Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=955276 Bug ID: 955276 Summary: groonga package should be built with PIE flags Product: Fedora Version: 19 Component: groonga Severity: unspecified Priority: unspecified Assignee: dueno(a)redhat.com Reporter: dkholia(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dueno(a)redhat.com, i18n-bugs(a)lists.fedoraproject.org, kenhys(a)gmail.com Category: --- Description of problem: http://fedoraproject.org/wiki/Packaging:Guidelines#PIE says that "you MUST enable the PIE compiler flags if your package is long running ...". However, currently groonga is not being built with PIE flags. This is a clear violation of the packaging guidelines. This issue (in its wider scope) is being discussed at, https://fedorahosted.org/fesco/ticket/1104 https://lists.fedoraproject.org/pipermail/devel/2013-March/180827.html Version-Release number of selected component (if applicable): groonga-httpd-3.0.2-1.fc19.x86_64.rpm How reproducible: You can use following programs to check if a package is hardened: http://people.redhat.com/sgrubb/files/rpm-chksec OR https://github.com/kholia/checksec Steps to Reproduce: Get scanner.py from https://github.com/kholia/checksec $ ./scanner.py groonga-httpd-3.0.2-1.fc19.x86_64.rpm groonga-httpd,groonga-httpd-3.0.2-1.fc19.x86_64.rpm,/usr/sbin/groonga-httpd,NX=Enabled,CANARY=Enabled,RELRO=Partial,PIE=Disabled,RPATH=Disabled,RUNPATH=Disabled,FORTIFY=Enabled,CATEGORY=network-ip -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=uBvDYOaYC2&a=cc_unsubscribe