems to be that libfl_pic.a is shipped as a non-PIC library. The rebuild tested if packages are ready for a transition enabling PIE and bindnow for amd64 (and selected architectures). For more information about the changes to sid's dpkg and GCC please visit: https://wiki.debian.org/Hardening/PIEByDefaultTransition Relevant part of filters's build log: ... flex -t jethro.l > jethro.c cc -o jethro jethro.c -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -lfl -Wl,-z,relro -Wl,-z,now /usr/bin/ld: /usr/lib/x86_64-linux-gnu/libfl_pic.a(libmain.o): relocation R_X86_64_PC32 against symbol `exit@@GLIBC_2.2.5' can not be used when making a shared object; recompile with -fPIC /usr/bin/ld: final link failed: Bad value collect2: error: ld returned 1 exit status Makefile:35: recipe for target 'jethro' failed ... The full build log is available from: https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/filters_2.55-1_amd64.build.gz Thanks, Balint
